From b18f2e9b082661ed34127161e471e45035f44cf6 Mon Sep 17 00:00:00 2001 From: Neale Pickett Date: Tue, 29 Jan 2013 22:25:15 -0700 Subject: [PATCH] dumbdecode emulator --- dumbdecode | 16 ++++++++++++++++ pcat.c | 6 +++--- 2 files changed, 19 insertions(+), 3 deletions(-) create mode 100755 dumbdecode diff --git a/dumbdecode b/dumbdecode new file mode 100755 index 0000000..a0559b4 --- /dev/null +++ b/dumbdecode @@ -0,0 +1,16 @@ +#! /bin/sh + +# Emulate dumbdecode.py from python netarch + +# The advantage here is, after the pcat step, you're dealing with text files. +# * cache the output of pcat to speed things up a little. +# * tail -n +5000 to ignore the first 5000 lines of your cache. +# * grep the cache, use sed, awk, whatever + +./pmerge "$@" | ./pcat | while read ts proto src dst payload; do + #when=$(TZ=Z date --rfc-3339=ns -d @$ts) + printf "Packet %s None: None\n" $proto + printf " %s -> %s (%s)\n" ${src%,*} ${dst%,*} "$ts" + echo $payload | ./unhex | ./hd + echo +done \ No newline at end of file diff --git a/pcat.c b/pcat.c index cbdb308..09298ee 100644 --- a/pcat.c +++ b/pcat.c @@ -44,7 +44,7 @@ process_tcp(struct stream *s, char *saddr_s, char *daddr_s) printf("!"); } - printf("TCP4 %s:%u %s:%u ", saddr_s, sport, daddr_s, dport); + printf("TCP4 %s,%u,%u %s,%u,%u ", saddr_s, sport, seq, daddr_s, dport, ack); // shut the compiler up if (false && urgent && chksum && window && flags && ack && seq && false); @@ -58,7 +58,7 @@ process_udp(struct stream *s, char *saddr_s, char *daddr_s) uint16_t len = read_uint16be(s); uint16_t chksum = read_uint16be(s); - printf("UDP4 %s:%u %s:%u ", saddr_s, sport, daddr_s, dport); + printf("UDP4 %s,%u %s,%u ", saddr_s, sport, daddr_s, dport); // Now, do some shit! if (false && len && chksum && false); @@ -143,7 +143,7 @@ print_frame(struct pcap_pkthdr *hdr, char const *frame) struct stream *s = &streambuf; sinit(s, frame, hdr->caplen); - printf("%u,%u ", hdr->ts.tv_sec, hdr->ts.tv_usec); + printf("%u.%u ", hdr->ts.tv_sec, hdr->ts.tv_usec); print_ethernet(s); printf("\n"); }