[ann]pcaplua

lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Subject: [ann]pcaplua
From: Javier Guerra Giraldez <javier@...>
Date: Wed, 3 Nov 2010 01:21:54 -0500

yep, a binding for libpcap (http://www.tcpdump.org/)

hosted at http://github.com/javierguerragiraldez/pcaplua

sample usage, this prints the IP number and port of any tcp connection
except ssh:

----------------- sample.lua --------------------------
local p = require "pcaplua"

local cap,devname=pcaplua.new_live_capture ()
print ('using device:', devname)

cap:set_filter ('port not 22')

local starttime = os.time()
local eth,ip,tcp = {},{},{}
cap:setcallback (function (pkt, t, len)
	p.decode_ethernet(pkt,eth)
	p.decode_ip(eth.content, ip)
	if ip.proto == 6 then
		p.decode_tcp(ip.content, tcp)
		if tcp.f_syn and not tcp.f_ack then
			print (string.format("%f  %s:%d => %s:%d", t,
					ip.src, tcp.source_port,
					ip.dst, tcp.dest_port))
		end
	end
end)

print (cap:loop (0))
---------------------------------------------------------------


-- 
Javier

Follow-Ups:
- Re: [ann]pcaplua, Patrick Donnelly

Prev by Date: Re: Lake
Next by Date: Re: Lake
Previous by thread: Re: Lake
Next by thread: Re: [ann]pcaplua
Index(es):
- Date
- Thread