portal插件咨询
- 0关注
- 0收藏,1012浏览
最佳答案
--[[
code
--]]
do
--[[
创建一个新的协议结构 portal_proto
第一个参数是协议名称会体现在过滤器中
第二个参数是协议的描述信息,无关紧要
--]]
local portal_proto = Proto("portal", "Portal Protocol")
local attribute_proto = Proto("attribute", "Portal Attributes:")
--[[
下面定义字段
--]]
local portal_types = {
[1]="REQ_CHALLENGE",
[2]="ACK_CHALLENGE",
[3]="REQ_AUTH",
[4]="ACK_AUTH",
[5]="REQ_LOGOUT",
[6]="ACK_LOGOUT",
[7]="AFF_ACK_AUTH",
[8]="NTF_LOGOUT",
[9]="REQ_INFO",
[10]="ACK_INFO",
[11]="NTF_USERDISCOVER",
[12]="NTF_USERIPCHANGE",
[13]="ACK_NTF_LOGOUT",
[14]="NTF_HEARTBEAT",
[15]="NTF_USER_HEARTBEAT",
[16]="ACK_NTF_USER_HEARTBEAT",
[17]="NTF_CHALLENGE",
[18]="NTF_USER_NOTIFY",
[19]="AFF_NTF_USER_NOTIFY",
[48]="REQ_MACBINDING_INFO",
[49]="ACK_MACBINDING_INFO",
[50]="NTF_MACUSER_LOGON",
[51]="NTF_MACUSER_LOGOUT"
}
local version = ProtoField.uint8("portal.version", "Version", base.DEC, {[1]="Version 1", [2]="Version 2"}, 0x00)
local code_type = ProtoField.uint8("portal.type", "Type", base.DEC, portal_types)
local pap_chap = ProtoField.uint8("portal.papchap", "Pap/Chap", base.DEC, {[0]="CHAP",[1]="PAP"}, 0x00)
local reserved = ProtoField.uint8("portal.reserved", "Rsvd", base.DEC)
local serial_no = ProtoField.uint16("portal.serialno", "SerialNo", base.HEX)
local req_id = ProtoField.uint16("portal.reqid", "ReqID", base.HEX)
local user_ip = ProtoField.ipv4("portal.userip", "UserIP")
local user_port = ProtoField.uint16("portal.userport", "UserPort", base.HEX)
local err_code = ProtoField.uint8("portal.errcode", "ErrCode", base.DEC)
local attr_num = ProtoField.uint8("portal.attrnum", "AttrNum", base.DEC)
local authenticator = ProtoField.bytes("portal.authenticator", "Authenticator")
local user_name = ProtoField.string("portal.username", "UserName")
local user_password = ProtoField.string("portal.password", "Password")
local challenge = ProtoField.bytes("portal.challenge", "Challenge")
local user_chappasswd = ProtoField.bytes("portal.chappasswd", "ChapPasswd")
local textinfo = ProtoField.string("portal.textinfo", "TextInfo")
local bas_ip = ProtoField.ipv4("portal.basip", "BasIp")
local session_id = ProtoField.bytes("portal.sessionid", "SessionId")
local userport = ProtoField.string("portal.userport", "UserPort")
local upLinkflux = ProtoField.uint8("portal.upLinkflux", "UpLinkFlux")
local downLinkflux = ProtoField.uint8("portal.downLinkflux", "DownLinkFlux")
local ipcOnfig= ProtoField.ipv4("portal.ipconfig", "IPConfig")
local delaytime = ProtoField.relative_time("portal.delaytime", "DelayTime")
local userlist = ProtoField.ipv4("portal.userlist", "UserList")
local eapmessage = ProtoField.string("portal.eapmessage", "EapMessage")
local usernotify = ProtoField.string("portal.usernotify", "UserNotify")
local unknow = ProtoField.string("portal.unknow", "UnKnow")
-- 将字段添加都协议中
portal_proto.fields = {
version,
code_type,
pap_chap,
reserved,
serial_no,
req_id,
user_ip,
user_port,
