flowtag 2.1.2 → 2.1.3

data/.gitignore

@@ -0,0 +1,17 @@
+*.gem
+*.rbc
+.bundle
+.config
+.yardoc
+Gemfile.lock
+InstalledFiles
+_yardoc
+coverage
+doc/
+lib/bundler/man
+pkg
+rdoc
+spec/reports
+test/tmp
+test/version_tmp
+tmp

data/Gemfile

@@ -0,0 +1,4 @@
+source 'https://rubygems.org'
+
+# Specify your gem's dependencies in flowtag.gemspec
+gemspec

data/LICENSE.txt

@@ -1,4 +1,6 @@
-Copyright (c) 2011 Chris Lee, PhD
+Copyright (c) 2013 chrislee35
+
+MIT License
 
 Permission is hereby granted, free of charge, to any person obtaining
 a copy of this software and associated documentation files (the

data/{README.rdoc → README.md}

@@ -1,4 +1,5 @@
-= flowtag
+# Flowtag
+
 FlowTag is an interactive network trace viewer. It operates on PCAP files, produces a database of flows, and then visualizes the results. The user can then filter for flows of interest, view the payload, and tag the flow with relevant keywords. The current version is written in Ruby using the Tk interface. The code is released under GPL, except the pcapparser library, which is released under LGPL.
 
 <img src='http://chrislee.dhs.org/projects/flowtag/flowtag2.png' />
@@ -14,18 +15,28 @@ The interface is comprised of 6 main elements as follows:
 
 The FlowTag package contains 3 command-line tools in addition to the GUI. These tools are provided to telp with simple automation and scripting. pcap2flowdb creates a flow database from a pcap file. The database can then be read by the listflows and printflow tools. The listflows tool lists all the flow tuples contained in the flow database. The printflow tool outputs the payload of a specified flow.
 
-== Contributing to flowtag
- 
-* Check out the latest master to make sure the feature hasn't been implemented or the bug hasn't been fixed yet
-* Check out the issue tracker to make sure someone already hasn't requested it and/or contributed it
-* Fork the project
-* Start a feature/bugfix branch
-* Commit and push until you are happy with your contribution
-* Make sure to add tests for it. This is important so I don't break it in a future version unintentionally.
-* Please try not to mess with the Rakefile, version, or history. If you want to have your own version, or is otherwise necessary, that is fine, but please isolate to its own commit so I can cherry-pick around it.
+## Installation
+
+Add this line to your application's Gemfile:
+
+    gem 'flowtag'
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install flowtag
+
+## Usage
 
-== Copyright
+	flowtag test.pcap
 
-Copyright (c) 2011 Chris Lee, PhD. See LICENSE.txt for
-further details.
+## Contributing
 
+1. Fork it
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Add some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create new Pull Request

data/Rakefile

@@ -0,0 +1,12 @@
+#!/usr/bin/env rake
+require "bundler/gem_tasks"
+
+require 'rake/testtask'
+
+Rake::TestTask.new do |t|
+  t.libs << 'lib'
+  t.test_files = FileList['test/test_*.rb']
+  t.verbose = true
+end
+
+task :default => :test

data/bin/flowtag

@@ -1,4 +1,4 @@
-#! /opt/local/bin/ruby
+#!/usr/bin/env ruby
 # DESCRIPTION: presents the user with a GUI interface to visualize and explore flows found from a given pcap file.
 # FLOWTAG - parses and visualizes pcap data
 # Copyright (C) 2007 Christopher Lee
@@ -23,10 +23,8 @@ end
 
 require 'tk'  # this takes a long time to load
 require 'tk/labelframe'
-require 'flowtag/flowdb'
-require 'flowtag/flowcanvas'
-require 'flowtag/flowtable'
-require 'tk-double-slider'
+require 'flowtag'
+require 'tk/doubleslider'
 
 def select_cb(flows)
 	$flowtable.clear

data/bin/ftlistflows

@@ -1,4 +1,4 @@
-#! /opt/local/bin/ruby
+#!/usr/bin/env ruby
 # DESCRIPTION: is part of the flowtag toolkit and prints the flows from a flowdb
 # FLOWTAG - parses and visualizes pcap data
 # Copyright (C) 2007 Christopher Lee

