local tcpLoad = Field.new("tcp.payload") local tcpDPort = Field.new("tcp.dstport") local ipSrc = Field.new("ip.src_host") local getTime = Field.new("frame.time_epoch") local tcpSize = Field.new("tcp.len") local tcpLoad = Field.new("tcp.payload") local ua = Field.new("http.user_agent") do local function packet_listener() local tap = Listener.new("frame", "tcp and ((tcp.dstport == 80) or (tcp.dstport == 443) or (tcp.dstport == 8080) or (tcp.dstport == 14000))") local tls_dissector = Dissector.get("tls") local http_dissector = Dissector.get("http") DissectorTable.get("tcp.port"):remove_all(tls_dissector) DissectorTable.get("tcp.port"):remove_all(http_dissector) function tap.reset() -- print("tap reset") end function tap.packet(pinfo, tvb) -- if( qq() ) then -- if( ua() ) then -- print(ua()) -- end if(tcpSize()) then local size = tonumber(tostring( tcpSize() )) if (size > 50) then local b1 = tcpLoad().range:range(0, 2):bytes():tohex() if( b1 == "0000" ) then local size_2 = tcpLoad().range:range(2, 2):uint() -- print(size_2) if (size == size_2) then -- print(pinfo.number) local b2 = tcpLoad().range:range(13, 4):bytes():tohex() if( b2 == "00000000" ) then local qq_len = tcpLoad().range:range(17, 1):uint() if(qq_len < 13+4 and qq_len > 4+4) then local qq = tcpLoad().range:range(18, qq_len -4 ):string() if (string.match(qq, '^[1-9][0-9]+$')) then local time = tostring( getTime() ) local sip = tostring( ipSrc() ) local to_be_print = time.." ".."qq_tcp".." "..sip.." "..qq print(to_be_print) end end end end end end end end function tap.draw() -- 结束执行 end end -- 监听报文 packet_listener() -- tcpStreamTable =nil end