diff --git a/docs/hdng.mdoc b/docs/hdng.mdoc index b9afc2e..23a0a54 100644 --- a/docs/hdng.mdoc +++ b/docs/hdng.mdoc @@ -16,19 +16,19 @@ .\" On Debian systems, the complete text of the GNU General .\" Public License version 3 can be found in "/usr/share/common-licenses/GPL-3". . -.Dd March 3, 2012 +.Dd May 23, 2012 .Dt HDNG 1 -.Os "network reverse engineering toolkit" +.Os "Network Reverse Engineering Toolkit" 1.1337 +. .Sh NAME .Nm hdng .Nd a hex dumper for the next generation . .Sh SYNOPSIS .Nm hdng -.Oo Fl h | Fl v Oc +.Op Fl h | Fl v .Nm hdng -.Op Fl oxsg -.Op Fl w Ar width +.Op Fl o x s g w Ar width .Op Ar file .Nm hdng .Op Fl X | Fl G @@ -36,24 +36,16 @@ . .Sh DESCRIPTION The basic concept for this utility is to emulate the base functionality of a hex -dumper as found in bsdmainutils while providing better representation of the -data. A special character set is used so that one might better observe patterns -in the data. Additionally, the three areas of the hexdump (offsets, hexits, -glyphs) can be turned off and the width of data represented in each line of data -can be changed. -. -.Sh USAGE -With a file specified -.D1 Nm hdng Pa data.bin +dumper as found in bsdmainutil's +.Xr hexdump 1 +while providing better representation of the data. A special character set is +used so that one might better observe patterns in the data. Additionally, +the three areas of the hexdump (offsets, hexits, glyphs) can be turned off +and the width of data represented in each line of data can be changed. .Pp -As a filter -.D1 ... | Nm hdng | ... -. -.Sh OPTIONS -A summary of the options supported by -.Nm -is included below. -.Bl -tag -width -Ds +The available options include: +.Pp +.Bl -tag -compact -width Ds .It Fl h usage information .It Fl v @@ -70,30 +62,41 @@ do not display glyphs the .Em width of data to represent on each line of output -.It Ar file -the file to be dumped .El . .Ss Special Modes The following flags are mutually exclusive. When specified, .Nm ignores all other flags. -.Bl -tag -width Ds +.Pp +.Bl -tag -compact -width Ds .It Fl X turns on continuous .Em hexdump -mode, which overrides all other options +mode .It Fl G turns on continuous .Em glyphdump -mode, which overrides all other options +mode .El . +.Sh EXAMPLES +With a file specified +.D1 Ic $ Nm hdng Pa data.bin +.Pp +As a filter +.D1 Ic $ No ... | Nm hdng | No ... +. .Sh SEE ALSO -.Xr unhex 1 , +.Xr hexdump 1 , .Xr repr 1 , +.Xr unhex 1 , .Xr xor 1 . .Sh AUTHORS .An Zephyr Aq Ad zephyr@dirtbags.net , .An pi-rho Aq Ad pi-rho@tyr.cx +. +.Sh BUGS +Bugs may be submitted at +.Aq Ad https://bugs.launchpad.net/netre-tools diff --git a/docs/netre-tools.mdoc b/docs/netre-tools.mdoc index d1b7d55..8451bd9 100644 --- a/docs/netre-tools.mdoc +++ b/docs/netre-tools.mdoc @@ -16,9 +16,10 @@ .\" On Debian systems, the complete text of the GNU General .\" Public License version 3 can be found in "/usr/share/common-licenses/GPL-3". . -.Dd May 1, 2012 +.Dd May 23, 2012 .Dt NETRE-TOOLS 7 -.Os "Network Reverse Engineering Toolkit" +.Os "Network Reverse Engineering Toolkit" 1.1337 +. .Sh NAME .Nm netre-tools .Nd network reverse engineering toolkit @@ -37,49 +38,67 @@ the gaps left by more complex tools. . .Sh IMPLEMENTATION NOTES The following tools are currently included in the toolkit: +. .Ss Data Inspection and Manipulation This subgroup aids in inspecting data and manipulating data. .Pp .Bl -tag -width caesar -compact -.It Nm hdng -Hex Dumper - Next Generation (also symbolically linked as -.Nm hd ) -.It Nm unhex -converts