data/bin/ftpcap2flowdb

@@ -1,4 +1,4 @@
-#! /opt/local/bin/ruby
+#!/usr/bin/env ruby
 # DESCRIPTION: is part of the flowtag toolkit and generates a flow database from a pcap file
 # Copyright (C) 2007 Christopher Lee
 #

data/bin/ftprintflow

@@ -1,4 +1,4 @@
-#! /opt/local/bin/ruby
+#!/usr/bin/env ruby
 # DESCRIPTION: is part of the flowtag toolkit and prints the contents of an indicated flow
 # FLOWTAG - parses and visualizes pcap data
 # Copyright (C) 2007 Christopher Lee

data/flowtag.gemspec

@@ -0,0 +1,30 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'flowtag/version'
+
+Gem::Specification.new do |spec|
+	spec.name          = "flowtag"
+  spec.version       = Flowtag::VERSION
+	spec.homepage      = "https://rubygems.org/gems/flowtag"
+	spec.license       = "MIT"
+	spec.summary       = %q{FlowTag visualizes pcap files for forensic analysis}
+	spec.description   = %q{presents the user with a GUI interface to visualize and explore flows found from a given pcap file}
+	spec.email         = ["rubygems@chrislee.dhs.org"]
+	spec.authors       = ["chrislee35"]
+	spec.executables   = ["flowtag","ftlistflows","ftpcap2flowdb","ftprintflow"]
+
+	spec.add_runtime_dependency "tk-doubleslider", ">= 0.1.1"
+	spec.add_runtime_dependency "tk-parallelcoordinates", ">= 0.1.1"
+
+	spec.add_development_dependency "bundler", "~> 1.3"
+	spec.add_development_dependency "rake"
+
+	spec.signing_key   = "#{File.dirname(__FILE__)}/../gem-private_key.pem"
+	spec.cert_chain    = ["#{File.dirname(__FILE__)}/../gem-public_cert.pem"]
+
+	spec.require_paths = ["lib"]
+	spec.files         = `git ls-files`.split($/)
+	spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
+	spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
+end

data/lib/flowtag.rb

@@ -1,4 +1,13 @@
-require 'flowtag/flowcanvas'
-require 'flowtag/flowdb'
-require 'flowtag/flowtable'
-require 'flowtag/pcapparser'
+unless Kernel.respond_to?(:require_relative)
+  module Kernel
+    def require_relative(path)
+      require File.join(File.dirname(caller[0]), path.to_str)
+    end
+  end
+end
+
+require_relative 'flowtag/version'
+require_relative 'flowtag/flowcanvas'
+require_relative 'flowtag/flowdb'
+require_relative 'flowtag/flowtable'
+require_relative 'flowtag/pcapparser'

data/lib/flowtag/flowcanvas.rb

@@ -16,7 +16,7 @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 
 require 'date'
-require 'tk-parallel-coordinates'
+require 'tk/parallelcoordinates'
 
 module FlowTag
 	class FlowCanvas
@@ -103,6 +103,7 @@ module FlowTag
 				}
 			]
 			@pcp = Tk::ParallelCoordinates.new(parent, 500, 360, model)
+			@pcp.field_separator = "|"
 			@pcp.set_select_cb( proc { |tuples| cb_select(tuples) } )
 			@flow_keys = {}
 			@pkt_low = @byte_low = @pkt_high = @byte_high = @time_high = 0
@@ -117,7 +118,7 @@ module FlowTag
 				@time_low = fl[FlowDB::ST] if fl[FlowDB::ST] < @time_low
 				@time_high = fl[FlowDB::ST] if fl[FlowDB::ST] > @time_high
 				next if skip
-				@pcp.addtuple(key,Tk::ParallelCoordinates::STATE_NORMAL,[fl[FlowDB::DP],fl[FlowDB::SIP]])
+				@pcp.addtuple([fl[FlowDB::DP],fl[FlowDB::SIP]])
 			end
 		end
 	end

data/lib/flowtag/version.rb

@@ -0,0 +1,3 @@
+module Flowtag
+  VERSION = "2.1.3"
+end

data/test/helper.rb

@@ -0,0 +1,3 @@
+require 'test/unit'
+require 'tk'
+require File.expand_path('../../lib/flowtag.rb', __FILE__)

