packetman 0.1.0 → 0.1.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: d179b4712440f17879c705887caeec69fd857517
-  data.tar.gz: 7879478eab7e6ecca5d75bff051a5dcad4006465
+  metadata.gz: d3819b6864ab2d131bcd29e65c79a02123a1d4b4
+  data.tar.gz: 7de18ca9f2f368755393dbc6c0d3b4edfb34a019
 SHA512:
-  metadata.gz: 59f189ec8d961cc829938163d21daffea43b4ce14f5b0487d49339ad59abf6cbefabfbb5254e2b949132987ee06df4b584664d9e0d1f7973c33835c1328cd59a
-  data.tar.gz: 4e6b9134085f93800d07dd8a5e218c48d1c25260832b837c4f2e4fc365545234589232e0af344b8e1687eb90f6aa93d91875a341cfcf1165c1bec3d2341fd3a5
+  metadata.gz: f70eb13025b20f23690c6d0b169bb165a7ea035597bd863a5bb1279711eb1f40f54fe393e0611715b980f460e5d899f2ddf92a8ce2806544d70f26d3cf0599e8
+  data.tar.gz: 3f2df4b4ee6be9f721195aa661b8ae91bf7aeccd77c8935fa6b51464c872e345206c103af7898342f102ddc55859ddb300642a5420b1e7831b24585f3b378dcb

data/README.md

@@ -2,7 +2,7 @@
 
 Advanced tcpdump and Wireshark capture generator.
 
-[![Code Climate](https://codeclimate.com/github/jescholl/packetman/badges/gpa.svg)](https://codeclimate.com/github/jescholl/packetman) [![Test Coverage](https://codeclimate.com/github/jescholl/packetman/badges/coverage.svg)](https://codeclimate.com/github/jescholl/packetman/coverage) [![Circle CI](https://circleci.com/gh/jescholl/packetman.svg?style=svg)](https://circleci.com/gh/jescholl/packetman)
+[![Gem Version](https://badge.fury.io/rb/packetman.svg)](http://badge.fury.io/rb/packetman) [![Code Climate](https://codeclimate.com/github/jescholl/packetman/badges/gpa.svg)](https://codeclimate.com/github/jescholl/packetman) [![Test Coverage](https://codeclimate.com/github/jescholl/packetman/badges/coverage.svg)](https://codeclimate.com/github/jescholl/packetman/coverage) [![Circle CI](https://circleci.com/gh/jescholl/packetman.svg?style=svg)](https://circleci.com/gh/jescholl/packetman)
 
 Packetman is a packet capture filter generator modeled after [Wireshark's String-Matching Capture Filter Generator](https://www.wireshark.org/tools/string-cf.html) but with a lot more features allowing much finer control over the packets you see.
 

data/config/protocols.yml

@@ -1,35 +1,29 @@
 ---
-transport:
-  tcp:
-    table:
-      Source Port: 16
-      Destination Port: 16
-      Sequence Number: 32
-      Acknowledgement Number: 32
-      Data Offset: 4
-      RESERVED: 3
-      ECN: 3
-      Control Bits: 6
-      Window: 16
-      Checksum: 16
-      Urgent Pointer: 16
-      Options and Padding: 32
-    payload_query: '((tcp[12:1] & 0xf0) >> 2)'
-  udp:
-    table:
-      Source Port: 16
-      Destination Port: 16
-      Length: 16
-      Checksum: 16
-    payload_query: 8
-  icmp:
-    table:
-      Type: 8
-      Code: 8
-      Checksum: 16
-      Type Specific Options: 32
-application:
-  http:
-    transport_protocol: tcp
-  dns:
-    transport_protocol: tcp
+tcp:
+  table:
+    Source Port: 16
+    Destination Port: 16
+    Sequence Number: 32
+    Acknowledgement Number: 32
+    Data Offset: 4
+    RESERVED: 3
+    ECN: 3
+    Control Bits: 6
+    Window: 16
+    Checksum: 16
+    Urgent Pointer: 16
+    Options and Padding: 32
+  payload_query: '((tcp[12:1] & 0xf0) >> 2)'
+udp:
+  table:
+    Source Port: 16
+    Destination Port: 16
+    Length: 16
+    Checksum: 16
+  payload_query: 8
+icmp:
+  table:
+    Type: 8
+    Code: 8
+    Checksum: 16
+    Type Specific Options: 32

data/lib/packetman.rb

@@ -15,10 +15,5 @@ module Packetman
     def config!
       @config = Config.new
     end
-
-    def user_input(prompt)
-      puts prompt
-      gets
-    end
   end
 end

data/lib/packetman/compose.rb

@@ -6,7 +6,7 @@ module Packetman
       @input = input
       @radix = radix
     end
-    
+
     def desired_length
       ((@input.length + config.offset)/8.to_f).ceil*8 - config.offset
     end
@@ -15,7 +15,7 @@ module Packetman
       (radix.nil?) ? 8 : Math.log2(radix).to_i
     end
 