err_code,
attr_num,
authenticator,
user_name,
user_password,
challenge,
user_chappasswd,
textinfo,
bas_ip,
session_id,
upLinkflux,
downLinkflux,
ipconfig,
delaytime,
userlist,
eapmessage,
usernotify,
userport,
unknow
}
--[[
下面定义 portal 解析器的主函数,这个函数由 wireshark调用
第一个参数是 Tvb 类型,表示的是需要此解析器解析的数据
第二个参数是 Pinfo 类型,是协议解析树上的信息,包括 UI 上的显示
第三个参数是 TreeItem 类型,表示上一级解析树
--]]
function portal_proto.dissector(tvb, pinfo, treeitem)
-- 设置一些 UI 上面的信息
pinfo.cols.protocol:set("Portal")
local offset = 0
local tvb_len = tvb:len()
-- 在上一级解析树上创建 portal 的根节点
local portal_tree = treeitem:add(portal_proto, tvb:range(offset))
-- 下面是向该根节点上添加子节点,也就是自定义协议的各个字段
-- 注意 range 这个方法的两个参数的意义,第一个表示此时的偏移量
-- 第二个参数代表的是字段占用数据的长度
portal_tree:add(version, tvb:range(offset, 1))
local ver_value = tvb(offset, 1):uint()
offset = offset + 1
local req_type = tvb(offset, 1):uint()
portal_tree:add(code_type, tvb:range(offset, 1))
if req_type == 1 then
***.***:set("REQ_CHALLENGE")
end
if req_type == 2 then
***.***:set("ACK_CHALLENGE")
end
if req_type == 3 then
***.***:set("REQ_AUTH")
end
if req_type == 4 then
***.***:set("ACK_AUTH")
end
if req_type == 5 then
***.***:set("REQ_LOGOUT")
end
if req_type == 6 then
***.***:set("ACK_LOGOUT")
end
if req_type == 7 then
***.***:set("AFF_ACK_AUTH")
end
if req_type == 8 then
***.***:set("NTF_LOGOUT")
end
if req_type == 9 then
***.***:set("REQ_INFO")
end
if req_type == 10 then
***.***:set("Portal ACK_INFO")
end
if req_type == 11 then
***.***:set("Portal NTF_USERDISCOVER")
end
if req_type == 12 then
***.***:set("Portal NTF_USERIPCHANGE")
end
if req_type == 13 then
***.***:set("Portal ACK_NTF_LOGOUT")
end
if req_type == 14 then
***.***:set("Portal NTF_HEARTBEAT")
end
if req_type == 15 then
***.***:set("Portal NTF_USER_HEARTBEAT")
end
if req_type == 16 then
***.***:set("Portal ACK_NTF_USER_HEARTBEAT")
end
if req_type == 17 then
***.***:set("Portal NTF_CHALLENGE")
end
if req_type == 18 then
***.***:set("Portal NTF_USER_NOTIFY")
end
if req_type == 19 then
***.***:set("Portal AFF_NTF_USER_NOTIFY")
end
if req_type == 48 then
***.***:set("Portal REQ_MACBINDING_INFO")
end
if req_type == 49 then
***.***:set("Portal ACK_MACBINDING_INFO")
end
if req_type == 50 then
***.***:set("Portal NTF_MACUSER_LOGON")
end
if req_type == 51 then
***.***:set("Portal NTF_MACUSER_LOGOUT")
end
offset = offset + 1
portal_tree:add(pap_chap, tvb:range(offset, 1))
offset = offset + 1
portal_tree:add(reserved, tvb:range(offset, 1))
offset = offset + 1
portal_tree:add(serial_no, tvb:range(offset, 2))
offset = offset + 2
portal_tree:add(req_id, tvb:range(offset, 2))
offset = offset + 2
portal_tree:add(user_ip, tvb:range(offset, 4))
offset = offset + 4
portal_tree:add(user_port, tvb:range(offset, 2))
offset = offset + 2
portal_tree:add(err_code, tvb:range(offset, 1))
offset = offset + 1
portal_tree:add(attr_num, tvb:range(offset, 1))
local attr_num = tvb(offset, 1):uint()
offset = offset + 1
