pcap_tools 0.0.3 → 0.0.4

Sign up to get free protection for your applications and to get access to all the features.
Files changed (5) hide show
  1. data/bin/pcap_tools +62 -0
  2. data/lib/pcap_tools.rb +0 -6
  3. data/pcap_tools.gemspec +4 -4
  4. metadata +4 -4
  5. data/bin/pcap_tools_http +0 -37
data/bin/pcap_tools ADDED
@@ -0,0 +1,62 @@
1
+ #!/usr/bin/env ruby
2
+
3
+ require 'pcap_tools'
4
+ require 'optparse'
5
+
6
+ options = {
7
+ :mode => :http,
8
+ }
9
+
10
+ OptionParser.new do |opts|
11
+ opts.banner = "Usage: pcap_tools_http [options] pcap_files"
12
+
13
+ opts.on("--no-body", "Do not display body") do
14
+ options[:no_body] = true
15
+ end
16
+
17
+ opts.on("--mode [MODE]", [:http, :tcp], "parsing mode") do |m|
18
+ options[:mode] = m
19
+ end
20
+
21
+ end.parse!
22
+
23
+ data = ARGV.map{|f| puts "Loading #{f}"; PacketFu::PcapFile.file_to_array(f)}
24
+
25
+ tcps = PcapTools::extract_tcp_streams(data)
26
+
27
+ puts "Tcp streams extracted : #{tcps.size}"
28
+ puts "Parsing mode : #{options[:mode]}"
29
+ puts
30
+
31
+ if options[:mode] == :http
32
+ tcps.each do |tcp|
33
+ PcapTools::extract_http_calls(tcp).each do |req, resp|
34
+ puts ">>>> #{req["pcap-src"]}:#{req["pcap-src-port"]} > #{req["pcap-dst"]}:#{req["pcap-dst-port"]}"
35
+ puts "#{req.method} #{req.path}"
36
+ req.each_capitalized_name.reject{|x| x =~ /^Pcap/ }.each do |x|
37
+ puts "#{x}: #{req[x]}"
38
+ end
39
+ puts
40
+ puts req.body unless options[:no_body]
41
+ puts "<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< #{resp.time}"
42
+ puts "#{resp.code} #{resp.message}"
43
+ resp.each_capitalized_name.reject{|x| x =~ /^Pcap/ }.each do |x|
44
+ puts "#{x}: #{resp[x]}"
45
+ end
46
+ puts
47
+ puts resp.body unless options[:no_body]
48
+ puts
49
+ end
50
+ end
51
+ end
52
+
53
+ if options[:mode] == :tcp
54
+ tcps.each do |tcp|
55
+ tcp.each do |packet|
56
+ type = packet[:type] == :out ? ">>>>" : "<<<<<"
57
+ puts "#{type} #{packet[:from]}:#{packet[:from_port]} > #{packet[:to]}:#{packet[:to_port]}, size #{packet[:data].size}"
58
+ puts packet[:data]
59
+ puts
60
+ end
61
+ end
62
+ end
data/lib/pcap_tools.rb CHANGED
@@ -52,12 +52,6 @@ module PcapTools
52
52
 
53
53
  end
54
54
 
55
- def load_mutliple_files dir
56
- Dir.glob(dir).sort{|a, b| File.new(a).mtime <=> File.new(b).mtime}.map{|file| PacketFu::PcapFile.file_to_array(file)}
57
- end
58
-
59
- module_function :load_mutliple_files
60
-
61
55
  def extract_http_calls_from_captures captures
62
56
  calls = []
63
57
  extract_tcp_streams(captures).each do |tcp|
data/pcap_tools.gemspec CHANGED
@@ -2,14 +2,14 @@ require 'rake'
2
2
 
3
3
  Gem::Specification.new do |s|
4
4
  s.name = 'pcap_tools'
5
- s.version = '0.0.3'
5
+ s.version = '0.0.4'
6
6
  s.authors = ['Bertrand Paquet']
7
7
  s.email = 'bertrand.paquet@gmail.com'
8
8
  s.summary = 'Tools for extracting data from pcap files'
9
9
  s.homepage = 'https://github.com/bpaquet/pcap_tools'
10
- s.executables << 'pcap_tools_http'
10
+ s.executables << 'pcap_tools'
11
11
  s.files = `git ls-files`.split($/)
12
12
  s.license = 'BSD'
13
13
 
14
- s.add_development_dependency('packetfu', '>= 1.1.9')
15
- end
14
+ s.add_runtime_dependency('packetfu', '>= 1.1.9')
15
+ end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: pcap_tools
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.3
4
+ version: 0.0.4
5
5
  prerelease:
6
6
  platform: ruby
7
7
  authors:
@@ -19,7 +19,7 @@ dependencies:
19
19
  - - ! '>='
20
20
  - !ruby/object:Gem::Version
21
21
  version: 1.1.9
22
- type: :development
22
+ type: :runtime
23
23
  prerelease: false
24
24
  version_requirements: !ruby/object:Gem::Requirement
25
25
  none: false
@@ -30,12 +30,12 @@ dependencies:
30
30
  description:
31
31
  email: bertrand.paquet@gmail.com
32
32
  executables:
33
- - pcap_tools_http
33
+ - pcap_tools
34
34
  extensions: []
35
35
  extra_rdoc_files: []
36
36
  files:
37
37
  - README.markdown
38
- - bin/pcap_tools_http
38
+ - bin/pcap_tools
39
39
  - lib/pcap_tools.rb
40
40
  - pcap_tools.gemspec
41
41
  homepage: https://github.com/bpaquet/pcap_tools
data/bin/pcap_tools_http DELETED
@@ -1,37 +0,0 @@
1
- #!/usr/bin/env ruby
2
-
3
- require 'pcap_tools'
4
- require 'optparse'
5
-
6
- options = {}
7
- OptionParser.new do |opts|
8
- opts.banner = "Usage: pcap_tools_http [options] pcap_files"
9
-
10
- opts.on("--no-body", "Do not display body") do
11
- options[:no_body] = true
12
- end
13
- end.parse!
14
-
15
- data = ARGV.map{|f| PacketFu::PcapFile.file_to_array(f)}
16
-
17
- tcps = PcapTools::extract_tcp_streams(data)
18
-
19
- tcps.each do |tcp|
20
- PcapTools::extract_http_calls(tcp).each do |req, resp|
21
- puts ">>>> #{req["pcap-src"]}:#{req["pcap-src-port"]} > #{req["pcap-dst"]}:#{req["pcap-dst-port"]}"
22
- puts "#{req.method} #{req.path}"
23
- req.each_capitalized_name.reject{|x| x =~ /^Pcap/ }.each do |x|
24
- puts "#{x}: #{req[x]}"
25
- end
26
- puts
27
- puts req.body unless options[:no_body]
28
- puts "<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< #{resp.time}"
29
- puts "#{resp.code} #{resp.message}"
30
- resp.each_capitalized_name.reject{|x| x =~ /^Pcap/ }.each do |x|
31
- puts "#{x}: #{resp[x]}"
32
- end
33
- puts
34
- puts resp.body unless options[:no_body]
35
- puts
36
- end
37
- end