add zephyr's excellent dumbdecode with my own spin

This commit is contained in:
pi-rho 2013-02-05 13:02:38 -06:00
parent 718137b450
commit 3b5b71a165
2 changed files with 129 additions and 0 deletions

88
docs/dumbdecode.mdoc Normal file
View File

@ -0,0 +1,88 @@
.\" This manual is Copyright 2012 by pi-rho <ubuntu@tyr.cx>
.\"
.\" This program is free software: you can redistribute it and/or modify
.\" it under the terms of the GNU General Public License as published by
.\" the Free Software Foundation, either version 3 of the License, or
.\" (at your option) any later version.
.\"
.\" This package is distributed in the hope that it will be useful,
.\" but WITHOUT ANY WARRANTY; without even the implied warranty of
.\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
.\" GNU General Public License for more details.
.\"
.\" You should have received a copy of the GNU General Public License
.\" along with this program. If not, see <http://www.gnu.org/licenses/>.
.\"
.\" On Debian systems, the complete text of the GNU General
.\" Public License version 3 can be found in "/usr/share/common-licenses/GPL-3".
.
.Dd May 23, 2012
.Dt DUMBDECODE 1
.Os "Network Reverse Engineering Toolkit" 1.1337
.
.Sh NAME
.Nm dumbdecode
.Nd dump packets in a text-based format
.
.Sh SYNOPSIS
.Nm dumbdecode
.Op Fl h | Fl v
.Nm dumbdecode
.Op Fl w Ar WIDTH
.Op Pa input.pcap
.Op Ar ...
.
.Sh DESCRIPTION
This script combines several of the NetRE Toolkit utilites in order to produce a
text-based, packet display from one to many PCAP files.
.Nm pmerge
is used to merge PCAP files, while keeping the packets in order.
.Nm puniq
is used to drop any duplicate packets.
.Nm pcat
is used to produce a line-based, parsable output from the merged packet captures.
Finally, along with several bash builtins and GNU/Linux utilites,
.Nm unhex
produces binary from the hexadecimal payload, and
.Nm hdng
produces a variable-width hex dump for each packet's payload.
.Pp
The available options include:
.Pp
.Bl -tag -compact -width "-o output.txt"
.It Fl h
usage information
.It Fl v
the program's version
.It Fl w Ar WIDTH
width of the payload hexdump (multiples of 8 are encouraged)
.It Ar input.pcap Ar ...
the packet capture(s) to display
.El
.
.Sh EXAMPLES
.Ic $ Nm dumbdecode Pa one.pcap Pa two.pcap
.Bd -literal
Packet ICMP4 None: None
192.168.10.127:8 -> 192.168.10.101 (2009-03-11 15:14:53.759078000Z)
00000000 02 00 37 00 41 42 43 44 45 46 47 48 49 4a 4b 4c ┆☻·7·ABCDEFGHIJKL┆
00000010 4d 4e 4f 50 51 52 53 54 55 56 57 41 42 43 44 45 ┆MNOPQRSTUVWABCDE┆
00000020 46 47 48 49 ┆FGHI✘✘✘✘✘✘✘✘✘✘✘✘┆
00000024 bytes
.Ed
.
.Sh SEE ALSO
.Xr pcat 1 ,
.Xr pmerge 1 ,
.Xr puniq 1 ,
.Xr unhex 1 ,
.Xr hdng 1
.
.Sh AUTHORS
.An Zephyr Aq Ad zephyr@dirtbags.net ,
.An pi-rho Aq Ad pi-rho@tyr.cx
.
.Sh BUGS
Bugs may be submitted at
.Aq Ad https://bugs.launchpad.net/netre-tools
.\" vim:ft=mandoc

41
scripts/dumbdecode Executable file
View File

@ -0,0 +1,41 @@
#!/bin/bash
usage() {
version
echo ""
echo "Usage: dumbdecode [-h] [-v]"
echo " dumbdecode [-w 16] PCAP [PCAP ...]"
echo ""
echo " -w data width of the packet hex dump (default: 16)"
echo " PCAP one to many packet capture files (libpcap 2.4)"
echo ""
}
version() {
echo "dumbdecode v.1.1337 - The Dumb Decoder"
}
width=16
while getopts ":hvw:" opt; do
case $opt in
h) usage; exit 0;;
v) version; exit 0;;
w)
if [[ ${OPTARG} -gt 0 && ${OPTARG} -le 64 ]]; then
width=${OPTARG}
else
echo "Invalid width ${OPTARG}"; usage; exit 1
fi;;
?) echo "Invalid option -${OPTARG}"; usage; exit 1;;
esac
done
shift $((OPTIND-1))
if [[ $# == 0 ]]; then usage; fi
pmerge "$@" | puniq - | pcat | while read ts proto src dst payload; do
when=$(date --utc --rfc-3339=ns -d "@$ts") src=${src%,*} dst=${dst%,*}
printf "Packet %s None: None\n" $proto
printf " %s -> %s (%s)\n" ${src/,/:} ${dst/,/:} "${when/\+00:00/Z}"
echo $payload | unhex | hdng -w ${width}
echo
done