A Lua helper library for creating network protocol dissectors
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.
examples QUIC updated with screenshot Dec 1, 2018
LICENSE Initial commit May 30, 2018
PDURECORD.md BGP sample shell added Jun 4, 2018
README.md doc update Nov 29, 2018
SWEEPBUF.md buffer_left added Dec 11, 2018
maulaxe.png doc update Nov 29, 2018
pdurecord.lua BGP sample shell added Jun 4, 2018
sweepbuf.lua buffer_left added Dec 11, 2018
tcpflags.png added two methods to sweepbuf Nov 26, 2018


BITMAUL - The Mauler of packetz


BITMAUL is a LUA helper library to help you write protocol dissectors.

It consists of two libs you can use independently.

  1. sweepbuf : Extract protocol fields from a chunk of bytes Sweepbuf docs
  2. pdurecord : Constructs TCP records from bytestream PDURecord docs


Just put the files sweepbuf.lua and pdurecord.lua in the same directory as your LUA scripts.

Bitmaul Docs

SweepBuf documentation

Sweepbuf works on a LUA string which represents a network payload byte array. The library maintains an internal "pointer" so you can use methods like next_XYZ(..) to extract fields. Common network idioms like endian-ness, searching for terminators, looping over attribute values, are all supported.

Read SweepBuf Documentation

PDURecord documentation

A common first step in any stream based packet dissection is breaking up a bytestream into Protocol Data Units (PDUs also know as records/messages). PDURecord is a tiny library that makes it really easy to do this.

Read PDURecord Documentation

Typical uses

  • for a TCP based analyzer which needs reassembly, you typically need to use both PDURecord and SweepBuf
  • for a UDP/Ethernet analyzer, which does not need reassembly, you only need SweepBuf


Take a look at the TCP Analyzer example for a feel for what SweepBuf looks like

For more, see the examples directory