Paste number 71542: simple dissector

Paste number 71542: simple dissector
Pasted by: xristos
When:7 months, 1 hour ago
Share:Tweet this! | http://paste.lisp.org/+1J7A
Channel:None
Paste contents:
Raw Source | XML | Display As 
; load plokami, choronzon, flexi-streams

(in-package :choronzon)

(defun dissector (sec usec caplen len buffer)
             (let* ((stream (flexi-streams:make-in-memory-input-stream buffer))
                    (datalink (read-value 'ether stream))
                    (type (ether-type datalink))
                    (packet (list datalink)))
               (cond ((= type #x0800) ; ipv4
                      (let ((internet (read-value 'ipv4 stream)))
                        (push internet packet)
                        (with-slots (proto) internet
                          (cond ((= proto 1) ; icmp
                                 (push (read-value 'icmp stream) packet))
                                ((= proto 6) ; tcp
                                 (push (read-value 'tcp stream) packet))
                                ((= proto 17) ; udp
                                 (push (read-value 'udp stream) packet))))))
                     ((= type #x0806) ; arp
                      (push (read-value 'arp stream) packet)))
               (format t "~A~%" packet)))

(plokami:with-pcap-interface (pcap "en1" :snaplen 1500)
             (loop
                  (plokami:capture pcap -1 #'dissector)))


(#<UDP {1597E4D9}>
 #<IPV4 VERSION=4 IHL=5 TOS=0 LEN=70 ID=17857 FLAGS=0 FRAG=0 TTL=105 PROTO=17 [UDP] CHKSUM=0xAFB8 SRC=193.77.216.245 DST=192.168.1.66 OPTIONS=#()>
 #<ETHER DST=00:16:CB:B7:37:39 SRC=00:1F:9F:12:57:BA TYPE=0x0800 [IPV4]>)

(#<UDP {159B8209}>
 #<IPV4 VERSION=4 IHL=5 TOS=0 LEN=108 ID=32911 FLAGS=0 FRAG=0 TTL=64 PROTO=17 [UDP] CHKSUM=0x9DC4 SRC=192.168.1.66 DST=193.77.216.245 OPTIONS=#()>
 #<ETHER DST=00:1F:9F:12:57:BA SRC=00:16:CB:B7:37:39 TYPE=0x0800 [IPV4]>)

(#<UDP {159E78B9}>
 #<IPV4 VERSION=4 IHL=5 TOS=0 LEN=93 ID=29815 FLAGS=0 FRAG=0 TTL=111 PROTO=17 [UDP] CHKSUM=0xC745 SRC=70.49.7.184 DST=192.168.1.66 OPTIONS=#()>
 #<ETHER DST=00:16:CB:B7:37:39 SRC=00:1F:9F:12:57:BA TYPE=0x0800 [IPV4]>)

(#<UDP {15A3F1D9}>
 #<IPV4 VERSION=4 IHL=5 TOS=0 LEN=292 ID=32912 FLAGS=0 FRAG=0 TTL=64 PROTO=17 [UDP] CHKSUM=0xE965 SRC=192.168.1.66 DST=70.49.7.184 OPTIONS=#()>
 #<ETHER DST=00:1F:9F:12:57:BA SRC=00:16:CB:B7:37:39 TYPE=0x0800 [IPV4]>)

(#<UDP {15AA0AC9}>
 #<IPV4 VERSION=4 IHL=5 TOS=0 LEN=123 ID=21753 FLAGS=0 FRAG=0 TTL=106 PROTO=17 [UDP] CHKSUM=0x43C7 SRC=79.27.166.172 DST=192.168.1.66 OPTIONS=#()>
 #<ETHER DST=00:16:CB:B7:37:39 SRC=00:1F:9F:12:57:BA TYPE=0x0800 [IPV4]>)

This paste has no annotations.

Colorize as:
Show Line Numbers

Lisppaste pastes can be made by anyone at any time. Imagine a fearsomely comprehensive disclaimer of liability. Now fear, comprehensively.