hexits to binary data (i.e. "61 62" \(rA "AB") -.It Nm xor -applies bytes to the pipeline using XOR -.It Nm rot -applies bytes to the pipeline using ROT (bitwise rotation) -.It Nm rol -applies bytes to the pipeline using ROL (bytewise rotation) .It Nm caesar applies bytes to the pipeline using Caesar's Cipher (alphabetic rotation) +.It Nm hdng +Hex Dumper - Next Generation +.Pq also symbolically linked as Nm hd +.It Nm repr +escapes non-printable characters like Python's +.Fn repr +.Pq i.e. Li 0x03 becomes Li \ex03 +.It Nm rol +applies bytes to the pipeline using ROL (bytewise rotation) +.It Nm rot +applies bytes to the pipeline using ROT (bitwise rotation) +.It Nm unhex +converts hexits to binary data +.Pq i.e. Qo Li 61 62 Qc becomes Qo Li AB Qc +.It Nm xor +applies bytes to the pipeline using XOR .El . -.Ss PCAP Manipulation +.Ss Packet Capture Manipulation This subgroup allows frames in PCAP (packet capture) files to be manipulated from the command line. .Pp -.Bl -tag -width p4split -compact -.It Nm p4split -split a large PCAP file into smaller files, using a CIDR-notation filter +.Bl -tag -width dumbdecode -compact +.It Nm pcat +dump a packet capture in a line-based, parsable format .It Nm pmerge join PCAP files into a larger file while preserving date/time order .It Nm puniq drop duplicated packets from a PCAP +.It Nm p4split +split a large PCAP file into smaller files, using a CIDR-notation filter +.It Nm dumbdecode +dump packet captures in a nice text-based display .El . .Sh SEE ALSO -.Xr hdng 1 , -.Xr unhex 1 , -.Xr xor 1 , -.Xr rot 1 , -.Xr rol 1 , .Xr caesar 1 , +.Xr dumbdecode 1 , +.Xr hdng 1 , .Xr p4split 1 , +.Xr pcat 1 , .Xr pmerge 1 , -.Xr puniq 1 +.Xr puniq 1 , +.Xr repr 1 , +.Xr rol 1 , +.Xr rot 1 , +.Xr unhex 1 , +.Xr xor 1 . .Sh AUTHORS .An Xephyr Aq Ad zephyr@dirtbags.net , .An pi-rho Aq Ad pi-rho@tyr.cx +. +.Sh BUGS +Bugs may be submitted at +.Aq Ad https://bugs.launchpad.net/netre-tools +.\" vim:ft=mandoc: diff --git a/docs/p4split.mdoc b/docs/p4split.mdoc index f248a01..539cef8 100644 --- a/docs/p4split.mdoc +++ b/docs/p4split.mdoc @@ -16,9 +16,10 @@ .\" On Debian systems, the complete text of the GNU General .\" Public License version 3 can be found in "/usr/share/common-licenses/GPL-3". . -.Dd March 3, 2012 +.Dd May 23, 2012 .Dt P4SPLIT 1 -.Os "Network Reverse Engineering Toolkit" +.Os "Network Reverse Engineering Toolkit" 1.1337 +. .Sh NAME .Nm p4split .Nd split a PCAP based on CIDR filter @@ -33,34 +34,37 @@ .Sh DESCRIPTION The basic concept for this utility is to filter and split a PCAP packet capture file into smaller files. This utility will create up to 256 smaller files. -. -.Sh USAGE -As a filter -.D1 ... | Nm p4split 192.168.1.0/24 .Pp -Command mode -.D1 Nm p4split Fl i Pa big.pcap Ad 192.168.1.0/24 -. -.Sh OPTIONS -A summary of the options supported by -.Nm -is included below. -.Bl -tag -width Ds +The available options include: +.Pp +.Bl -tag -compact -width "-i input.pcap" .It Fl h usage information .It Fl v the program's version .It Fl i Pa input.pcap -.Pa input.pcap -is used as input, instead of stdin -.It Ao CIDR filter Ac -A filter in CIDR notation (ad.dre.ss/subnet-bits) +.Pa input.pcap No is used as input, instead of stdin +.It Aq CIDR filter +A filter in CIDR notation +.Pq a.dd.re.ss/subnet-bits .El . +.Sh EXAMPLES +As a filter: +.D1 Ic $ No ... | Nm p4split Ar 192.168.1.0/24 +.Pp +With an input file specified: +.D1 Ic $ Nm p4split Fl i Pa big.pcap Ad 192.168.1.0/24 +. .Sh SEE ALSO +.Xr pcat 1 , .Xr pmerge 1 , .Xr puniq 1 . .Sh AUTHORS .An Zephyr Aq Ad zephyr@dirtbags.net , .An pi-rho Aq Ad pi-rho@tyr.cx +. +.Sh BUGS +Bugs may be submitted at +.Aq Ad https://bugs.launchpad.net/netre-tools diff --git a/docs/pmerge.mdoc b/docs/pmerge.mdoc index c47df6d..2af0743 100644 --- a/docs/pmerge.mdoc +++ b/docs/pmerge.mdoc @@ -16,9 +16,10 @@ .