data/test/test.pcap.tags

@@ -0,0 +1 @@
+192.168.44.100|72.14.207.99|50697|80|

data/test/test_flowtag.rb

@@ -0,0 +1,81 @@
+unless Kernel.respond_to?(:require_relative)
+  module Kernel
+    def require_relative(path)
+      require File.join(File.dirname(caller[0]), path.to_str)
+    end
+  end
+end
+
+require_relative 'helper'
+
+class TestFlowtag < Test::Unit::TestCase	
+	#should "create a flowdb from the test.pcap and dump the flows" do
+	def test_create_flowdb
+		File.unlink('test/test.pcap.flows') if File.exists?('test/test.pcap.flows')
+		File.unlink('test/test.pcap.pkts') if File.exists?('test/test.pcap.pkts')
+		File.unlink('test/test.pcap.tags') if File.exists?('test/test.pcap.tags')
+		fdb = FlowTag::FlowDB.new('test/test.pcap')
+		assert(File.exists?('test/test.pcap.flows'))
+		assert(File.exists?('test/test.pcap.pkts'))
+		assert(File.exists?('test/test.pcap.tags'))
+		fdb.dumpflows
+	end
+	
+	#should "get the first pktid of the test.pcap" do
+	def test_get_first_pktid
+		flow = ['192.168.44.100', '72.14.207.99', 50697, 80]
+		fdb = FlowTag::FlowDB.new('test/test.pcap')
+		pid = fdb.getfirstpktid(*flow)
+		assert_equal(0,pid)
+	end
+	
+	#should "return no tags for the first flow" do
+	def test_return_no_tags_for_first_flow
+		flow = ['192.168.44.100', '72.14.207.99', 50697, 80]
+		fdb = FlowTag::FlowDB.new('test/test.pcap')
+		tags = fdb.getflowtags(flow)
+		assert_equal(0,tags.length)
+	end
+	
+	#should "get all flows tagged with test should be empty" do
+	def test_get_all_flows_tagged_with_test_should_be_empty
+		fdb = FlowTag::FlowDB.new('test/test.pcap')
+		flows = fdb.flows_taggedwith("test")
+		assert_equal(0,flows.length)
+	end
+	
+	#should "tag the first flow with test and retrieve it" do
+	def test_tag_the_first_flow_with_test_and_retrieve_it
+		flow = ['192.168.44.100', '72.14.207.99', 50697, 80]
+		fdb = FlowTag::FlowDB.new('test/test.pcap')
+		fdb.tag_flow(flow,["test"])
+		flows = fdb.flows_taggedwith("test")
+		assert_equal(1,flows.length)
+	end
+	
+	#should "write the tags database and reload" do
+	def test_write_tags_database_and_reload
+		flow = ['192.168.44.100', '72.14.207.99', 50697, 80]
+		fdb = FlowTag::FlowDB.new('test/test.pcap')
+		fdb.tag_flow(flow,["test"])
+		fdb.writetagdb
+		fdb = FlowTag::FlowDB.new('test/test.pcap')
+		flows = fdb.flows_taggedwith("test")
+		assert_equal(1, flows.length)
+		fdb.tag_flow(flow,[])
+		fdb.writetagdb
+		fdb = FlowTag::FlowDB.new('test/test.pcap')
+		flows = fdb.flows_taggedwith("test")
+		assert_equal(0, flows.length)
+	end
+	
+	#should "list all the tags and receive one, test" do
+	def test_list_all_tags_and_receive_test
+		flow = ['192.168.44.100', '72.14.207.99', 50697, 80]
+		fdb = FlowTag::FlowDB.new('test/test.pcap')
+		fdb.tag_flow(flow,["test"])
+		tags = fdb.tags
+		assert_equal(1, tags.length)
+		assert_equal("test", tags[0])
+	end
+end

