Class coroner.app.dissector

A dissector application.

The module expects a table to be passed, populated with functions. Table keys match a protocol name or a special symbol. The module goes through the content of a capture file, frame by frame, dissecting individual packets inside of a frame. If a hook is defined for a matching protocol or for a special symbol, the hooked function is called.

Tables

coroner.app.dissector.link_type A list of supported link-types.
coroner.app.dissector.proto A list of supported protocols.

Methods

coroner.app.dissector:set_hooks (hooks) Set a hook table where the key names correspond to a protocol name or a symbol.
coroner.app.dissector:set_sigaction (func) Set a function that should be called if a signal is delivered.
coroner.app.dissector:run () Run application.
coroner.app.dissector:get_error () Get last error message.


Tables

coroner.app.dissector.link_type
A list of supported link-types.

Fields:

  • EN10MB
coroner.app.dissector.proto
A list of supported protocols.

Fields:

  • eth Ethernet II
  • ip Internet protocol version 4
  • ipv6 Internet protocol version 6
  • tcp Transmission Control Protocol (TCP)
  • udp User Datagram Protocol (UDP)
  • icmp Internet Control Message Protocol (ICMP)
  • http Hypertext Transfer Protocol (HTTP)

Methods

coroner.app.dissector:set_hooks (hooks)
Set a hook table where the key names correspond to a protocol name or a symbol.

@ -- run at the beginning of each input file, before any frames are processed. A name of a input file is passed as a first argument, followed by a link-type.

. (dot) -- run at the end of each input file, after all frames were processed. No parameters are passed to this hook function.

^ (caret) -- run for each frame before any packets inside the frame are processed. A timestamp of capture and relative frame number is passed to the hook function.

$ -- run for each frame after all packets inside a frame were processed. A timestamp of capture and relative frame number is passed to the hook function.

* (asterisk) -- run for any packet. An object corresponding to one of the packet dissectors (i.e. tcp) is passed to the hook function, followed by frame timestamp and relative frame number.

? -- run for any packet that has no corresponding dissector. Callback function expects three parameters: packet object (special dummy dissector), frame timestamp and relative frame number.

protocol -- run for each occurence of a protocol matching the name protocol (i.e. tcp). An object corresponding to one of the packet dissectors (i.e. tcp) is passed to the hook function, followed by timestamp and relative frame number.

Parameters:

  • hooks table A key in a table is used to match a protocol name or a special hook name. The value stored in each key must be a function.

Returns:

    boolean True on success, false on failure (error message is set).
coroner.app.dissector:set_sigaction (func)
Set a function that should be called if a signal is delivered.

Parameters:

  • func function Function to call.

Returns:

    boolean True on success, false on failure (error message is set).
coroner.app.dissector:run ()
Run application.

Returns:

    table
coroner.app.dissector:get_error ()
Get last error message.

Returns:

    string Error message.
generated by LDoc 1.4.3 Last updated 2016-08-15 00:59:34