-- Lua script to split packets into separate output pcap files based on 5-tuple

-- Configuration
local outputFolder = "/path/to/output/folder/" ?-- Replace with the desired output folder path

-- Tshark callback function
local function packet_callback()
 ? ?local src_ip = tostring(ip.src)
 ? ?local dst_ip = tostring(ip.dst)
 ? ?local src_port = tostring(tcp.srcport)
 ? ?local dst_port = tostring(tcp.dstport)
 ? ?local protocol = tostring(ip.proto)
 ? ?
 ? ?local flow_key = src_ip .. "-" .. dst_ip .. "-" .. src_port .. "-" .. dst_port .. "-" .. protocol
 ? ?local flow_filename = outputFolder .. flow_key .. ".pcap"
 ? ?
 ? ?-- Open the output pcap file in append mode
 ? ?local flow_file = io.open(flow_filename, "ab")
 ? ?if flow_file == nil then
 ? ? ? ?print("Failed to open output file: " .. flow_filename)
 ? ? ? ?return
 ? ?end
 ? ?
 ? ?-- Write the packet to the output pcap file
 ? ?flow_file:write(current_packet)
 ? ?
 ? ?-- Close the output pcap file
 ? ?flow_file:close()
end

-- Main entry point
local function main()
 ? ?-- Set the Tshark command line options
 ? ?local tshark_cmd = "tshark -r input.pcap -o lua_script:split_pcap.lua"
 ? ?
 ? ?-- Register the packet callback function
 ? ?register_packet_callback(packet_callback)
 ? ?
 ? ?-- Run Tshark with the specified options
 ? ?os.execute(tshark_cmd)
end

-- Run the main script
main()

tshark -r input.pcap -o lua_script:split_pcap.lua