Wireshark-dev: Re: [Wireshark-dev] extracting isup payload from sigtran / ss7 packets
Date Index · Thread Index · Other Months · All Mailing Lists
Date Prev · Date Next · Thread Prev · Thread Next
From: Hadriel Kaplan <HKaplan@xxxxxxxxxxxxxx>
Date: Fri, 29 Mar 2013 05:19:06 +0000
Hi Cristian - thanks for example script!  
Comments inline...


On Mar 20, 2013, at 1:11 PM, Cristian Constantin <const.crist@xxxxxxxxxxxxxx> wrote:

> hi!
> I attach a lua script that can extract and dump in a separate file
> isup payloads from either sigtran or ss7 packets.

Do you have a sample capture file to test it against?  The only ones I have with ISUP don't have the data tag you're exporting.


> it can be used as an example on how to extract and manipulate binary
> fields from packets;
> I did not find any other one when I was looking for it.
> for using it you have to download and compile the "struct.so" module from here:
> http://www.inf.puc-rio.br/~roberto/struct/

There are some others out there - some a superset of Roberto's, some completely different.  In your particular case I don't think you needed it - you can convert a number to a little-endian 2-byte/short value with plain Lua, and you can just write binary directly to a file too.

For example instead of this:

    local len = len_number-16
    if(1==debug) then
        print("isup len:", len)
    end
    -- use the i-th isup payload
    len_bin = lib.pack('<H', len)
    for b in string.gfind(len_bin, ".") do
        file:write(b)
    end

Do this:

    local len = len_number-16
    file:write( string.char(len % 256, math.floor(len / 256)) )

-hadriel