packetman 0.1.2 → 0.1.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: a30c3ba57b035cf5927580b722a5651aefc55317
-  data.tar.gz: 68c4aa0507610985b538da8e6b8b432ffbd6aa49
+  metadata.gz: 6ee06237cff9b2ffb77984c3d3ed1447e9fe4ba8
+  data.tar.gz: 58b85bd5f40726dbe58271425c6247556659dcfe
 SHA512:
-  metadata.gz: 976a934d36e13ceb1593728d7067198bbbe78d036da0a600ffa58703483709ca35c813feb3198aa3575ed9f6c9ca680a96572c31a05358ee542438c5d248fec3
-  data.tar.gz: 727bf261f5a87940af9abd8e636272dce8d1e2de7746976b2079b2b6dff2717da849fbd780b0da17df47ee2fed1a981f48ae0e7ce7cdb52ad7e61cd532f8354f
+  metadata.gz: cfa7fe1df88846174e93d98003b4399da5b97162b3ccf8c9a23895d87e4d16a69da654c1da5772dd98eb0ce06afe97033b1adbb36913e3e1c470efd3a3dfe964
+  data.tar.gz: 48890d5a660428531b7d17f6338bcba85f142ec6b76ce09519632fddd2a7536f9079432e89065f817a5de5a1e07fc997bd24e3ee5ec9b45c5d70211314353a68

data/README.md

@@ -1,6 +1,6 @@
 # Packetman
 
-Advanced tcpdump and Wireshark capture generator.
+Advanced tcpdump and Wireshark filter string generator.
 
 [![Gem Version](https://badge.fury.io/rb/packetman.svg)](http://badge.fury.io/rb/packetman)
 [![Test Coverage](https://codeclimate.com/github/jescholl/packetman/badges/coverage.svg)](https://codeclimate.com/github/jescholl/packetman/coverage)
@@ -38,7 +38,40 @@ Or install it yourself as:
 
 ## Usage
 
-TODO: Write usage instructions here
+    $ packetman -h
+    
+    Usage: packetman [OPTIONS] FILTER_STRING
+        -p, --protocol PROTO             Transport Protocol (tcp,udp,icmp)
+        -t, --transport                  OFFSET starts at transport header instead of data payload
+        -r, --radix RADIX                Treat FILTER_STRING as RADIX instead of String
+        -o, --offset OFFSET              Offset in bits
+        -b, --byte-offset                Use 8-bit bytes instead of bits for offset
+        -w, --wildcard [CHARACTER=?]     Treat CHARACTER as single-character wildcard
+        -v, --version                    Show version
+
+Create and use a filter string to capture all HTTP GET requests to `/foo/bar`
+
+    $ sudo tcpdump -nA `packetman GET /foo/bar`
+    tcpdump: data link type PKTAP
+    tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
+    listening on pktap, link-type PKTAP (Packet Tap), capture size 262144 bytes
+    16:49:04.516409 IP 127.0.0.1.54662 > 127.0.0.1.80: Flags [P.], seq 1488105913:1488105994, ack 1397163988, win 4121, options [nop,nop,TS val 875380202 ecr 2751916352], length 81: HTTP: GET /foo/bar HTTP/1.1
+    .....b....j...E.....@.@..S..
+    ..:.....PX...SG......75.....
+    4-=....@GET /foo/bar HTTP/1.1
+    Host: localhost
+    User-Agent: curl/7.43.0
+    Accept: */*
+
+Hexadecimal string with wildcards
+
+    $ packetman -r 16 -w '?' "A8C401???C200A"
+    tcp[((tcp[12:1] & 0xf0) >> 2) + 0:4] & 0xffffff00 = 0xa8c40100 && tcp[((tcp[12:1] & 0xf0) >> 2) + 4:2] & 0x0fff = 0x0c20 && tcp[((tcp[12:1] & 0xf0) >> 2) + 6:1] & 0xff = 0x0a
+
+Base 4 string with wildcards and offset beginning at start of the TCP header
+
+    $ packetman -t -o 3 -r 4 -w i 1223iiii2212
+    tcp[0:4] & 0x1fe01fe0 = 0x0d6014c0
 