if ver_value == 0x02 then
if tvb_len - offset >= 16 then
portal_tree:add(authenticator, tvb:range(offset, 16))
end
offset = offset + 16
end
if attr_num > 0 then
local attribute_tree = portal_tree:add(attribute_proto, tvb:range(offset))
attribute_tree:set_text("Attributes:")
local attr_type = tvb(offset, 1):uint()
for i = 0,attr_num do
if attr_type == 1 then
local length = tvb(offset + 1, 1):uint()
attribute_tree:add(user_name, tvb:range(offset + 2, length - 2))
offset = offset + length
if tvb_len - offset > 0 then
attr_type = tvb(offset, 1):uint()
end
attribute_tree:append_text("User-Name,")
end
if attr_type == 2 then
local length = tvb(offset + 1, 1):uint()
attribute_tree:add(user_password, tvb:range(offset + 2, length - 2))
offset = offset + length
if tvb_len - offset > 0 then
attr_type = tvb(offset, 1):uint()
end
attribute_tree:append_text("Passowrd,")
end
if attr_type == 3 then
local length = tvb(offset + 1, 1):uint()
attribute_tree:add(challenge, tvb:range(offset + 2, length - 2))
offset = offset + length
if tvb_len - offset > 0 then
attr_type = tvb(offset, 1):uint()
end
attribute_tree:append_text("Challenge,")
end
if attr_type == 4 then
local length = tvb(offset + 1, 1):uint()
attribute_tree:add(user_chappasswd, tvb:range(offset + 2, length - 2))
offset = offset + length
if tvb_len - offset > 0 then
attr_type = tvb(offset, 1):uint()
end
attribute_tree:append_text("Chap-Password,")
end
if attr_type == 5 then
local length = tvb(offset + 1, 1):uint()
attribute_tree:add(textinfo, tvb:range(offset + 2, length - 2))
offset = offset + length
if tvb_len - offset > 0 then
attr_type = tvb(offset, 1):uint()
end
attribute_tree:append_text("TextInfo,")
end
if attr_type == 6 then
local length = tvb(offset + 1, 1):uint()
attribute_tree:add(upLinkflux, tvb:range(offset + 2, length - 2))
offset = offset + length
if tvb_len - offset > 0 then
attr_type = tvb(offset, 1):uint()
end
attribute_tree:append_text("UpLinkFlux,")
end
if attr_type == 7 then
local length = tvb(offset + 1, 1):uint()
attribute_tree:add(downLinkflux, tvb:range(offset + 2, length - 2))
offset = offset + length
if tvb_len - offset > 0 then
attr_type = tvb(offset, 1):uint()
end
attribute_tree:append_text("DownLinkFlux,")
end
if attr_type == 8 then
local length = tvb(offset + 1, 1):uint()
attribute_tree:add(userport, tvb:range(offset + 2, length - 2))
offset = offset + length
if tvb_len - offset > 0 then
attr_type = tvb(offset, 1):uint()
end
attribute_tree:append_text("Port,")
end
if attr_type == 9 then
local length = tvb(offset + 1, 1):uint()
attribute_tree:add(ipconfig, tvb:range(offset + 2, length - 2))
offset = offset + length
if tvb_len - offset > 0 then
attr_type = tvb(offset, 1):uint()
end
attribute_tree:append_text("IP-Config,")
end
if attr_type == 10 then
local length = tvb(offset + 1, 1):uint()
attribute_tree:add(bas_ip, tvb:range(offset + 2, length - 2))
offset = offset + length
