Tools for Network Archaeology (internet protocol analysis)
Go to file
Neale Pickett af0ebc7836 Add Read function 2013-12-24 16:37:33 -07:00
.indent.pro May as well check in the indent profile too 2013-01-29 21:55:28 -07:00
Makefile version of hd in go 2013-07-23 16:30:38 -06:00
README version of hd in go 2013-07-23 16:30:38 -06:00
dumbdecode dumbdecode emulator 2013-01-29 22:25:15 -07:00
hd.c Reindent everything 2013-01-29 21:53:17 -07:00
hd.go fix offset counting with repeats 2013-07-23 16:53:51 -06:00
p4split.c Reindent everything 2013-01-29 21:53:17 -07:00
pcap.c handle icmp 2013-02-11 15:50:30 -07:00
pcap.go Add Read function 2013-12-24 16:37:33 -07:00
pcap.h standardize ICMP output 2013-07-26 14:08:48 -06:00
pcat.c Merge remote-tracking branch 'origin/master' 2013-07-26 14:09:32 -06:00
pmerge.c Reindent everything 2013-01-29 21:53:17 -07:00
printfesc.c version of hd in go 2013-07-23 16:30:38 -06:00
puniq.c Reindent everything 2013-01-29 21:53:17 -07:00
pyesc.c Reindent everything 2013-01-29 21:53:17 -07:00
stream.c version of hd in go 2013-07-23 16:30:38 -06:00
stream.h version of hd in go 2013-07-23 16:30:38 -06:00
unhex.c Reindent everything 2013-01-29 21:53:17 -07:00
xor.c Reindent everything 2013-01-29 21:53:17 -07:00

README

The Fluffy Suite
============

Fluffy was begun in April 2011 in Tennessee,
as a replacement for the aging "dirtbags.ip" codebase.
It is comprised of multiple small standalone binaries,
which are meant to be chained together,
either on the command-line or from a shell script,
to create a more powerful (and specific) piece of software.

Usually, a program expects input on stdin,
and produces output on stdout.
Flags are sparse by design.


hd -- Hex Dump
--------------

Like the normal hd,
but with unicode characters to represent all 256 octets,
instead of using "." for unprintable characters.


p4split -- split a pcap file by IPv4 address CIDR
---------------------------

Splits a pcap file up ito 256 files, based on a CIDR.  For example:

    p4split 32 < foo.pcap

Will create [0-255].pcap


pcat -- print text representation of pcap file
------------------------------

Prints a (lossy) text representation of a pcap file to stdout.
This program is the keystone of the Fluffy Suite.
By representing everything as text,
programmers can use any number of standard Unix text processing tools,
such as sed, awk, cut, grep, or head.


pmerge -- merge pcap files
-------------------------------------------

Takes a list of pcap files, assuming they are sorted by time
(you would have to work hard to create any other kind),
and merges them into a single sorted output.


printfesc -- printf escape input
--------------------------------

Reads octets,
writes a string suitable for copy-paste into printf.


puniq -- omit repeated frames
--------------------------------

Removes duplicate frames from input, 
writing to output.


pyesc -- python escape input
---------------------------------

Escapes input octets for pasting into a python "print" statement.



unhex -- unescape hex
---------------------------------

Reads ASCII hex codes on stdin,
writes those octets to stdout.

The following pipe is equivalent to "cat":

    ./hd | cut -b 11-58 | ./unhex


xor -- xor mask octets
--------------------------------

Applies the given mask as an xor to input.
The mask will be repeated,
so for a 1-value mask, every octet is xored against that value.
For a 16-value mask, the mask is applied to 16-octet chunks at a time.

The "-x" option treats values as hex.

The following pipe is equivalent to "cat":

	./xor 42 | ./xor -x 2A