用lua为wireshark开发的一个smpp+自定义解析插件
2014-12-02 14:56
621 查看
--新建协议 zc_smpp_plus = Proto("zc_smpp_plus","Use for ZC SMPP+ Query","ZC smpp plus Protocol") --定义协议字段 local f_Command_Length = ProtoField.uint32("zc_smpp_plus.Command_Length", "Command_Length", base.DEC) local f_Command_ID = ProtoField.uint16("zc_smpp_plus.Command_ID", "Command_ID", base.HEX, {[0x00000011]="sm_sub",[0x80000011]="sm_sub_resp"}) local f_Command_status = ProtoField.uint32("zc_smpp_plus.Command_status", "Command_status", base.DEC) local f_Sequence_No = ProtoField.uint32("zc_smpp_plus.Sequence_No", "Sequence_No", base.DEC) local f_SN = ProtoField.string("zc_smpp_plus.SN", "SN") local f_NetType = ProtoField.uint32("zc_smpp_plus.NetType", "NetType", base.DEC, {[0]="CDMA",[1]="GSM"}) local f_CallingMsdn = ProtoField.string("zc_smpp_plus.CallingMsdn", "CallingMsdn") local f_CalledMsdn = ProtoField.string("zc_smpp_plus.CalledMsdn", "CalledMsdn") local f_CallTime = ProtoField.string("zc_smpp_plus.CallTime", "CallTime") local f_Pay_msdn = ProtoField.string("zc_smpp_plus.Pay_msdn", "Pay_msdn") local f_servicekey = ProtoField.uint32("zc_smpp_plus.servicekey", "servicekey", base.DEC, {[1]="PPC",[2]="UAS",[3]="PPS"}) local f_FeeValue = ProtoField.uint32("zc_smpp_plus.FeeValue", "FeeValue", base.DEC) local f_SvcType = ProtoField.uint32("zc_smpp_plus.SvcType", "SvcType", base.DEC, {[1]="P2P",[2]="sp2p",[100]="DATA",[101]="WAP",[102]="Java",[103]="BREW"}) local f_Forbideid = ProtoField.uint32("zc_smpp_plus.Forbideid", "Forbideid", base.DEC, {[0]="NO",[1]="YES"}) local f_SM_Result = ProtoField.uint32("zc_smpp_plus.SM_Result", "SM_Result", base.DEC) local f_Balance = ProtoField.uint32("zc_smpp_plus.Balance", "Balance", base.DEC) --将协议字段添加到协议中 zc_smpp_plus.fields = {f_Command_Length, f_Command_ID, f_Command_status, f_Sequence_No, f_SN, f_NetType, f_CallingMsdn, f_CalledMsdn, f_CallTime, f_Pay_msdn, f_servicekey, f_FeeValue, f_SvcType, f_Forbideid, f_SM_Result, f_Balance} --建立协议适配器 function zc_smpp_plus.dissector(buffer, pinfo, tree) --设置pinfo窗口“协议”字段现实的协议名称 pinfo.cols.protocol:set("ZC_SMPP_PLUS") --获取协议协议字节长度 local v_buffer_len = buffer:len() if v_buffer_len >= 1 then --截取协议字段 local v_head = buffer(0, 16) local v_Command_ID = v_head(4, 4) local v_body = buffer(16, v_buffer_len - 16) --初始tree窗口协议树 local t = tree:add(zc_smpp_plus, buffer(0, v_buffer_len), "zc_smpp_plus Query info") local th = t.add(t,v_head, "SMPP+ Head info") local tb = t.add(t,v_body, "SMPP+ Body info") --在树指定分支添加解析后字段 th:add(f_Command_Length, v_head(0, 4)) th:add(f_Command_ID, v_Command_ID) th:add(f_Command_status, v_head(8, 4)) th:add(f_Sequence_No, v_head(12, 4)) --设置一些pinfo窗口info字段内容 pinfo.cols.info:set("Command_ID = ".. v_Command_ID) --判断消息体类型,分别解析 if v_Command_ID:uint() == 0x00000011 then tb:add(f_SN, v_body(0, 21)) tb:add(f_NetType, v_body(21, 1)) tb:add(f_CallingMsdn, v_body(22, 14)) tb:add(f_CalledMsdn, v_body(36, 14)) tb:add(f_CallTime, v_body(50, 15)) tb:add(f_Pay_msdn, v_body(65, 14)) tb:add(f_servicekey, v_body(79, 1)) tb:add(f_FeeValue, v_body(80, 4)) tb:add(f_SvcType, v_body(84, 1)) tb:add(f_Forbideid, v_body(85, 1)) elseif v_Command_ID:uint() == 0x80000011 then tb:add(f_SM_Result, v_body(0, 1)) tb:add(f_Balance, v_body(1, 4)) else t:add(zc_smpp_plus, "undef body v_Command_ID=" .. v_Command_ID) return end else pinfo.cols.info:set("Invalid MessageType("..v_Command_ID..")") return end return end --获取DissectorTable local tcp_port_table = DissectorTable.get("tcp.port") --将指定端口映射 tcp_port_table:add(1575, zc_smpp_plus)
--init.lua中插入 dofile(DATA_DIR..'lua_script\\ZCSmppPlus.lua')
相关文章推荐
- 学习wireshark的lua插件(写一个lua脚本来解析协议)
- wireshark插件开发 - Lua插件解析
- 学习wireshark的lua插件(写一个lua脚本来解析协议)
- 使用Lua脚本为wireshark编写自定义通信协议解析器插件 .
- jQuery命名空间,自定义空间及属性,插件开发全解析
- 使用 lua 编写 wireshark 协议解析插件
- wireshark插件开发 - C插件解析
- 使用Lua脚本为wireshark编写自定义通信协议解析器插件
- 请教大家关于wireshark添加lua自定义规则解析模块的问题
- LUA插件开发——wireshark插件开发
- jQuery命名空间,自定义空间及属性,插件开发全解析 (转)
- h264_export.lua: 一个从RTP抓包里导出H.264 Payload,变成264裸码流文件(xxx.264)的Wireshark插件
- jQuery命名空间,自定义空间及属性,插件开发全解析
- jQuery命名空间,自定义空间及属性,插件开发全解析
- 使用 lua 编写 wireshark 协议解析插件
- 使用Lua脚本为wireshark编写自定义通信协议解析器插件
- jQuery命名空间,自定义空间及属性,插件开发全解析
- 【wireshark】插件开发(三):Lua插件 Dissector
- 【wireshark】插件开发(四):Lua插件Post-dissector和Listener
- IE浏览器右键菜单插件开发(上篇)——自定义一个IE右键菜单项