Ethereal-users: Re: [Ethereal-users] Ethereal and scripting

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: LEGO <luis.ontanon@xxxxxxxxx>
Date: Wed, 31 Aug 2005 05:00:30 +0200
# this should do...

# we fetch info from the radius packets
Pdu radius_pdu Proto radius Transport udp {
	Extract caller From radius.Calling_Number;
	Extract addr From radius.Framed_IP_Address;
};

# we relate all radius packets from the same caller and add the
address to the group
Gop radius_req On radius_pdu (caller) {
	Start(caller);
    Extra (addr);
};

# we fetch the useful info from ip packets
Pdu user_ip Proto ip Transport eth {
	Extract addr From ip.addr;
};

# we group only those ip packets whose address belongs to the pool
Gop user_ip_ses On user_ip (addr ^ "123.45.67.") {
    Start (addr);
};

# we then group both radius and ip groups based on the address and add
the caller number
Gog user_stuff {
    Expiration 1800;
    Member radius_req (addr);
    Member user_ip_ses (addr);
    Extra (caller);
};

Done;

B.T.W. If your files are 100s of megs you might well run out of memory
as MATE (ab)uses lots of memory

Luis

On 8/31/05, LEGO <luis.ontanon@xxxxxxxxx> wrote:
> If I don't remember wrong one of the MATE examples does somehow that...
> 
> It adds to every smtp packet a field with the calling number fetched
> from a radius accounting packet.
> 
> It has to be refined to fit the case but that might do.
> 
> Luis
> 
> On 8/27/05, David Meagher <dmeagher@xxxxxxxxx> wrote:
> > Hi,
> > Does any one know is it possible to do any level of scripting in ethereal?
> > i've got a few 100mb+ captures, which takes a while to filter through
> > to find what i'm looking for.
> >
> > to do something like:
> > ip.addr == (select radius.Framed_IP_Address from radius where
> > radius.Calling_Station_Id == "1234567890")
> >
> > The select/from/where syntax is just used as an example.
> >
> > I was hoping that there is some option within the ethereal console (or
> > soemthing similar) that would allow this.
> >
> > Regards,
> > David
> >
> > _______________________________________________
> > Ethereal-users mailing list
> > Ethereal-users@xxxxxxxxxxxx
> > http://www.ethereal.com/mailman/listinfo/ethereal-users
> >
> 
> 
> --
> This information is top security. When you have read it, destroy yourself.
> -- Marshall McLuhan
> 


-- 
This information is top security. When you have read it, destroy yourself.
-- Marshall McLuhan