-    def mask
+    def mask_bits
       shift(@input.scan(/./).map{ |c| mask_chr(c) }.join)
     end
 
@@ -27,7 +27,7 @@ module Packetman
       input.ljust(desired_length, '0')
     end
 
-    def search
+    def search_bits
       shift(@input.scan(/./).map{ |c| bin_chr(c) }.join)
     end
 
@@ -54,20 +54,18 @@ module Packetman
     end
 
     def mask_hex
-      hex_encode(mask)
+      hex_encode(mask_bits)
     end
 
     def search_hex
-      hex_encode(search)
+      hex_encode(search_bits)
     end
 
     def hex_encode(bin_str)
-      bin_str.reverse.scan(/.{1,4}/).map{ |chunk| chunk.reverse.to_i(2).to_s(16) }.reverse.join.scan(/.{1,8}/).map{ |hex| hex.prepend('0x') }
+      bin_str.reverse.scan(/.{1,4}/).map{ |chunk| chunk.reverse.to_i(2).to_s(16) }.reverse.join.scan(/.{8}|.{4}|.{2}/).map{ |hex| hex.prepend('0x') }
     end
 
-    def full_bit_length(num, radix=nil)
-      return num.to_i(radix).to_s(radix).length * bit_density(radix) if radix
-      
+    def bit_length(num)
       case num
       when /^0x/
         $'.length * bit_density(16)
@@ -78,20 +76,18 @@ module Packetman
       end
     end
 
-    def start_byte(position)
-      "#{config.payload_query} + #{(config.offset + position)/8}"
+    def start_byte(bit_position)
+      [config.payload_query, (config.offset + bit_position)/8].compact.join(' + ')
     end
 
-    def to_s
-      clauses = []
-      position = 0
-      search_hex.zip(mask_hex).each_with_index do |(hex_search, hex_mask),i|
-        search_bit_length = full_bit_length(hex_search)
-        clauses << "#{config.transport}[#{start_byte(position)}:#{search_bit_length/8}] & #{hex_mask} = #{hex_search}"
-        position += search_bit_length
-      end
+    def data_address(start_bit, bit_length)
+      "#{config.transport}[#{start_byte(start_bit)}:#{bit_length/8}]"
+    end
 
-      clauses.join(' && ')
+    def to_s
+      search_hex.zip(mask_hex).map.with_index do |(search, mask),i|
+        "#{data_address(i*32, bit_length(search))} & #{mask} = #{search}"
+      end.join(' && ')
     end
   end
 end

data/lib/packetman/config.rb

@@ -2,16 +2,12 @@ require 'optparse'
 
 module Packetman
   class Config
-    attr_accessor :transport, :application, :offset_units, :offset_type, :allow_wildcards, :radix
+    attr_accessor :transport, :application, :use_bytes, :allow_wildcards, :radix, :start_with_transport
     attr_writer :offset
 
     def initialize
       @transport = "tcp"
-      @application = "http"
       @offset = 0
-      @offset_units = "bits"
-      @offset_type = "application"
-      @allow_wildcards = true
     end
 
     def protocols
@@ -19,17 +15,11 @@ module Packetman
     end
 
     def payload_query
-      case offset_type
-      when "application"
-        protocols['transport'][transport.to_s]['payload_query']
-      else
-        "0"
-      end
+      protocols[transport]['payload_query'] unless start_with_transport
     end
 
