2013-01-29 22:25:15 -07:00
|
|
|
#! /bin/sh
|
|
|
|
|
|
|
|
|
|
# Emulate dumbdecode.py from python netarch
|
|
|
|
|
|
2021-02-05 10:59:24 -07:00
|
|
|
# What this script does:
|
|
|
|
|
# * pmerge takes multiple pcap files and outputs a single pcap stream,
|
|
|
|
|
# with everything in time order
|
|
|
|
|
# * pcat outputs a line with six fields for each input packet:
|
|
|
|
|
# * timestamp (in seconds, with millisecond precison)
|
|
|
|
|
# * protocol (like `UDP` or `TCP`)
|
|
|
|
|
# * source address
|
|
|
|
|
# * destination address
|
|
|
|
|
# * protocol options (like SYN or PSH)
|
|
|
|
|
# * payload, hex-encoded
|
|
|
|
|
# * For each pcat output line:
|
|
|
|
|
# * Convert timestamp to RFC3339 format, so humans can read it
|
|
|
|
|
# * Print a bit of header with the protocol, using python netarch formatting
|
|
|
|
|
# * Print the source, destination, and formatted time
|
|
|
|
|
# * Write out a hex dump of the paylaod
|
2013-01-29 22:25:15 -07:00
|
|
|
|
2020-09-21 14:50:56 -06:00
|
|
|
pmerge "$@" | pcat | while read ts proto src dst opts payload; do
|
2021-02-05 10:59:24 -07:00
|
|
|
when=$(TZ=Z date -d @${ts%.*} "+%Y-%m-%d %H:%M:%S") # Format time as human-readable
|
2013-01-29 22:25:15 -07:00
|
|
|
printf "Packet %s None: None\n" $proto
|
2018-06-11 17:57:35 -06:00
|
|
|
printf " %s -> %s (%s)\n" ${src%,*} ${dst%,*} "$when"
|
2020-09-21 14:50:56 -06:00
|
|
|
echo $payload | unhex | hd
|
2013-01-29 22:25:15 -07:00
|
|
|
echo
|
2018-06-11 17:57:35 -06:00
|
|
|
done
|
|
|
|
|
|