\" On Debian systems, the complete text of the GNU General .\" Public License version 3 can be found in "/usr/share/common-licenses/GPL-3". . -.Dd March 3, 2012 +.Dd May 23, 2012 .Dt PMERGE 1 -.Os "Network Reverse Engineering Toolkit" +.Os "Network Reverse Engineering Toolkit" 1.1337 +. .Sh NAME .Nm pmerge .Nd merge multiple PCAP files in timeline order @@ -27,47 +28,46 @@ .Nm pmerge .Op Fl h | Fl v .Nm pmerge -.Op Fl o Ar Pa output.pcap +.Op Fl o Ar output.pcap .Pa input.pcap -.Op Ar +.Op Ar ... . .Sh DESCRIPTION The basic concept for this utility is to merge multiple PCAP files while maintaining timeline order. -. -.Sh USAGE -As a filter -.D1 Nm pmerge Pa one.pcap Pa two.pcap Li > Pa merged.pcap .Pp -In simple command form -.D1 Nm pmerge Fl o Pa merged.pcap Pa one.pcap Pa two.pcap -. -.Sh OPTIONS -A summary of the options supported by -.Nm pmerge -is included below. -. -.Bl -tag -width Ds +The available options include: +.Pp +.Bl -tag -compact -width "input.pcap [...]" .It Fl h usage information .It Fl v the program's version .It Fl o Ar output.pcap sets the output filename to -.Pa output.pcap . -If this option flag is not specified, -.Ev stdout -is used to output the merged PCAP -.It Pa input.pcap +.Pa output.pcap . No If this option flag is not specified, the merged PCAP is +output to +.Dv stdout . +.It Ar input.pcap Op Ar ... At least one input file argument is required. -.It Ar -additional input files may be specified .El . +.Sh EXAMPLES +As a filter: +.D1 Ic $ Nm pmerge Pa one.pcap Pa two.pcap Li > Pa merged.pcap +.Pp +In simple command form: +.D1 Ic $ Nm pmerge Fl o Pa merged.pcap Pa one.pcap Pa two.pcap +. .Sh SEE ALSO .Xr p4split 1 , +.Xr pcat 1 , .Xr puniq 1 . .Sh AUTHORS .An Zephyr Aq Ad zephyr@dirtbags.net , .An pi-rho Aq Ad pi-rho@tyr.cx +. +.Sh BUGS +Bugs may be submitted at +.Aq Ad https://bugs.launchpad.net/netre-tools diff --git a/docs/puniq.mdoc b/docs/puniq.mdoc index 3d90ebc..21b2b18 100644 --- a/docs/puniq.mdoc +++ b/docs/puniq.mdoc @@ -16,9 +16,10 @@ .\" On Debian systems, the complete text of the GNU General .\" Public License version 3 can be found in "/usr/share/common-licenses/GPL-3". . -.Dd March 3, 2012 +.Dd May 23, 2012 .Dt PUNIQ 1 -.Os "Network Reverse Engineering Toolkit" +.Os "Network Reverse Engineering Toolkit" 1.1337 +. .Sh NAME .Nm puniq .Nd filter one to many PCAP files for unique frames @@ -27,43 +28,37 @@ .Nm puniq .Op Fl h | Fl v .Nm puniq -.Op Fl o Ar output.pcap +.Op Fl o Pa output.pcap .Pa input.pcap -.Op Ar +.Op Ar ... . .Sh DESCRIPTION The basic concept for this utility is to filter one to many PCAP files for unique frames -. -.Sh USAGE -As a filter -.D1 Nm puniq Pa one.pcap Pa two.pcap Li > Pa unique.pcap .Pp -In simple command form -.D1 Nm puniq Fl o Pa unique.pcap Pa one.pcap Pa two.pcap -. -.Sh OPTIONS -A summary of the options supported by -.Nm puniq -is included below. -. -.Bl -tag -width Ds +The available options include: +.Pp +.Bl -tag -compact -width "input.pcap [...]" .It Fl h usage information .It Fl v the program's version .It Fl o Ar output.pcap sets the output filename to -.Pa output.pcap . -If this option flag is not specified, +.Pa output.pcap . No If this option flag is not specified, the merged