blob: 3eab4f4c7b452782fb1230a86785b9efcf3fbfbf (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
|
#!/usr/bin/env dnsjit
local pcap = arg[2]
local compression = arg[3]
if pcap == nil then
print("usage: "..arg[1].." <pcap> [compression]")
return
end
local object = require("dnsjit.core.objects")
local input = require("dnsjit.input.pcap").new()
local zinput = require("dnsjit.input.zpcap").new()
local layer = require("dnsjit.filter.layer").new()
local dns = require("dnsjit.core.object.dns").new()
if string.lower(string.sub(pcap, -4)) == ".zst" or compression == "zstd" then
zinput:zstd()
zinput:open(pcap)
layer:producer(zinput)
elseif string.lower(string.sub(pcap, -4)) == ".lz4" or compression == "lz4" then
zinput:lz4()
zinput:open(pcap)
layer:producer(zinput)
else
input:open_offline(pcap)
layer:producer(input)
end
local producer, ctx = layer:produce()
while true do
local obj = producer(ctx)
if obj == nil then break end
local pl = obj:cast()
if obj:type() == "payload" and pl.len > 0 then
local transport = obj.obj_prev
while transport ~= nil do
if transport.obj_type == object.IP or transport.obj_type == object.IP6 then
break
end
transport = transport.obj_prev
end
local protocol = obj.obj_prev
while protocol ~= nil do
if protocol.obj_type == object.UDP or protocol.obj_type == object.TCP then
break
end
protocol = protocol.obj_prev
end
dns:reset()
if protocol ~= nil and protocol.obj_type == object.TCP then
dns.includes_dnslen = 1
end
dns.obj_prev = obj
if transport ~= nil and protocol ~= nil then
transport = transport:cast()
protocol = protocol:cast()
print(protocol:type().." "..transport:source()..":"..tonumber(protocol.sport).." -> "..transport:destination()..":"..tonumber(protocol.dport))
dns:print()
end
end
end
|