if tvb_len - offset > 0 then
attr_type = tvb(offset, 1):uint()
end
attribute_tree:append_text("BasIp,")
end
if attr_type == 11 then
local length = tvb(offset + 1, 1):uint()
attribute_tree:add(session_id, tvb:range(offset + 2, length - 2))
offset = offset + length
if tvb_len - offset > 0 then
attr_type = tvb(offset, 1):uint()
end
attribute_tree:append_text("Session-Id,")
end
if attr_type == 12 then
local length = tvb(offset + 1, 1):uint()
attribute_tree:add(delaytime, tvb:range(offset + 2, length - 2))
offset = offset + length
if tvb_len - offset > 0 then
attr_type = tvb(offset, 1):uint()
end
attribute_tree:append_text("Delay-Time,")
end
if attr_type == 13 then
local length = tvb(offset + 1, 1):uint()
attribute_tree:add(userlist, tvb:range(offset + 2, length - 2))
offset = offset + length
if tvb_len - offset > 0 then
attr_type = tvb(offset, 1):uint()
end
attribute_tree:append_text("User-List,")
end
if attr_type == 14 then
local length = tvb(offset + 1, 1):uint()
attribute_tree:add(eapmessage, tvb:range(offset + 2, length - 2))
offset = offset + length
if tvb_len - offset > 0 then
attr_type = tvb(offset, 1):uint()
end
attribute_tree:append_text("EAP-Message,")
end
if attr_type == 15 then
local length = tvb(offset + 1, 1):uint()
attribute_tree:add(usernotify, tvb:range(offset + 2, length - 2))
offset = offset + length
if tvb_len - offset > 0 then
attr_type = tvb(offset, 1):uint()
end
attribute_tree:append_text("User-Notify,")
end
if attr_type > 16 then
local length = tvb(offset + 1, 1):uint()
attribute_tree:add(unknow, tvb:range(offset + 2, length - 2))
offset = offset + length
if tvb_len - offset > 0 then
attr_type = tvb(offset, 1):uint()
end
attribute_tree:append_text("UnKnow,")
end
end
end
end
-- 向 wireshark 注册协议插件被调用的条件
local upd_port_table = DissectorTable.get("udp.port")
upd_port_table:add(2000, portal_proto)
end
您可能需要在Wireshark中安装一个名为"cupid.lua"的插件,而不是"portal"插件。要安装"cupid.lua"插件,请按照以下步骤操作:
1. 将"cupid.lua"文件复制到Wireshark的安装目录,例如"C:\Program Files\Wireshark"。
2. 在安装目录中找到"init.lua"文件,使用文本编辑器打开。
3. 在文件末尾的"dofile(DATA_DIR.."console.lua")"行后添加一行代码:
```
dofile(DATA_DIR.."cupid.lua")
```
4. 保存并关闭文件。
完成上述步骤后,Wireshark将加载"cupid.lua"插件。如果您需要安装其他插件,例如"portal"插件,请提供更详细的信息,以便我可以为您提供更准确的指导。
- 2025-03-13回答
- 评论(1)
- 举报
-
(0)
文件有吗,发我一下吧
文件有吗,发我一下吧
常见问题处理
| 问题现象 | 解决方案 | |
|---|---|---|
过滤器无portal协议 | 检查portal.lua路径是否正确,确认init.lua已修改 | |
| Lua支持未生效 | 升级Wireshark版本或重新编译启用Lua | |
| 协议字段解析错误 | 检查Lua脚本语法(如字段偏移量定义是否准确) |
- 2025-03-13回答
- 评论(0)
- 举报
-
(0)
编辑答案
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作
举报
×
侵犯我的权益
×
侵犯了我企业的权益
×
- 1. 您举报的内容是什么?(请在邮件中列出您举报的内容和链接地址)
- 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
- 3. 是哪家企业?(营业执照,单位登记证明等证件)
- 4. 您与该企业的关系是?(您是企业法人或被授权人,需提供企业委托授权书)
抄袭了我的内容
×
原文链接或出处
诽谤我
×
- 1. 您举报的内容以及侵犯了您什么权益?(请在邮件中列出您举报的内容、链接地址,并给出简短的说明)
- 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
对根叔社区有害的内容
×
不规范转载
×
举报说明