metadata

@@ -1,205 +1,172 @@
---- !ruby/object:Gem::Specification 
+--- !ruby/object:Gem::Specification
 name: flowtag
-version: !ruby/object:Gem::Version 
-  prerelease: false
-  segments: 
-  - 2
-  - 1
-  - 2
-  version: 2.1.2
+version: !ruby/object:Gem::Version
+  version: 2.1.3
+  prerelease: 
 platform: ruby
-authors: 
-- Chris Lee
+authors:
+- chrislee35
 autorequire: 
 bindir: bin
-cert_chain: 
-- |
-  -----BEGIN CERTIFICATE-----
-  MIIDYjCCAkqgAwIBAgIBADANBgkqhkiG9w0BAQUFADBXMREwDwYDVQQDDAhydWJ5
-  Z2VtczEYMBYGCgmSJomT8ixkARkWCGNocmlzbGVlMRMwEQYKCZImiZPyLGQBGRYD
-  ZGhzMRMwEQYKCZImiZPyLGQBGRYDb3JnMB4XDTExMDIyNzE1MzAxOVoXDTEyMDIy
-  NzE1MzAxOVowVzERMA8GA1UEAwwIcnVieWdlbXMxGDAWBgoJkiaJk/IsZAEZFghj
-  aHJpc2xlZTETMBEGCgmSJomT8ixkARkWA2RoczETMBEGCgmSJomT8ixkARkWA29y
-  ZzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALNM1Hjs6q58sf7Jp64A
-  vEY2cnRWDdFpD8UWpwaJK5kgSHOVgs+0mtszn+YlYjmx8kpmuYpyU4g9mNMImMQe
-  ow8pVsL4QBBK/1Ozgdxrsptk3IiTozMYA+g2I/+WvZSEDu9uHkKe8pvMBEMrg7RJ
-  IN7+jWaPnSzg3DbFwxwOdi+QRw33DjK7oFWcOaaBqWTUpI4epdi/c/FE1I6UWULJ
-  ZF/Uso0Sc2Pp/YuVhuMHGrUbn7zrWWo76nnK4DTLfXFDbZF5lIXT1w6BtIiN6Ho9
-  Rdr/W6663hYUo3WMsUSa3I5+PJXEBKmGHIZ2TNFnoFIRHha2fmm1HC9+BTaKwcO9
-  PLcCAwEAAaM5MDcwCQYDVR0TBAIwADAdBgNVHQ4EFgQURzsNkZo2rv86Ftc+hVww
-  RNICMrwwCwYDVR0PBAQDAgSwMA0GCSqGSIb3DQEBBQUAA4IBAQBRRw/iNA/PdnvW
-  OBoNCSr/IiHOGZqMHgPJwyWs68FhThnLc2EyIkuLTQf98ms1/D3p0XX9JsxazvKT
-  W/in8Mm/R2fkVziSdzqChtw/4Z4bW3c+RF7TgX6SP5cKxNAfKmAPuItcs2Y+7bdS
-  hr/FktVtT2iAmISRnlEbdaTpfl6N2ZWNT83khV6iOs5xRkX/+0e+GgAv9mE6nqr1
-  AkuDXMhposxcnFZUrZ3UtMPEe/JnyP7Vv6pvr3qtZm8FidFZU91+rX/fwdyBU8RP
-  /5l8uLWXXNt1wEbtu4N1I66LwTK2iRrQZE8XtlgZGbxYDFUkiurq3OafF2YwRs6W
-  6yhklP75
-  -----END CERTIFICATE-----
-
-date: 2012-12-20 00:00:00 -05:00
-default_executable: 
-dependencies: 
-- !ruby/object:Gem::Dependency 
-  prerelease: false
+cert_chain:
+- !binary |-
+  LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURZakNDQWtxZ0F3SUJB
+  Z0lCQURBTkJna3Foa2lHOXcwQkFRVUZBREJYTVJFd0R3WURWUVFEREFoeWRX
+  SjUKWjJWdGN6RVlNQllHQ2dtU0pvbVQ4aXhrQVJrV0NHTm9jbWx6YkdWbE1S
+  TXdFUVlLQ1pJbWlaUHlMR1FCR1JZRApaR2h6TVJNd0VRWUtDWkltaVpQeUxH
+  UUJHUllEYjNKbk1CNFhEVEV6TURVeU1qRXlOVGswTjFvWERURTBNRFV5Ck1q
+  RXlOVGswTjFvd1Z6RVJNQThHQTFVRUF3d0ljblZpZVdkbGJYTXhHREFXQmdv
+  SmtpYUprL0lzWkFFWkZnaGoKYUhKcGMyeGxaVEVUTUJFR0NnbVNKb21UOGl4
+  a0FSa1dBMlJvY3pFVE1CRUdDZ21TSm9tVDhpeGtBUmtXQTI5eQpaekNDQVNJ
+  d0RRWUpLb1pJaHZjTkFRRUJCUUFEZ2dFUEFEQ0NBUW9DZ2dFQkFOY1ByeDhC
+  WmlXSVI5eFdXRzhJCnRxUjUzOHRTMXQrVUo0RlpGbCsxdnJ0VTlUaXVXWDNW
+  ajM3VHdVcGEyZkZremlLMG41S3VwVlRoeUVoY2VtNW0KT0dSanZnclJGYldR
+  SlNTc2NJS09wd3FVUkhWS1JwVjlnVnovSG56azhTK3hvdFVSMUJ1bzNVZ3Ir
+  STFqSGV3RApDZ3IreSt6Z1pidGp0SHNKdHN1dWprT2NQaEVqalVpbmo2OEw5
+  Rno5QmRlSlF0K0lhY2p3QXpVTGl4NmpXQ2h0ClVjK2crMHo4RXNyeWNhMkc2
+  STFHc3JnWDZXSHc4ZHlreVFEVDlkQ3RTMmZsQ093U0MxUjBLNVQveEhXNTRm
+  KzUKd2N3OG1tNTNLTE5lK3RtZ1ZDNlpIeU1FK3FKc0JuUDZ1eEYwYVRFbkdB
+  L2pEQlFEaFFOVEYwWlAvYWJ6eVRzTAp6alVDQXdFQUFhTTVNRGN3Q1FZRFZS
