Neale Pickett
·
2021-02-05
dumbdecode
1#! /bin/sh
2
3# Emulate dumbdecode.py from python netarch
4
5# What this script does:
6# * pmerge takes multiple pcap files and outputs a single pcap stream,
7# with everything in time order
8# * pcat outputs a line with six fields for each input packet:
9# * timestamp (in seconds, with millisecond precison)
10# * protocol (like `UDP` or `TCP`)
11# * source address
12# * destination address
13# * protocol options (like SYN or PSH)
14# * payload, hex-encoded
15# * For each pcat output line:
16# * Convert timestamp to RFC3339 format, so humans can read it
17# * Print a bit of header with the protocol, using python netarch formatting
18# * Print the source, destination, and formatted time
19# * Write out a hex dump of the paylaod
20
21pmerge "$@" | pcat | while read ts proto src dst opts payload; do
22 when=$(TZ=Z date -d @${ts%.*} "+%Y-%m-%d %H:%M:%S") # Format time as human-readable
23 printf "Packet %s None: None\n" $proto
24 printf " %s -> %s (%s)\n" ${src%,*} ${dst%,*} "$when"
25 echo $payload | unhex | hd
26 echo
27done
28