BITMAUL is a LUA helper library to help you write protocol dissectors.
It consists of two libs you can use independently.
- sweepbuf : Extract protocol fields from a chunk of bytes Sweepbuf docs
- pdurecord : Constructs TCP records from bytestream PDURecord docs
Just put the files
sweepbuf.luaandpdurecord.luain the same directory as your LUA scripts.
Sweepbuf works on a LUA string which represents a network payload byte array. The library maintains an internal "pointer" so you can use methods like next_XYZ(..) to extract fields. Common network idioms like endian-ness, searching for terminators, looping over attribute values, are all supported.
A common first step in any stream based packet dissection is breaking up a bytestream into Protocol Data Units (PDUs also know as records/messages). PDURecord is a tiny library that makes it really easy to do this.
- for a TCP based analyzer which needs reassembly, you typically need to use both PDURecord and SweepBuf
- for a UDP/Ethernet analyzer, which does not need reassembly, you only need SweepBuf
Take a look at the TCP Analyzer example for a feel for what SweepBuf looks like
For more, see the examples directory