+  MFRCQUl3QURBTEJnTlZIUThFQkFNQ0JMQXdIUVlEVlIwT0JCWUVGTzh3Cith
+  ZVA3VDZrVkpibENnNmV1c09JSTlEZk1BMEdDU3FHU0liM0RRRUJCUVVBQTRJ
+  QkFRQkNReVJKTFhzQm8yRnkKOFc2ZS9XNFJlbVFScmxBdzlESzVPNlU3MUp0
+  ZWRWb2Iyb3ErT2Irem1TK1BpZkUyK0wrM1JpSjJINlZUbE96aQp4K0EwNjFN
+  VVhoR3JhcVZxNEoyRkM4a3Q0RVF5d0FEMFAwVGE1R1UyNENHU0YwOFkzR2tK
+  eTFTYTRYcVRDMllDCm81MXM3SlArdGtDQ3RwVllTZHpKaFRsbGllUkFXQnBH
+  VjFkdGFvZVVLRTZ0WVBNQmtvc3hTUmNWR2N6ay9TYzMKN2VRQ3BleFl5OUps
+  VUJJOXUzQnFJWTlFK2wrTVNuOGloWFNQbXlLMERncmhhQ3Urdm9hU0ZWT1g2
+  WStCNXFibwpqTFhNUXUyWmdJU1l3WE5qTmJHVkhlaHV0ODJVN1U5b2lIb1dj
+  ck9HYXphUlVtR085VFhQK2FKTEgwZ3cyZGNLCkFmTWdsWFBpCi0tLS0tRU5E
+  IENFUlRJRklDQVRFLS0tLS0K
+date: 2013-06-02 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: tk-doubleslider
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: 0.1.1
   type: :runtime
-  name: tk-double-slider
-  version_requirements: &id001 !ruby/object:Gem::Requirement 
-    requirements: 
-    - - ">="
-      - !ruby/object:Gem::Version 
-        segments: 
-        - 0
-        - 1
-        - 0
-        version: 0.1.0
-  requirement: *id001
-- !ruby/object:Gem::Dependency 
   prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: 0.1.1
+- !ruby/object:Gem::Dependency
+  name: tk-parallelcoordinates
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: 0.1.1
   type: :runtime
-  name: tk-parallel-coordinates
-  version_requirements: &id002 !ruby/object:Gem::Requirement 
-    requirements: 
-    - - ">="
-      - !ruby/object:Gem::Version 
-        segments: 
-        - 0
-        - 1
-        - 0
-        version: 0.1.0
-  requirement: *id002
-- !ruby/object:Gem::Dependency 
-  prerelease: false
-  type: :development
-  name: shoulda
-  version_requirements: &id003 !ruby/object:Gem::Requirement 
-    requirements: 
-    - - ">="
-      - !ruby/object:Gem::Version 
-        segments: 
-        - 0
-        version: "0"
-  requirement: *id003
-- !ruby/object:Gem::Dependency 
   prerelease: false
-  type: :development
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: 0.1.1
+- !ruby/object:Gem::Dependency
   name: bundler
-  version_requirements: &id004 !ruby/object:Gem::Requirement 
-    requirements: 
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
     - - ~>
-      - !ruby/object:Gem::Version 
-        segments: 
-        - 1
-        - 2
-        - 3
-        version: 1.2.3
-  requirement: *id004
-- !ruby/object:Gem::Dependency 
-  prerelease: false
+      - !ruby/object:Gem::Version
+        version: '1.3'
   type: :development
-  name: jeweler
-  version_requirements: &id005 !ruby/object:Gem::Requirement 
-    requirements: 
-    - - ~>
-      - !ruby/object:Gem::Version 
-        segments: 
-        - 1
-        - 8
-        - 4
-        version: 1.8.4
-  requirement: *id005
-- !ruby/object:Gem::Dependency 
   prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ~>
+      - !ruby/object:Gem::Version
+        version: '1.3'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
