Hi, Lets say I have a packet that looks like this : [ETH, IP, HEADER, PAYLOAD, HEADER, PAYLOAD] My Header consists of header.x1 header.x2 and header.x3 and payload is payload.x1 and payload.x2. I want to use a lua tap to calculate how many [header, payload] packets a file consists of. So in this case, it is just one IP packet, but consist of two packets with [header, payload]. I have a lua tap that goes like this : -- simple_http.lua -- implements a very simple tap in Lua -- this is going to be our counter http_packets = 0 -- this is going to be our tap tap_http = nil -- first we declare the tap called "http tap" with the filter it is going to use tap_http = Listener.new(nil,"header.x1 == 2") -- this function will get called at the end(3) of the capture to print the summary function tap_http.draw() end -- this function is going to be called once each time the filter of the tap matches function tap_http.packet() end -- this function will be called at the end of the capture run function tap_http.reset() end Now the problem with this however, is that it will count the above packet only as +1. It will only read the first header.x1, and if this is 2 it will add +1. But if the other bundled header.x2 also is two, it will not be included in the calculation. How can I make this tap read all the budled packets from this IP packet? Thank you very much in advance BR Harkap asked 22 Apr '13, 02:01  harkap |
One Answer:
I'd do it by using generic tap, and an extractor. Now depending on your protocol it will be either common extractor for same field type that returns a table or two separate extractors. Code below is not tested but you should get the idea Also: Check out this question: How to get multiple values from items Check out this question: Multiple instances of a protocol in one frame answered 23 Apr ‘13, 00:39  izopizo edited 23 Apr ‘13, 00:41 |
