.\" This manual is Copyright 2012 by pi-rho .\" .\" This program is free software: you can redistribute it and/or modify .\" it under the terms of the GNU General Public License as published by .\" the Free Software Foundation, either version 3 of the License, or .\" (at your option) any later version. .\" .\" This package is distributed in the hope that it will be useful, .\" but WITHOUT ANY WARRANTY; without even the implied warranty of .\" MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the .\" GNU General Public License for more details. .\" .\" You should have received a copy of the GNU General Public License .\" along with this program. If not, see . .\" .\" On Debian systems, the complete text of the GNU General .\" Public License version 3 can be found in "/usr/share/common-licenses/GPL-3". . .Dd May 23, 2012 .Dt NETRE-TOOLS 7 .Os "Network Reverse Engineering Toolkit" 1.1337 . .Sh NAME .Nm netre-tools .Nd network reverse engineering toolkit . .Sh DESCRIPTION Network reverse engineering describes an emerging specialty in the information assurance industry. This specialty exists in the gray area between malware reverse engineering and network forensics. Analysts in this specialty may process a wide variety of data. This data may be encrypted, encoded, or embedded in multiple layers of other data. .Pp This toolkit aims to provide simple utilities to aide the analyst in carving through many potential layers in order to find information. This toolkit will most likely never be a complete solution; however, the authors aim to fill in the gaps left by more complex tools. . .Sh IMPLEMENTATION NOTES The following tools are currently included in the toolkit: . .Ss Data Inspection and Manipulation This subgroup aids in inspecting data and manipulating data. .Pp .Bl -tag -width caesar -compact .It Nm caesar applies bytes to the pipeline using Caesar's Cipher (alphabetic rotation) .It Nm hdng Hex Dumper - Next Generation .Pq also symbolically linked as Nm hd .It Nm repr escapes non-printable characters like Python's .Fn repr .Pq i.e. Li 0x03 becomes Li \ex03 .It Nm rol applies bytes to the pipeline using ROL (bytewise rotation) .It Nm rot applies bytes to the pipeline using ROT (bitwise rotation) .It Nm unhex converts hexits to binary data .Pq i.e. Qo Li 61 62 Qc becomes Qo Li AB Qc .It Nm xor applies bytes to the pipeline using XOR .El . .Ss Packet Capture Manipulation This subgroup allows frames in PCAP (packet capture) files to be manipulated from the command line. .Pp .Bl -tag -width dumbdecode -compact .It Nm pcat dump a packet capture in a line-based, parsable format .It Nm pmerge join PCAP files into a larger file while preserving date/time order .It Nm puniq drop duplicated packets from a PCAP .It Nm p4split split a large PCAP file into smaller files, using a CIDR-notation filter .It Nm dumbdecode dump packet captures in a nice text-based display .El . .Sh SEE ALSO .Xr caesar 1 , .Xr dumbdecode 1 , .Xr hdng 1 , .Xr p4split 1 , .Xr pcat 1 , .Xr pmerge 1 , .Xr puniq 1 , .Xr repr 1 , .Xr rol 1 , .Xr rot 1 , .Xr unhex 1 , .Xr xor 1 . .Sh AUTHORS .An Xephyr Aq Ad zephyr@dirtbags.net , .An pi-rho Aq Ad pi-rho@tyr.cx . .Sh BUGS Bugs may be submitted at .Aq Ad https://bugs.launchpad.net/netre-tools .\" vim:ft=mandoc: