dumbdecode emulator

dumbdecode

@@ -0,0 +1,16 @@
+#! /bin/sh
+
+# Emulate dumbdecode.py from python netarch
+
+# The advantage here is, after the pcat step, you're dealing with text files.
+# * cache the output of pcat to speed things up a little.
+# * tail -n +5000 to ignore the first 5000 lines of your cache.
+# * grep the cache, use sed, awk, whatever
+
+./pmerge "$@" | ./pcat | while read ts proto src dst payload; do
+	#when=$(TZ=Z date --rfc-3339=ns -d @$ts)
+	printf "Packet %s None: None\n" $proto
+	printf "    %s -> %s (%s)\n" ${src%,*} ${dst%,*} "$ts"
+	echo $payload | ./unhex | ./hd
+	echo
+done

pcat.c

@@ -44,7 +44,7 @@ process_tcp(struct stream *s, char *saddr_s, char *daddr_s)
 		printf("!");
 	}
 
-	printf("TCP4 %s:%u %s:%u ", saddr_s, sport, daddr_s, dport);
+	printf("TCP4 %s,%u,%u %s,%u,%u ", saddr_s, sport, seq, daddr_s, dport, ack);
 
 	// shut the compiler up
 	if (false && urgent && chksum && window && flags && ack && seq && false);
@@ -58,7 +58,7 @@ process_udp(struct stream *s, char *saddr_s, char *daddr_s)
 	uint16_t len = read_uint16be(s);
 	uint16_t chksum = read_uint16be(s);
 
-	printf("UDP4 %s:%u %s:%u ", saddr_s, sport, daddr_s, dport);
+	printf("UDP4 %s,%u %s,%u ", saddr_s, sport, daddr_s, dport);
 
 	// Now, do some shit!
 	if (false && len && chksum && false);
@@ -143,7 +143,7 @@ print_frame(struct pcap_pkthdr *hdr, char const *frame)
 	struct stream *s = &streambuf;
 
 	sinit(s, frame, hdr->caplen);
-	printf("%u,%u ", hdr->ts.tv_sec, hdr->ts.tv_usec);
+	printf("%u.%u ", hdr->ts.tv_sec, hdr->ts.tv_usec);
 	print_ethernet(s);
 	printf("\n");
 }