 ## Development
 

data/config/protocols.yml

@@ -1,29 +1,56 @@
 ---
 tcp:
   table:
-    Source Port: 16
-    Destination Port: 16
-    Sequence Number: 32
-    Acknowledgement Number: 32
-    Data Offset: 4
-    RESERVED: 3
-    ECN: 3
-    Control Bits: 6
-    Window: 16
-    Checksum: 16
-    Urgent Pointer: 16
-    Options and Padding: 32
+  - - :value: Source Port
+      :colspan: 16
+    - :value: Destination Port
+      :colspan: 16
+  - :separator
+  - - :value: Sequence Number
+      :colspan: 32
+  - :separator
+  - - :value: Acknowledgement Number
+      :colspan: 32
+  - :separator
+  - - :value: Data Offset
+      :colspan: 4
+    - :value: RESERVED
+      :colspan: 3
+    - :value: ECN
+      :colspan: 3
+    - :value: Control Bits
+      :colspan: 6
+    - :value: Window
+      :colspan: 16
+  - :separator
+  - - :value: Checksum
+      :colspan: 16
+    - :value: Urgent Pointer
+      :colspan: 16
+  - :separator
+  - - :value: Options and Padding
+      :colspan: 32
   payload_query: '((tcp[12:1] & 0xf0) >> 2)'
 udp:
   table:
-    Source Port: 16
-    Destination Port: 16
-    Length: 16
-    Checksum: 16
+  - - :value: Source Port
+      :colspan: 16
+    - :value: Destination Port
+      :colspan: 16
+  - :separator
+  - - :value: Length
+      :colspan: 16
+    - :value: Checksum
+      :colspan: 16
   payload_query: 8
 icmp:
   table:
-    Type: 8
-    Code: 8
-    Checksum: 16
-    Type Specific Options: 32
+  - - :value: Type
+      :colspan: 8
+    - :value: Code
+      :colspan: 8
+    - :value: Checksum
+      :colspan: 16
+  - :separator
+  - - :value: Type Specific Options
+      :colspan: 32

data/exe/packetman

@@ -1,6 +1,8 @@
 #!/usr/bin/env ruby
 require 'packetman'
 
-search_str = Packetman.config.parse_opts
+catch :exit do
+  search_str = Packetman.config.parse_opts
 
-puts Packetman::Filter.new(search_str)
+  puts Packetman::Filter.new(search_str)
+end

data/lib/packetman/clause.rb

@@ -2,24 +2,31 @@ module Packetman
   class Clause
     include ConfigMethods
 
-    attr_accessor :search, :mask, :offset
+    attr_accessor :search, :mask, :start_bit
 
-    def initialize(search, mask, offset)
+    def initialize(search, mask, start_bit)
       self.search = search
       self.mask = mask
-      self.offset = offset
+      self.start_bit = start_bit
     end
 
-    def start_byte(start_bit)
-      "#{config.payload_query} + #{(config.offset_bits + start_bit)/8}"
+    # Address of first byte
+    def start_byte
+      [config.payload_query, (config.offset_bits + start_bit)/8].compact.join(' + ')
     end
 
-    def data_address(start_bit, data_bits)
-      "#{config.transport}[#{start_byte(start_bit)}:#{data_bits/8}]"
+    def num_bytes
+      Filter.bit_length(search)/8
     end
 
+    # Full address of the query data (eg. `tcp[0:4]`)
+    def data_address
+      "#{config.transport}[#{start_byte}:#{num_bytes}]"
+    end
+
+    # The whole filter clause fully assembled
     def to_s
-      "#{data_address(offset, Filter.bit_length(search))} & #{mask} = #{search}"
+      "#{data_address} & #{mask} = #{search}"
     end
 
   end

data/lib/packetman/config.rb

@@ -2,11 +2,12 @@ require 'optparse'
 
 module Packetman
   class Config
-    attr_accessor :transport, :application, :use_bytes, :radix, :start_with_transport, :offset, :wildcard
+    attr_accessor :transport, :application, :offset_type, :radix, :start_with_transport, :offset, :wildcard
 
     def initialize
-      @transport = "tcp"
-      @offset = 0
+      self.transport = "tcp"
+      self.offset = 0
+      self.offset_type = :bits
     end
 
