dumbdecode emulator

This commit is contained in:
Neale Pickett 2013-01-29 22:25:15 -07:00
parent 4cafa720fa
commit b18f2e9b08
2 changed files with 19 additions and 3 deletions

16
dumbdecode Executable file
View File

@ -0,0 +1,16 @@
#! /bin/sh
# Emulate dumbdecode.py from python netarch
# The advantage here is, after the pcat step, you're dealing with text files.
# * cache the output of pcat to speed things up a little.
# * tail -n +5000 to ignore the first 5000 lines of your cache.
# * grep the cache, use sed, awk, whatever
./pmerge "$@" | ./pcat | while read ts proto src dst payload; do
#when=$(TZ=Z date --rfc-3339=ns -d @$ts)
printf "Packet %s None: None\n" $proto
printf " %s -> %s (%s)\n" ${src%,*} ${dst%,*} "$ts"
echo $payload | ./unhex | ./hd
echo
done

6
pcat.c
View File

@ -44,7 +44,7 @@ process_tcp(struct stream *s, char *saddr_s, char *daddr_s)
printf("!");
}
printf("TCP4 %s:%u %s:%u ", saddr_s, sport, daddr_s, dport);
printf("TCP4 %s,%u,%u %s,%u,%u ", saddr_s, sport, seq, daddr_s, dport, ack);
// shut the compiler up
if (false && urgent && chksum && window && flags && ack && seq && false);
@ -58,7 +58,7 @@ process_udp(struct stream *s, char *saddr_s, char *daddr_s)
uint16_t len = read_uint16be(s);
uint16_t chksum = read_uint16be(s);
printf("UDP4 %s:%u %s:%u ", saddr_s, sport, daddr_s, dport);
printf("UDP4 %s,%u %s,%u ", saddr_s, sport, daddr_s, dport);
// Now, do some shit!
if (false && len && chksum && false);
@ -143,7 +143,7 @@ print_frame(struct pcap_pkthdr *hdr, char const *frame)
struct stream *s = &streambuf;
sinit(s, frame, hdr->caplen);
printf("%u,%u ", hdr->ts.tv_sec, hdr->ts.tv_usec);
printf("%u.%u ", hdr->ts.tv_sec, hdr->ts.tv_usec);
print_ethernet(s);
printf("\n");
}