A Packet Dissection Framework

About

Coroner is a packet dissection framework for capdiss — a runtime environment for reading capture files.

Coroner is a free software licensed under GPLv2.

Features

Source

     

Docs

Example

local coroner = require ("coroner")

local frame_cnt, ipframe_cnt = 0

local hooks = {
	-- Run for each input file.
	["@"] = function (filename, linktype)
		print (("Reading a file '%s' (%s)"):format (filename, linktype))
		frame_cnt = 0
		ipframe_cnt = 0
	end,

	-- Run at a beginning of each frame.
	["^"] = function (ts, num)
		frame_cnt = frame_cnt + 1
	end,

	-- Run for each IP packet.
	["ip"] = function (packet, ts, num)
		print (("[%05d] IP : %s -> %s"):format (num, packet:get_saddr ():color ("green"), packet:get_daddr ():color ("green")))
		ipframe_cnt = ipframe_cnt + 1
	end,

	-- Run after all data in a file were processed.
	["."] = function ()
		print (("%d IP packets out of %d."):format (ipframe_cnt, frame_cnt))
	end
}

local app = coroner.new_app (coroner.app.type.DISSECTOR)

if not app:set_hooks (hooks) then
	error (app:get_error ())
end

return app:run ()

Installation

$ sudo luarocks install coroner

CodeWard