     def offset
-      case offset_units
-      when "bytes"
+      if use_bytes
         @offset*8
       else
         @offset
@@ -39,14 +29,13 @@ module Packetman
     def parse_opts
       @opts ||= OptionParser.new do |opt|
         opt.banner = "Usage: #{File.basename($PROGRAM_NAME)} [OPTIONS] FILTER_STRING"
-        opt.on("-t", "--transport [PROTO]", protocols['transport'].keys, "Transport Protocol (#{protocols['transport'].keys.join(',')})") {|v| self.transport = v }
-        opt.on("-a", "--application [PROTO]", protocols['application'].keys, "Application protocol (#{protocols['application'].keys.join(',')})") { |v| self.application = v }
-        #opt.on("-a", "--application [PROTO]", String, "Application Protocol (http|dns|icmp)") {|v| self.application = v }
+        opt.on("-p", "--protocol [PROTO]", protocols.keys, "Transport Protocol (#{protocols.keys.join(',')})") {|v| self.transport = v }
+        opt.on("-t", "--transport", "OFFSET starts at transport header instead of data payload") { |v| self.start_with_transport = v }
         opt.on("-r", "--radix [RADIX]", Integer, "Treat FILTER_STRING as RADIX instead of String") {|v| self.radix = v; }
         opt.on("-o", "--offset [OFFSET]", Integer, "Offset in bits") {|v| self.offset = v; }
-        opt.on("-b", "--byte-offset", "Use 8-bit bytes instead of bits for offset") { |v| self.offset_units = "bytes" }
-        opt.on("-O", "--offset-type [TYPE]", ["application", "transport"], "Begin offset at the application/transport header.") { |v|  self.offset_type = v }
-        opt.on("--[no-]wildcards", "Allow '?' wildcards") { |v| self.allow_wildcards = v }
+        opt.on("-b", "--byte-offset", "Use 8-bit bytes instead of bits for offset") { |v| self.use_bytes = v }
+        opt.on("-w", "--wildcards", "Allow '?' wildcards") { |v| self.allow_wildcards = v }
+        opt.on("-v", "--version", "Show version") { puts Packetman::VERSION; exit }
       end
 
       @opts.parse!
@@ -54,17 +43,6 @@ module Packetman
       raise "Invalid command line arguments" if ARGV.size != 1
 
       ARGV.pop
-
-
-#      if transport !~ /tcp|udp/i ||
-#        application !~ /http|dns|icmp/i
-#        raise "invalid options"
-#      end
-#
-#      if offset_units == :bits
-#        offset /= 8.to_f
-#        offset_units = :octets
-#      end
     end
 
   end

data/lib/packetman/config_methods.rb

@@ -7,5 +7,9 @@ module Packetman
     def config
       Packetman.config
     end
+
+    def protocols
+      config.protocols
+    end
   end
 end

data/lib/packetman/table.rb

@@ -44,7 +44,7 @@ module Packetman
     def to_s
       output = horizontal_bar + header_row + horizontal_bar
 
-      config.protocols['transport'][config.transport]['table'].each do |label, size|
+      protocols[config.transport]['table'].each do |label, size|
         output += sprintf "%s%.#{cell_size(size)}s", line_v, label.center(cell_size(size))
         if output.split("\n").last.length == (table_width - 1)
           output += line_v + "\n"

data/lib/packetman/version.rb

@@ -1,3 +1,3 @@
 module Packetman
-  VERSION = "0.1.0"
+  VERSION = "0.1.1"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: packetman
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 0.1.1
 platform: ruby
 authors:
 - Jason Scholl
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2015-09-20 00:00:00.000000000 Z
+date: 2015-11-04 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: bundler
@@ -110,7 +110,6 @@ files:
 - lib/packetman/table.rb
 - lib/packetman/version.rb
 - packetman.gemspec
-- packetman_notes
 homepage: https://github.com/jescholl/packetman
 licenses:
 - MIT
@@ -131,7 +130,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.4.5
+rubygems_version: 2.4.5.1
 signing_key: 
 specification_version: 4
 summary: Advanced tcpdump and Wiresharp filter generator.