PCAP is +ouput to .Dv stdout -is used to output the merged PCAP -.It Pa input.pcap +.It Pa input.pcap Op Ar ... At least one input file argument is required -.It Ar -additional input files may be specified .El . +.Sh EXAMPLES +As a filter +.D1 Ic $ Nm puniq Pa one.pcap Pa two.pcap Li > Pa unique.pcap +.Pp +In simple command form +.D1 Ic $ Nm puniq Fl o Pa unique.pcap Pa one.pcap Pa two.pcap +. .Sh SEE ALSO .Xr p4split 1 , .Xr pmerge 1 @@ -71,3 +66,7 @@ additional input files may be specified .Sh AUTHORS .An Zephyr Aq Ad zephyr@dirtbags.net , .An pi-rho Aq Ad pi-rho@tyr.cx +. +.Sh BUGS +Bugs may be submitted at +.Aq Ad https://bugs.launchpad.net/netre-tools diff --git a/docs/repr.mdoc b/docs/repr.mdoc index d1c5e44..2af7ed3 100644 --- a/docs/repr.mdoc +++ b/docs/repr.mdoc @@ -16,9 +16,9 @@ .\" On Debian systems, the complete text of the GNU General .\" Public License version 3 can be found in "/usr/share/common-licenses/GPL-3". . -.Dd March 3, 2012 +.Dd May 23, 2012 .Dt REPR 1 -.Os "Network Reverse Engineering Toolkit" +.Os "Network Reverse Engineering Toolkit" 1.1337 . .Sh NAME .Nm repr @@ -31,29 +31,26 @@ .Op Ar . .Sh DESCRIPTION -The basic concept for this utility is to emulate python's repr() function. Input -bytes are escaped using Python's byte notation if they do not fall within the -printable range. -. -.Sh USAGE -With a file specified -.D1 Nm repr Pa data.bin +The basic concept for this utility is to emulate Python's +.Fn repr No function. Input bytes are escaped using Python's byte notation if +they do not fall within the printable range. .Pp -As a filter -.D1 ... | Nm repr | ... -. -.Sh OPTIONS -A summary of the options supported by -.Nm repr -is included below. -. -.Bl -tag -width Ds +The available options include: +.Pp +.Bl -tag -compact -width Ds .It Fl h usage information .It Fl v the program's version .El . +.Sh EXAMPLES +With a file specified: +.D1 Ic $ Nm repr Pa data.bin +.Pp +As a filter: +.D1 Ic $ No ... | Nm repr | No ... +. .Sh SEE ALSO .Xr hdng 1 , .Xr xor 1 @@ -61,3 +58,7 @@ the program's version .Sh AUTHORS .An Zephyr Aq Ad zephyr@dirtbags.net , .An pi-rho Aq Ad pi-rho@tyr.cx +. +.Sh BUGS +Bugs may be submitted at +.Aq Ad https://bugs.launchpad.net/netre-tools diff --git a/docs/unhex.mdoc b/docs/unhex.mdoc index e6dabc5..8088350 100644 --- a/docs/unhex.mdoc +++ b/docs/unhex.mdoc @@ -16,9 +16,9 @@ .\" On Debian systems, the complete text of the GNU General .\" Public License version 3 can be found in "/usr/share/common-licenses/GPL-3". . -.Dd March 3, 2012 +.Dd May 23, 2012 .Dt UNHEX 1 -.Os "Network Reverse Engineering Toolkit" +.Os "Network Reverse Engineering Toolkit" 1.1337 . .Sh NAME .Nm unhex @@ -32,32 +32,34 @@ . .Sh DESCRIPTION The basic concept for this utility is to translate hexits (00-ff) to their -binary equivalent. If the text input includes spaces and non-hexadecimal -characters, these characters are ignored. If non-hexadecimal characters appear -between hexit pairs, an error is produced. -. -.Sh USAGE -With a file specified -.D1 Nm unhex Pa data.bin +binary equivalent. Spaces and other non-hexadecimal characters are ignored in +the input stream. If non-hexadecimal characters appear between hexit pairs, an +error is produced. .Pp -As a filter -.D1 ... | Nm unhex | ... -. -.Sh OPTIONS -A summary of the options supported by -.Nm unhex -is included below. -. -.Bl -tag -width Ds +The available options include: +.Pp +.Bl -tag -compact -width Ds .It Fl h usage information .It Fl v the program's version .El +. .Sh SEE ALSO .Xr hdng 1 , .Xr xor 1 . +.Sh EXAMPLES +With a file specified +.D1 Ic $ Nm unhex Pa data.bin +.Pp +As a filter +.D1 Ic $ No ... | Nm unhex | No ... +. .Sh AUTHORS .An Zephyr Aq Ad zephyr@dirtbags.net , .An pi-rho Aq Ad pi-rho@tyr.cx +. +.Sh BUGS +Bugs may be submitted at +.Aq Ad https://bugs.launchpad.net/netre-tools diff --git a/docs/xor.mdoc b/docs/xor.mdoc index 706db76..ed43ed2 100644 --- a/docs/xor.mdoc +++ b/docs/xor.mdoc @@ -16,9 +16,9 @@ .