   type: :development
-  name: rcov
-  version_requirements: &id006 !ruby/object:Gem::Requirement 
-    requirements: 
-    - - ">="
-      - !ruby/object:Gem::Version 
-        segments: 
-        - 0
-        version: "0"
-  requirement: *id006
-- !ruby/object:Gem::Dependency 
-  prerelease: false
-  type: :runtime
-  name: tk-double-slider
-  version_requirements: &id007 !ruby/object:Gem::Requirement 
-    requirements: 
-    - - ">="
-      - !ruby/object:Gem::Version 
-        segments: 
-        - 0
-        - 1
-        - 0
-        version: 0.1.0
-  requirement: *id007
-- !ruby/object:Gem::Dependency 
   prerelease: false
-  type: :runtime
-  name: tk-parallel-coordinates
-  version_requirements: &id008 !ruby/object:Gem::Requirement 
-    requirements: 
-    - - ">="
-      - !ruby/object:Gem::Version 
-        segments: 
-        - 0
-        - 1
-        - 0
-        version: 0.1.0
-  requirement: *id008
-description: presents the user with a GUI interface to visualize and explore flows found from a given pcap file
-email: rubygems@chrislee.dhs.org
-executables: 
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+description: presents the user with a GUI interface to visualize and explore flows
+  found from a given pcap file
+email:
+- rubygems@chrislee.dhs.org
+executables:
 - flowtag
 - ftlistflows
 - ftpcap2flowdb
 - ftprintflow
 extensions: []
-
-extra_rdoc_files: 
+extra_rdoc_files: []
+files:
+- .gitignore
+- Gemfile
 - LICENSE.txt
-- README.rdoc
-files: 
+- README.md
+- Rakefile
 - bin/flowtag
 - bin/ftlistflows
 - bin/ftpcap2flowdb
 - bin/ftprintflow
+- flowtag.gemspec
 - lib/flowtag.rb
 - lib/flowtag/flowcanvas.rb
 - lib/flowtag/flowdb.rb
 - lib/flowtag/flowtable.rb
 - lib/flowtag/pcapparser.rb
-- LICENSE.txt
-- README.rdoc
-has_rdoc: true
+- lib/flowtag/version.rb
+- test/helper.rb
+- test/test.pcap
+- test/test.pcap.flows
+- test/test.pcap.pkts
+- test/test.pcap.tags
+- test/test_flowtag.rb
 homepage: https://rubygems.org/gems/flowtag
-licenses: 
+licenses:
 - MIT
 post_install_message: 
 rdoc_options: []
-
-require_paths: 
+require_paths:
 - lib
-required_ruby_version: !ruby/object:Gem::Requirement 
-  requirements: 
-  - - ">="
-    - !ruby/object:Gem::Version 
-      segments: 
-      - 0
-      version: "0"
-required_rubygems_version: !ruby/object:Gem::Requirement 
-  requirements: 
-  - - ">="
-    - !ruby/object:Gem::Version 
-      segments: 
-      - 0
-      version: "0"
+required_ruby_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  none: false
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
 requirements: []
-
 rubyforge_project: 
-rubygems_version: 1.3.6
+rubygems_version: 1.8.25
 signing_key: 
 specification_version: 3
 summary: FlowTag visualizes pcap files for forensic analysis
-test_files: []
-
+test_files:
+- test/helper.rb
+- test/test.pcap
+- test/test.pcap.flows
+- test/test.pcap.pkts
+- test/test.pcap.tags
+- test/test_flowtag.rb