Table of Contents
BITMAUL : The protocol dissection framework
We released an open source LuaJIT based protocol dissection framework called BITMAUL.
BITMAUL can be found on its GitHUB page https://github.com/trisulnsm/bitmaul
Bitmaul allows you to
- sweepbuf - use
next_xxtype calls to dissect a bitstream. Supports bit level operations and covers most of the common packet dissection idioms
- pdurecord - breakup a bytestream into TCP messages / PDUs
BITMAUL in Trisul Scripting
BITMAUL is a standalone library that doesnt need Trisul, but we designed it to fit our use case.
A recurring demand from Trisul script developers is to decode protocols and then either meter the traffic or to generate “logs”. BITMAUL dramatically simplifies this process because it handles both TCP message segmentation as well as the bits level protocol dissection. You can go as deep as you want in any protocol or just decode it enough to generate metrics, resources (logs), alerts, or other kinds of action.