Standalone project for protocol dissectors testing.
Decoder captures packets (live interface or pcap file), parses L2/L3/L4 headers, and dispatches payloads to protocol-specific dissectors.
make build
sudo ./decoder -i <device>
# or
sudo ./decoder -p <pcap_file>The project is organized around a packet processing pipeline:
- Input layer (
decoder.c): parses CLI options, opens live/offline pcap handle, initializes flow context, registers dissectors, and startspcap_loop. - Packet parsing layer (
functions.c): callback parses datalink/network/transport headers, computes payload and metadata (IP version, ports, protocol), and updates session statistics. - Dissector engine (
dissector.c): keeps a registry of dissectors and selects the right one by L4 protocol + port. - Protocol wrappers (
proto_wrappers.c): adapter functions for TLS, RTP, RTCP, RTSP, GTP, NGCP, and Diameter parsers. - Protocol parsers (
*.c): protocol-specific decoding and output formatting. - Flow/state & stats (
functions.c,tls_ssl.c,uthash): flow tracking for stateful parsing (notably TLS) and end-of-run reporting.
CLI Args (-i / -p)
|
v
decoder.c (main)
|
v
pcap_loop(callback_proto)
|
v
functions.c
[L2/L3/L4 parsing + payload extraction]
|
v
dissector_run() in dissector.c
[registry match by proto/port]
|
v
proto_wrappers.c
[TLS/RTCP/RTP/RTSP/GTP/NGCP/DIAMETER]
|
v
protocol parser modules (*.c)
|
v
decoded output + flow/state updates + stats
PayPal: fci1908@gmail.com