New skip utility

2017-08-08 23:55:05 +00:00 · 2017-08-08 23:55:05 +00:00 · 0c37c73a8e
parent 12f18a513f
commit 0c37c73a8e
3 changed files with 82 additions and 11 deletions
--- a/README.md
+++ b/README.md
@ -63,14 +63,43 @@ The following pipe is equivalent to "cat":
 	./xor 42 | ./xor -x 2A


+### skip: discard initial octets
+
+Throws away some initial octets from stdin,
+and sends the rest to stdout.
+You could use `dd` for the same purpose.
+
+This skip command:
+
+	skip 5
+
+Is equivalent to this `dd` command:
+
+    dd skip=5 bs=1 status=none
+
+
 ### pcat: print text representation of pcap file

 Prints a (lossy) text representation of a pcap file to stdout.
+
 This program is the keystone of the Fluffy Suite.
 By representing everything as text,
 programmers can use any number of standard Unix text processing tools,
 such as sed, awk, cut, grep, or head.

+Output is tab-separated, of the format:
+
+    timestamp protocol options src dst payload
+
+Frequently you are only interested in the payload,
+so you can run pcat like:
+
+    cat myfile.pcap | pcat | cut -f 6
+
+Remember the `unhex` program,
+which will convert payloads to an octet stream,
+after you have done any maniuplations you want.
+

 ### pmerge: merge pcap files 

@ -79,18 +108,18 @@ Takes a list of pcap files, assuming they are sorted by time
 and merges them into a single sorted output.


-### printfesc: printf escape input
-
-Reads octets,
-writes a string suitable for copy-paste into printf.
-
-
 ### puniq: omit repeated frames

 Removes duplicate frames from input, 
 writing to output.


+### printfesc: printf escape input
+
+Reads octets,
+writes a string suitable for copy-paste into printf.
+
+
 ### pyesc: python escape input

 Escapes input octets for pasting into a python "print" statement.
--- a/pcat.c
+++ b/pcat.c
@ -78,7 +78,7 @@ process_tcp(struct stream *s, char *saddr_s, char *daddr_s)
 		printf("!");
 	}

-	printf("TCP %s,%u %s,%u %u,%u,%d ", saddr_s, sport, daddr_s, dport, seq, ack, flags);
+	printf("TCP\t%s,%u\t%s,%u\t%u,%u,%d\t", saddr_s, sport, daddr_s, dport, seq, ack, flags);
 }

 void
@ -89,7 +89,7 @@ process_udp(struct stream *s, char *saddr_s, char *daddr_s)
 	uint16_t len = read_uint16(s);
 	uint16_t chksum = read_uint16(s);

-	printf("UDP %s,%u %s,%u 0 ", saddr_s, sport, daddr_s, dport);
+	printf("UDP\t%s,%u\t%s,%u\t0\t", saddr_s, sport, daddr_s, dport);
 }

 void
@ -99,7 +99,7 @@ process_icmp(struct stream *s, char *saddr_s, char *daddr_s)
 	uint8_t code = read_uint8(s);
 	uint16_t checksum = read_uint16(s);
 	
-	printf("ICMP %d,%d %s %s ", type, code, saddr_s, daddr_s);
+	printf("ICMP\t%d,%d\t%s\t%s\t", type, code, saddr_s, daddr_s);
 }

 void
@ -140,7 +140,7 @@ process_ip4(struct stream *s)
 			process_icmp(s, saddr_s, daddr_s);
 			break;
 		default:
-			printf("P%d %s %s ", proto, saddr_s, daddr_s);
+			printf("P%d\t%s\t%s\t", proto, saddr_s, daddr_s);
 			break;
 	}

@ -179,7 +179,7 @@ print_frame(struct pcap_file *p, struct pcap_pkthdr *hdr, char const *frame)
 	struct stream *s = &streambuf;

 	sinit(s, frame, hdr->caplen, ENDIAN_NETWORK); // pcap.c always outputs network byte order
-	printf("%u.%u ", hdr->ts.tv_sec, hdr->ts.tv_usec);
+	printf("%u.%u\t", hdr->ts.tv_sec, hdr->ts.tv_usec);
 	switch (p->linktype) {
 		case LINKTYPE_ETHERNET:
 			print_ethernet(s);
--- a/skip.c
+++ b/skip.c
@ -0,0 +1,42 @@
+/*
+ * skip octets -- 2017 Neale Pickett <zephyr@dirtbags.net>
+ *
+ * This file is in the public domain.  I make no promises about the functionality
+ * of this program. 
+ */
+
+#include <stdio.h>
+#include <stdlib.h>
+
+int
+main(int argc, char *argv[])
+{
+	long int count;
+
+	if (argc != 2) {
+		fprintf(stderr, "Usage: %s count\n", argv[0]);
+		return 1;
+	}
+
+	count = strtol(argv[1], NULL, 0);
+	/* Throw away count octets */
+	for (; count > 0; count -= 1) {
+		int c = getchar();
+
+		if (EOF == c) {
+			break;
+		}
+	}
+
+	/* Spit out the rest */
+	while (1) {
+		int c = getchar();
+
+		if (EOF == c) {
+			break;
+		}
+		putchar(c);
+	}
+
+	return 0;
+}