data/packetman_notes

@@ -1,156 +0,0 @@
-7a 
-1111010
-
-#NOTE: I think this is wrong
-# also, maybe I don't need to worry about the bits bing aligned on the byte, just on the bit, as long as it's what the user asked for
-
-hex and string need to be 0 padded on the left
-binary needs to fill to the right to hex encode, starting at the offset bit
-
-Packetman.compose3("0b1111", 3)
-1111
-(fill right to ((4+3)/8.to_f).ceil*8 = 8 )
-11110000
-(shift mask and search >> 3)
-00011110
-00011110
-(sample byte sequence)
-00011111
-
-Packetman.compose3("0b1111010", 3)
-1111010
-(fill right to ((7+3)/8.to_f).ceil*8 = 16)
-11110100 00000000
-(shift mask and search >> 3)
-00011111 11000000
-00011110 10000000
-(sample byte sequence)
-00011110 10101010
-
-
-Packetman.compose3("0b1111010????????", 3)
-1111010? ???????
-(fill right to ((15+3)/8.to_f).ceil*8 = 24)
-1111010? ???????0 00000000
-(shift mask and search >> 3)
-00011111 11000000 00000000
-00011110 10000000 00000000
-(sample byte sequence)
-00011110 10101010 10101010
-
-Packetman.compose3("0x123",3)
-100100011
-(left fill to 12 first, or manual right fill with 16-12)
-(fill right to ((3*4)+3)/8.to_f).ceil*8 = 16)
-00010010 00110000
-(shift mask and search >> 3)
-00000011 11111110
-00000010 01000110
-(sample byte sequence)
-00000010 01000111
-
-
-
-
-Packetman.compose3("0xa",3)
-"((tcp[0:1] & 0xa) >>  1) = 0xa"
-1010
-(generate shifted mask)
-00011110
-(generate shifted search)
-00010100
-(sample byte sequence)
-10010101
-
-0b00011110 & 0b10010101 == 0x14
-
-
-
-
-
-
-Packetman.compose3("0b001010010", 3)
-"((tcp[0:2] & 0x1ff0) >> 4 = 0x52"
-001010010
-(generate shifted mask)
-(turn preceding 0s to 1s)
-(left shift (((binlen)+3)/8.to_f).ceil*8 - binlen - 3)
-1111111110000
-(generate shifted search - same as above)
-0010100100000
-(sample byte sequence)
-0010100101010
-
-0b0010100101010 & 1111111110000 == 0b0010100100000
-
-
-Packetman.compose3("0b00??1010?111?00010101??10101010?????1010111110???111110101001111010101??????????10100101010100011???????", 5)
-00??1010?111?00010101??10101010?????1010111110???111110101001111010101??????????10100101010100011???????
-(generate search str - replace ?s with 0s)
-00001010011100001010100101010100000010101111100001111101010011110101010000000000101001010101000110000000
-(generate shifted mask)
-(turn preceding 0s to 1s)
-(left shift (((binlen)+5)/8.to_f).ceil*8 - binlen - 5)
-11001111011101111111100111111110000011111111110001111111111111111111110000000000111111111111111110000000000
-11001111011101111111100111111110000011111111110001111111111111111111110000000000111111111111111110000000
-(generate shifted search - same as above)
-00001010011100001010100101010100000010101111100001111101010011110101010000000000101001010101000110000000000
-(sample byte sequence)
-00011010011100001010111101010101100110101111100101111101010011110101010010101001101001010101000110110100101
-
-00011010011100001010111101010101100110101111100101111101010011110101010010101001101001010101000110110100101 &
-11001111011101111111100111111110000011111111110001111111111111111111110000000000111111111111111110000000000 ==
-00001010011100001010100101010100000010101111100001111101010011110101010000000000101001010101000110000000000
-
-
-# NOTE
-
-instead of shifting the product of (mask & input), shift search
-this makes the form
-"tcp[0:1] & mask = shifted_search"
-
-
-Packetman.compose3("0xa",1)
-"((tcp[0:1] & 0x78) >> 3) = 0xa"
-1010
-(generate shifted mask)
-(left shift (((hexlen*4)+1)/8.to_f).ceil*8 - hexlen*4 - 1)
-(use length of mask to determine how much data to take)
-01111000
-(sample byte sequence)
-11010101
-
-(0b01111000 & 0b11010101) >> 3 == 0xa
-
-
-Packetman.compose3("0x123", 3)
-"((tcp[0:2] & 0x1ffe) >> 1) = 0x123"
-100100011
-(hex: left fill with 1s to hexlen*4) 
-111100100011
-(generate shifted mask)
-(left shift (((hexlen*4)+3)/8.to_f).ceil*8 - hexlen*4 - 3)
-(use length of mask to determine how much data to take)
-0001111111111110
-(sample byte sequence)
-1000001001000111
-
-(0b1000001001000111 & 0b0001111111111110) >> 1 == 0x123
-
-Packetman.compose3("abc", 3)
-"((tcp[0:4] & 0x1fffffe0 >> 5) = 0x616263"
-11000010110001001100011
-(str: left fill with 1s to len*8)
-111000010110001001100011
-(generate shifted mask)
-(left shift (((strlen*8)+3)/8.to_f).ceil*8 - strlen*8 - 3)
-(use length of mask to determine how much data to take)
-00011111 11111111 11111111 11100000
-(sample byte sequence)
-10101100 00101100 01001100 01110101
-
-(0b10101100001011000100110001110101 & 0b00011111111111111111111111100000) >> 5 == 0b11000010110001001100011
-
-
-
-