     def protocols
@@ -18,7 +19,7 @@ module Packetman
     end
 
     def offset_bits
-      if use_bytes
+      if offset_type == :bytes
         offset*8
       else
         offset
@@ -28,22 +29,24 @@ module Packetman
     def opts
       @opts ||= OptionParser.new do |opt|
         opt.banner = "Usage: #{File.basename($PROGRAM_NAME)} [OPTIONS] FILTER_STRING"
-        opt.on("-p", "--protocol PROTO", protocols.keys, "Transport Protocol ( #{protocols.keys.join(',')})") { |v| self.transport = v }
+        opt.on("-p", "--protocol PROTO", protocols.keys, "Transport Protocol (#{protocols.keys.join(',')})") { |v| self.transport = v }
         opt.on("-t", "--transport", "OFFSET starts at transport header instead of data payload") { |v| self.start_with_transport = v }
         opt.on("-r", "--radix RADIX", Integer, "Treat FILTER_STRING as RADIX instead of String") { |v| self.radix = v }
         opt.on("-o", "--offset OFFSET", Integer, "Offset in bits") { |v| self.offset = v }
-        opt.on("-b", "--byte-offset", "Use 8-bit bytes instead of bits for offset") { |v| self.use_bytes = v }
-        opt.on("-w", "--wildcard [CHARACTER=?]", "Treat CHARACTER as single-character wildcard") { |v| raise "invalid wildcard" if v.to_s.length > 1; self.wildcard = v || '?' }
-        opt.on("-v", "--version", "Show version") { puts Packetman::VERSION; exit }
+        opt.on("-b", "--byte-offset", "Use 8-bit bytes instead of bits for offset") { |v| self.offset_type = :bytes if v }
+        opt.on("-w", "--wildcard CHARACTER", "Treat CHARACTER as single-character wildcard") { |v| raise "invalid wildcard" if v.to_s.length > 1; self.wildcard = v }
+        opt.on("--table", "Show transport header table") { puts Packetman::Table.new; throw :exit }
+        opt.on("-v", "--version", "Show version") { puts Packetman::VERSION; throw :exit }
       end
     end
 
-
     def parse_opts
-      filter_str = ARGV.pop
-      raise "Invalid command line arguments" unless filter_str
-      opts.parse!
-      filter_str
+      unparsed_opts = opts.parse!
+      if unparsed_opts.length < 1
+        puts opts
+        throw :exit
+      end
+      unparsed_opts.join(" ")
     end
 
   end

data/lib/packetman/filter.rb

@@ -13,33 +13,36 @@ module Packetman
       case num
       when /^0x/
         $'.length * bit_density(16)
-      when /^0b/
-        $'.length * bit_density(2)
       else
         nil
       end
     end
 
     def self.bit_density(radix=config.radix)
-      (radix.nil?) ? 8 : Math.log2(radix).to_i
+      (radix.nil?) ? 8 : Math.log2(radix).ceil
     end
 
     def map_chr
-      pad_right(input.scan(/./).map{ |chr| yield chr }.join)
+      shift_and_pad(input.scan(/./).map{ |chr| yield chr }.join)
     end
 
-    def pad_right(bin_str)
-      bin_str.ljust(desired_length, '0')
+    def shift_and_pad(bin_str)
+      #shift
+      bin_str.ljust(target_bit_length, '0').
+      #pad
+        rjust(target_bit_length + config.offset_bits % 8, '0')
     end
 
-    def desired_length
-      ((input.length + config.offset_bits)/8.to_f).ceil*8 - config.offset_bits
+    def target_bit_length
+      ((input.length*self.class.bit_density + config.offset_bits)/8.to_f).ceil*8 - config.offset_bits
     end
 
+    # Mask for 1 character of current radix
     def radix_mask
       ("1"*self.class.bit_density).to_i(2)
     end
 
+    # Mask string for _chr_ substituting wildcards as necessary
     def mask_chr(chr)
       if chr == config.wildcard
         0
@@ -48,6 +51,7 @@ module Packetman
       end.to_s(2).rjust(self.class.bit_density, '0')
     end
 