\" On Debian systems, the complete text of the GNU General .\" Public License version 3 can be found in "/usr/share/common-licenses/GPL-3". . -.Dd May 1, 2012 +.Dd May 23, 2012 .Dt TRANSFORMER 1 -.Os "Network Reverse Engineering Toolkit" +.Os "Network Reverse Engineering Toolkit" 1.1337 . .Sh NAME .Nm xor @@ -40,7 +40,7 @@ .Op Fl u .Op Fl x .Ar BYTE -.Op Ar BYTE ... +.Op Ar ... .Nm .Op Fl u .Fl s @@ -49,24 +49,10 @@ .Sh DESCRIPTION The basic concept for this utility is to apply a set of bytes, repeatedly, to a stream of input. -. -.Sh USAGE -As a filter with the hexadecimal bytes -.Bq 0x20 , 0x2f -applied to the input stream using -.Nm xor . -The bytes are applied repeatedly until the end-of-file (i.e. -.Bq 0x20 , 0x2f , 0x20 , 0x2f , ... Ns ) . -.D1 ... | Nm xor Fl x Ar 20 Ar 2f | Li ... .Pp -As a filter with a string of characters used as a byte source (i.e. -.Bq 0x20 , 0x6b , 0x65 , 0x79 , 0x20 , ... Ns ) . -.D1 ... | Nm xor Fl s Qo Ar " key " Qc | Li ... -. -.Sh OPTIONS -A summary of the options is included below. -. -.Bl -tag -width Ds +The available options include: +.Pp +.Bl -tag -compact -width "-s STRING" .It Fl h usage information .It Fl v @@ -76,29 +62,41 @@ explicity interpret bytes as hexadecimal digits .It Fl s Ar STRING use a string of characters as the byte source .It Fl u -undo - reverse the transform (this is ignored for -.Nm xor ) -.It Ar BYTE Op Ar BYTE ... +undo - reverse the transform +.Pq this is ignored for Nm xor +.It Ar BYTE Op Ar ... a list of bytes to apply to the input stream .El . .Sh IMPLEMENTATION NOTES -The application of the bytes is accomplished using one of the following +The application of the key bytes is accomplished using one of the following transforms: . -.Bd -unfilled -offset indent +.Bd -unfilled -offset left .TS box tab(:); -l | l | l | l. -\fBTransform:Description:Bytes:Undo\fR -_:_:_:_ -xor:bitwise exclusive OR:integers [0-255]:- -rot:bitwise rotate left:integers [0-7]:bitwise rotate right -rol:bytewise rotate (-):integers [0-255]:bytewise rotate (+) -caesar:alphabet shift (+):integers [0-26]:alphabet shift (-) +l | l | l | l | l. +\fBName:Description:Subj:Argument:Undo\fR +_:_:_:_:_ +xor:bitwise exclusive OR:bytes:int [0-255]:N/A +rot:rotate left:bits:int [0-7]:rotate right +rol:rotate (-):bytes:int [0-255]:rotate (+) +caesar:shift (+):alpha:int [0-26]:shift (-) .TE .Ed +. +.Sh EXAMPLES +As a filter with the hexadecimal bytes +.Bq 0x20 , 0x2f +applied to the input stream using +.Nm xor . +The bytes are applied repeatedly until the end-of-file +.Pq i.e. Bo 0x20 , 0x2f , 0x20 , 0x2f , ... Bc . +.D1 Ic $ No ... | Nm xor Fl x Ar 20 Ar 2f | No ... .Pp +As a filter with a string of characters used as a byte source +.Pq i.e. Qo key Qc becomes Bo 0x6b , 0x65 , 0x79 , ... Bc . +.D1 Ic $ No ... | Nm xor Fl s Qo Ar key Qc | No ... . .Sh SEE ALSO .Xr hdng 1 , @@ -107,3 +105,7 @@ caesar:alphabet shift (+):integers [0-26]:alphabet shift (-) .Sh AUTHORS .An Zephyr Aq Ad zephyr@dirtbags.net , .An pi-rho Aq Ad pi-rho@tyr.cx +. +.Sh BUGS +Bugs may be submitted at +.Aq Ad https://bugs.launchpad.net/netre-tools