+    # Binary string for _chr_ substituting wildcards as necessary
     def bin_chr(chr)
       chr = '0' if chr == config.wildcard
 
@@ -67,6 +71,7 @@ module Packetman
       hex_encode(map_chr{ |c| bin_chr(c) })
     end
 
+    # Transform _bin_str_ to array of 32, 16, and 8 bit hex encoded strings
     def hex_encode(bin_str)
       bin_str.reverse.scan(/.{1,4}/).map{ |chunk|
         chunk.reverse.to_i(2).to_s(16)
@@ -75,14 +80,18 @@ module Packetman
       }
     end
 
-    def to_s
-      offset = 0
+    def clauses
+      start_bit = 0
       [].tap do |filter|
         search_hex.zip(mask_hex).each do |search, mask|
-          filter << Packetman::Clause.new(search, mask, offset)
-          offset += self.class.bit_length(search)
+          filter << Packetman::Clause.new(search, mask, start_bit)
+          start_bit += self.class.bit_length(search)
         end
-      end.map{ |b| b.to_s }.join(' && ')
+      end
+    end
+
+    def to_s
+      clauses.map{ |clause| clause.to_s }.join(' && ')
     end
 
   end

data/lib/packetman/table.rb

@@ -1,57 +1,28 @@
+require 'terminal-table'
+
 module Packetman
   class Table
     include ConfigMethods
 
-    attr_reader :line_h, :line_v
-    attr_accessor :columns
-
-    def initialize(cols = 32)
-      @line_v = '|'
-      @line_h = '-'
-      @columns = cols
-    end
-
-    def line_h=(value)
-      raise "Invalid character" if value.length != 1
-      @line_h = value
-    end
-
-    def line_v=(value)
-      raise "Invalid character" if value.length != 1
-      @line_v = value
-    end
-
-    def column_width
-      (columns-1).to_s.length
-    end
+    def initialize
 
-    def horizontal_bar
-      line_v + line_h*(table_width - 2) + line_v + "\n"
+      @term_table = Terminal::Table.new(headings: headings, rows: rows, style: style)
     end
 
-    def table_width
-      columns*(column_width + 1) + 1
+    def headings
+      [*0..31].map{ |c| "%02d" % c }
     end
 
-    def cell_size(field_size)
-      field_size*(column_width + 1) - 1
+    def rows
+      protocols[config.transport]['table']
     end
 
-    def header_row
-      line_v + columns.times.map{ |n| sprintf "%0#{column_width}d", n }.join(line_v) + line_v + "\n"
+    def style
+      { alignment: :center, padding_left: 0, padding_right: 0}
     end
 
     def to_s
-      output = horizontal_bar + header_row + horizontal_bar
-
-      protocols[config.transport]['table'].each do |label, size|
-        output += sprintf "%s%.#{cell_size(size)}s", line_v, label.center(cell_size(size))
-        if output.split("\n").last.length == (table_width - 1)
-          output += line_v + "\n"
-          output += horizontal_bar
-        end
-      end
-      output
+      @term_table.to_s
     end
 
   end

data/lib/packetman/version.rb

@@ -1,3 +1,3 @@
 module Packetman
-  VERSION = "0.1.2"
+  VERSION = "0.1.3"
 end

data/packetman.gemspec

@@ -19,6 +19,8 @@ Gem::Specification.new do |spec|
   spec.executables   = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
   spec.require_paths = ["lib"]
 
+  spec.add_dependency "terminal-table", "~> 1.5.2"
+
   spec.add_development_dependency "bundler", "~> 1"
   spec.add_development_dependency "rake", "~> 10.0"
   spec.add_development_dependency "rspec", "~> 3.3"

metadata

@@ -1,15 +1,29 @@
 --- !ruby/object:Gem::Specification
 name: packetman
 version: !ruby/object:Gem::Version
-  version: 0.1.2
+  version: 0.1.3
 platform: ruby
 authors:
 - Jason Scholl
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2015-11-28 00:00:00.000000000 Z
+date: 2015-11-30 00:00:00.000000000 Z
 dependencies:
+- !ruby/object:Gem::Dependency
+  name: terminal-table
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.5.2
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.5.2
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement