pcapr-local 0.1.10
Sign up to get free protection for your applications and to get access to all the features.
- data/.document +5 -0
- data/LICENSE.txt +20 -0
- data/README.md +64 -0
- data/Rakefile +57 -0
- data/VERSION +1 -0
- data/bin/pcap2par +49 -0
- data/bin/startpcapr +40 -0
- data/bin/stoppcapr +33 -0
- data/bin/xtractr +5 -0
- data/lib/environment.rb +106 -0
- data/lib/exe/xtractr +0 -0
- data/lib/mu/pcap.rb +110 -0
- data/lib/mu/pcap/ethernet.rb +148 -0
- data/lib/mu/pcap/header.rb +75 -0
- data/lib/mu/pcap/io_pair.rb +67 -0
- data/lib/mu/pcap/io_wrapper.rb +76 -0
- data/lib/mu/pcap/ip.rb +61 -0
- data/lib/mu/pcap/ipv4.rb +257 -0
- data/lib/mu/pcap/ipv6.rb +148 -0
- data/lib/mu/pcap/packet.rb +104 -0
- data/lib/mu/pcap/pkthdr.rb +155 -0
- data/lib/mu/pcap/reader.rb +61 -0
- data/lib/mu/pcap/reader/http_family.rb +170 -0
- data/lib/mu/pcap/sctp.rb +367 -0
- data/lib/mu/pcap/sctp/chunk.rb +123 -0
- data/lib/mu/pcap/sctp/chunk/data.rb +134 -0
- data/lib/mu/pcap/sctp/chunk/init.rb +100 -0
- data/lib/mu/pcap/sctp/chunk/init_ack.rb +68 -0
- data/lib/mu/pcap/sctp/parameter.rb +110 -0
- data/lib/mu/pcap/sctp/parameter/ip_address.rb +48 -0
- data/lib/mu/pcap/stream_packetizer.rb +72 -0
- data/lib/mu/pcap/tcp.rb +505 -0
- data/lib/mu/pcap/udp.rb +69 -0
- data/lib/mu/scenario/pcap.rb +164 -0
- data/lib/mu/scenario/pcap/fields.rb +50 -0
- data/lib/mu/scenario/pcap/rtp.rb +71 -0
- data/lib/pcapr_local.rb +159 -0
- data/lib/pcapr_local/config.rb +336 -0
- data/lib/pcapr_local/db.rb +197 -0
- data/lib/pcapr_local/scanner.rb +250 -0
- data/lib/pcapr_local/server.rb +178 -0
- data/lib/pcapr_local/www/favicon.ico +0 -0
- data/lib/pcapr_local/www/favicon.png +0 -0
- data/lib/pcapr_local/www/home/index.html +138 -0
- data/lib/pcapr_local/www/static/image/16x16/Cancel.png +0 -0
- data/lib/pcapr_local/www/static/image/16x16/Cancel.png.1 +0 -0
- data/lib/pcapr_local/www/static/image/16x16/Download.png +0 -0
- data/lib/pcapr_local/www/static/image/16x16/Folder3.png +0 -0
- data/lib/pcapr_local/www/static/image/16x16/Full Size.png +0 -0
- data/lib/pcapr_local/www/static/image/16x16/Minus.png +0 -0
- data/lib/pcapr_local/www/static/image/16x16/Plus.png +0 -0
- data/lib/pcapr_local/www/static/image/16x16/Search.png +0 -0
- data/lib/pcapr_local/www/static/image/16x16/User.png +0 -0
- data/lib/pcapr_local/www/static/image/48x48/Phone.png +0 -0
- data/lib/pcapr_local/www/static/image/48x48/Video.png +0 -0
- data/lib/pcapr_local/www/static/image/bar-orange.gif +0 -0
- data/lib/pcapr_local/www/static/image/beta.png +0 -0
- data/lib/pcapr_local/www/static/image/bg.png +0 -0
- data/lib/pcapr_local/www/static/image/blockquote.png +0 -0
- data/lib/pcapr_local/www/static/image/body-bg.png +0 -0
- data/lib/pcapr_local/www/static/image/body-h3.png +0 -0
- data/lib/pcapr_local/www/static/image/body-hl1-bg.png +0 -0
- data/lib/pcapr_local/www/static/image/body-hl1-h3.png +0 -0
- data/lib/pcapr_local/www/static/image/body-hl1-readmore.png +0 -0
- data/lib/pcapr_local/www/static/image/body-hl2-bg.png +0 -0
- data/lib/pcapr_local/www/static/image/body-hl2-h3.png +0 -0
- data/lib/pcapr_local/www/static/image/body-hl2-readmore.png +0 -0
- data/lib/pcapr_local/www/static/image/body-hl3-bg.png +0 -0
- data/lib/pcapr_local/www/static/image/body-hl3-h3.png +0 -0
- data/lib/pcapr_local/www/static/image/body-hl3-readmore.png +0 -0
- data/lib/pcapr_local/www/static/image/body-hl4-bg.png +0 -0
- data/lib/pcapr_local/www/static/image/body-hl4-h3.png +0 -0
- data/lib/pcapr_local/www/static/image/body-hl4-readmore.png +0 -0
- data/lib/pcapr_local/www/static/image/body-hl5-h3.png +0 -0
- data/lib/pcapr_local/www/static/image/body-hl6-h3.png +0 -0
- data/lib/pcapr_local/www/static/image/body-hl7-h3.png +0 -0
- data/lib/pcapr_local/www/static/image/body-hl8-h3.png +0 -0
- data/lib/pcapr_local/www/static/image/body-readmore.png +0 -0
- data/lib/pcapr_local/www/static/image/bottom-bg.png +0 -0
- data/lib/pcapr_local/www/static/image/bottom-l.png +0 -0
- data/lib/pcapr_local/www/static/image/bottom-r.png +0 -0
- data/lib/pcapr_local/www/static/image/btn-search.png +0 -0
- data/lib/pcapr_local/www/static/image/bullet-1.png +0 -0
- data/lib/pcapr_local/www/static/image/bullet-2.png +0 -0
- data/lib/pcapr_local/www/static/image/bullet-3.png +0 -0
- data/lib/pcapr_local/www/static/image/bullet-4.png +0 -0
- data/lib/pcapr_local/www/static/image/bullet-5.png +0 -0
- data/lib/pcapr_local/www/static/image/bullet-6.png +0 -0
- data/lib/pcapr_local/www/static/image/bullet-7.png +0 -0
- data/lib/pcapr_local/www/static/image/bullet-hl1.png +0 -0
- data/lib/pcapr_local/www/static/image/bullet-hl2.png +0 -0
- data/lib/pcapr_local/www/static/image/bullet-hl3.png +0 -0
- data/lib/pcapr_local/www/static/image/bullet-hl4.png +0 -0
- data/lib/pcapr_local/www/static/image/bullet-pathway.png +0 -0
- data/lib/pcapr_local/www/static/image/bullet-section1.png +0 -0
- data/lib/pcapr_local/www/static/image/bullet-section2.png +0 -0
- data/lib/pcapr_local/www/static/image/collapsed.gif +0 -0
- data/lib/pcapr_local/www/static/image/crosslink.png +0 -0
- data/lib/pcapr_local/www/static/image/expanded.gif +0 -0
- data/lib/pcapr_local/www/static/image/favicon.ico +0 -0
- data/lib/pcapr_local/www/static/image/favicon.png +0 -0
- data/lib/pcapr_local/www/static/image/icon-author.png +0 -0
- data/lib/pcapr_local/www/static/image/icon-created.png +0 -0
- data/lib/pcapr_local/www/static/image/p-expand.gif +0 -0
- data/lib/pcapr_local/www/static/image/pcapr-logo.png +0 -0
- data/lib/pcapr_local/www/static/image/powered-by.png +0 -0
- data/lib/pcapr_local/www/static/image/section1-bg.png +0 -0
- data/lib/pcapr_local/www/static/image/section1-h3.png +0 -0
- data/lib/pcapr_local/www/static/image/section1-readmore.png +0 -0
- data/lib/pcapr_local/www/static/image/section2-bg.png +0 -0
- data/lib/pcapr_local/www/static/image/section2-h3.png +0 -0
- data/lib/pcapr_local/www/static/image/section2-readmore.png +0 -0
- data/lib/pcapr_local/www/static/image/status-alert.png +0 -0
- data/lib/pcapr_local/www/static/image/status-download.png +0 -0
- data/lib/pcapr_local/www/static/image/status-info.png +0 -0
- data/lib/pcapr_local/www/static/image/status-note.png +0 -0
- data/lib/pcapr_local/www/static/image/tab-round.png +0 -0
- data/lib/pcapr_local/www/static/image/throbber.gif +0 -0
- data/lib/pcapr_local/www/static/image/user.jpg +0 -0
- data/lib/pcapr_local/www/static/script/closet/async.js +421 -0
- data/lib/pcapr_local/www/static/script/closet/closet.api.js +241 -0
- data/lib/pcapr_local/www/static/script/closet/closet.folders.js +94 -0
- data/lib/pcapr_local/www/static/script/closet/closet.js +187 -0
- data/lib/pcapr_local/www/static/script/closet/closet.mr.js +219 -0
- data/lib/pcapr_local/www/static/script/closet/closet.options.js +359 -0
- data/lib/pcapr_local/www/static/script/closet/closet.quantity.js +73 -0
- data/lib/pcapr_local/www/static/script/closet/closet.render.js +205 -0
- data/lib/pcapr_local/www/static/script/closet/closet.report.js +86 -0
- data/lib/pcapr_local/www/static/script/closet/closet.reports.http.js +135 -0
- data/lib/pcapr_local/www/static/script/closet/closet.reports.overview.js +163 -0
- data/lib/pcapr_local/www/static/script/closet/closet.reports.sip.js +159 -0
- data/lib/pcapr_local/www/static/script/closet/closet.reports.tcp.js +72 -0
- data/lib/pcapr_local/www/static/script/closet/closet.reports.visualize.js +263 -0
- data/lib/pcapr_local/www/static/script/closet/closet.util.js +40 -0
- data/lib/pcapr_local/www/static/script/jquery/jquery-1.4.2.min.js +154 -0
- data/lib/pcapr_local/www/static/script/jquery/jquery-ui.js +10921 -0
- data/lib/pcapr_local/www/static/script/jquery/jquery.flot.js +2123 -0
- data/lib/pcapr_local/www/static/script/jquery/jquery.flot.selection.js +184 -0
- data/lib/pcapr_local/www/static/script/jquery/jquery.flot.stack.js +184 -0
- data/lib/pcapr_local/www/static/script/jquery/jquery.form.js +643 -0
- data/lib/pcapr_local/www/static/script/jquery/jquery.jsonp.min.js +3 -0
- data/lib/pcapr_local/www/static/script/jquery/jquery.menu.js +142 -0
- data/lib/pcapr_local/www/static/script/jquery/jquery.suggest.js +308 -0
- data/lib/pcapr_local/www/static/script/jquery/jquery.ui.core.js +203 -0
- data/lib/pcapr_local/www/static/script/jquery/jquery.ui.slider.js +629 -0
- data/lib/pcapr_local/www/static/script/jquery/jquery.ui.sortable.js +1055 -0
- data/lib/pcapr_local/www/static/script/jquery/jquery.ui.widget.js +236 -0
- data/lib/pcapr_local/www/static/script/json2.js +481 -0
- data/lib/pcapr_local/www/static/script/sammy/plugins/sammy.cache.js +115 -0
- data/lib/pcapr_local/www/static/script/sammy/plugins/sammy.template.js +117 -0
- data/lib/pcapr_local/www/static/script/sammy/sammy.js +1696 -0
- data/lib/pcapr_local/www/static/script/tipsy/jquery.tipsy.js +104 -0
- data/lib/pcapr_local/www/static/style/c3p0.css +116 -0
- data/lib/pcapr_local/www/static/style/jquery.suggest.css +27 -0
- data/lib/pcapr_local/www/static/style/page.css +1113 -0
- data/lib/pcapr_local/www/static/style/tipsy.css +7 -0
- data/lib/pcapr_local/www/templates/browse.services.template +10 -0
- data/lib/pcapr_local/www/templates/browse.template +77 -0
- data/lib/pcapr_local/www/templates/flows.template +38 -0
- data/lib/pcapr_local/www/templates/pcap.template +63 -0
- data/lib/pcapr_local/www/templates/sip.calls.template +35 -0
- data/lib/pcapr_local/www/templates/statistics.template +6 -0
- data/lib/pcapr_local/xtractr.rb +179 -0
- data/lib/pcapr_local/xtractr/instance.rb +172 -0
- data/pcapr-local.gemspec +297 -0
- data/test/mu/pcap/reader/tc_http_family.rb +251 -0
- data/test/mu/pcap/tc_ethernet.rb +71 -0
- data/test/mu/pcap/tc_header.rb +56 -0
- data/test/mu/pcap/tc_ipv4.rb +103 -0
- data/test/mu/pcap/tc_ipv6.rb +83 -0
- data/test/mu/pcap/tc_packet.rb +44 -0
- data/test/mu/pcap/tc_pair.rb +58 -0
- data/test/mu/pcap/tc_pkthdr.rb +33 -0
- data/test/mu/pcap/tc_reader.rb +76 -0
- data/test/mu/pcap/tc_tcp.rb +426 -0
- data/test/mu/pcap/tc_udp.rb +33 -0
- data/test/mu/pcap/tc_wrapper.rb +80 -0
- data/test/mu/scenario/pcap/tc_fields.rb +67 -0
- data/test/mu/scenario/pcap/tc_rtp.rb +135 -0
- data/test/mu/scenario/sip_signalled_call_1.pcap +0 -0
- data/test/mu/scenario/tc_pcap.rb +190 -0
- data/test/mu/scenario/test_data/arp.pcap +0 -0
- data/test/mu/scenario/test_data/dns.pcap +0 -0
- data/test/mu/scenario/test_data/http-v6.pcap +0 -0
- data/test/mu/scenario/test_data/http.pcap +0 -0
- data/test/mu/scenario/test_data/http_chunked.pcap +0 -0
- data/test/mu/scenario/test_data/http_deflate.pcap +0 -0
- data/test/mu/scenario/test_data/httpauth3.pcap +0 -0
- data/test/mu/scenario/test_data/icmp.pcap +0 -0
- data/test/mu/scenario/test_data/sip_signalled_call_1.pcap +0 -0
- data/test/mu/tc_pcap.rb +39 -0
- data/test/mu/testcase.rb +86 -0
- data/test/pcapr_local/arp.pcap +0 -0
- data/test/pcapr_local/data.js +3 -0
- data/test/pcapr_local/http_chunked.pcap +0 -0
- data/test/pcapr_local/tc_api.rb +181 -0
- data/test/pcapr_local/test.tgz +0 -0
- data/test/pcapr_local/test_scanner.rb +241 -0
- data/test/pcapr_local/test_xtractr.rb +219 -0
- data/test/pcapr_local/testcase.rb +107 -0
- data/test/test_export_to_scenario.sh +25 -0
- data/test/test_pcapr_local.rb +29 -0
- metadata +450 -0
data/.document
ADDED
data/LICENSE.txt
ADDED
@@ -0,0 +1,20 @@
|
|
1
|
+
Copyright (c) 2011 Mu Dynamics
|
2
|
+
|
3
|
+
Permission is hereby granted, free of charge, to any person obtaining
|
4
|
+
a copy of this software and associated documentation files (the
|
5
|
+
"Software"), to deal in the Software without restriction, including
|
6
|
+
without limitation the rights to use, copy, modify, merge, publish,
|
7
|
+
distribute, sublicense, and/or sell copies of the Software, and to
|
8
|
+
permit persons to whom the Software is furnished to do so, subject to
|
9
|
+
the following conditions:
|
10
|
+
|
11
|
+
The above copyright notice and this permission notice shall be
|
12
|
+
included in all copies or substantial portions of the Software.
|
13
|
+
|
14
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
15
|
+
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
16
|
+
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
|
17
|
+
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
|
18
|
+
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
|
19
|
+
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
|
20
|
+
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
data/README.md
ADDED
@@ -0,0 +1,64 @@
|
|
1
|
+
# pcapr.Local #
|
2
|
+
|
3
|
+
## Introduction
|
4
|
+
|
5
|
+
pcapr.Local is a tool for browsing and managing a large repository of packet captures (pcaps). After you tell pcapr.Local where your pcaps are located, it will index them automatically and let you navigate your collection in the comfort of your web browser. pcapr.Local builds on and integrates with [Xtractr](http://code.google.com/p/pcapr/wiki/Xtractr) so you can analyze your pcaps in the Xtractr web UI. The Xtractr web UI is hosted on pcapr.net but talks to a local Xtractr instance (managed by pcapr.Local) and your data never leaves your network.
|
6
|
+
|
7
|
+
In addition to managing your pcaps, you can use pcapr.Local to leverage your custom wireshark dissectors when creating Scenarios in Mu Studio. PAR files (described below) created by pcapr.Local can be imported into Mu Studio just like a pcap, but Mu Studio will use your wireshark data to guide Scenario creation.
|
8
|
+
|
9
|
+
## Dependencies
|
10
|
+
|
11
|
+
### CouchDB
|
12
|
+
CouchDB needs to be available. Either or local or remote installation will work. On Ubuntu/Debian you can install CouchDB with:
|
13
|
+
|
14
|
+
$ sudo apt-get install couchdb
|
15
|
+
|
16
|
+
### Wireshark
|
17
|
+
|
18
|
+
You need to have wireshark installed. In particular the command line "tshark" utility should be available.
|
19
|
+
|
20
|
+
### Ruby
|
21
|
+
|
22
|
+
Tested with Ruby 1.8.6, 1.8.7, and 1.9.2.
|
23
|
+
|
24
|
+
## Supported environments
|
25
|
+
|
26
|
+
Linux only. Sorry.
|
27
|
+
|
28
|
+
## Running pcapr.Local
|
29
|
+
|
30
|
+
1. Install the gem.
|
31
|
+
2. Run the "startpcapr" executable that is installed with the gem:
|
32
|
+
|
33
|
+
$ startpcapr
|
34
|
+
|
35
|
+
This will ask you some basic questions, and will record your answers in a config file at ~/.pcapr_local/config that will be used on subsequent invocations. After collecting configuration information, the server process will continue running in the background and you'll get your prompt back. If you like to keep an eye on what's going on you can tail the pcapr.Local log file with:
|
36
|
+
|
37
|
+
$ tail -F ~/pcapr.Local/log/server.log
|
38
|
+
|
39
|
+
3. Add pcaps to the pcap directory you configured (default ~/pcapr.Local/pcaps) and wait a short while for them to be noticed and indexed (about a minute).
|
40
|
+
4. Point your browser to http://localhost:8080 (or whatever you configured).
|
41
|
+
5. If you want to stop the pcapr.Local server you can do so with:
|
42
|
+
|
43
|
+
$ stoppcapr
|
44
|
+
|
45
|
+
## Creating PAR files
|
46
|
+
|
47
|
+
A PAR file (Pcap ARchive) is a format that can be imported onto a Mu Studio to create a Scenario. For purposes of Scenario creation, a PAR file is equivalent to the starting pcap with a couple of exceptions:
|
48
|
+
|
49
|
+
1. The PAR file contains wireshark dissection data from your local wireshark installation. This means you get the full benefits of any custom dissectors you may have.
|
50
|
+
2. When you import a PAR you'll bypass the normal flow selection page and go directly to the Scenario editor.
|
51
|
+
|
52
|
+
### In the GUI
|
53
|
+
|
54
|
+
Select a pcap in the pcapr.Local browser. The page that opens has a link at the bottom that lets you download a PAR file for that pcap.
|
55
|
+
|
56
|
+
### On the Command Line
|
57
|
+
|
58
|
+
The gem bundles a CLI tool for creating PAR files called 'pcap2par'. Usage is very simple, just provide a path to your pcap:
|
59
|
+
|
60
|
+
$ pcap2par my_traffic.pcap
|
61
|
+
|
62
|
+
This will create the PAR file called "export.par" in the current directory. You can optionally specify the output file as a second argument:
|
63
|
+
|
64
|
+
$ pcap2par my_traffic.pcap ~/par_files/my_traffic.par
|
data/Rakefile
ADDED
@@ -0,0 +1,57 @@
|
|
1
|
+
require 'rubygems'
|
2
|
+
require 'rake'
|
3
|
+
|
4
|
+
require 'jeweler'
|
5
|
+
Jeweler::Tasks.new do |gem|
|
6
|
+
# gem is a Gem::Specification... see http://docs.rubygems.org/read/chapter/20 for more options
|
7
|
+
gem.name = "pcapr-local"
|
8
|
+
gem.homepage = "http://github.com/pcapr-local/pcapr-local"
|
9
|
+
gem.license = "MIT"
|
10
|
+
gem.summary = %Q{Manage your pcap collection}
|
11
|
+
gem.description = %Q{Index, Browse, and Query your vast pcap collection.}
|
12
|
+
gem.email = "nbaggott@gmail.com"
|
13
|
+
gem.authors = ["Mu Dynamics"]
|
14
|
+
gem.add_dependency "rest-client", ">= 1.6.1"
|
15
|
+
gem.add_dependency "couchrest", "~> 1.0.1"
|
16
|
+
gem.add_dependency "sinatra", "~> 1.1.0"
|
17
|
+
gem.add_dependency "json", ">= 1.4.6"
|
18
|
+
gem.add_dependency "thin", "~> 1.2.7"
|
19
|
+
gem.add_dependency "rack", "~> 1.2.1"
|
20
|
+
gem.add_dependency "rack-contrib", "~> 1.1.0"
|
21
|
+
# Include your dependencies below. Runtime dependencies are required when using your gem,
|
22
|
+
# and development dependencies are only needed for development (ie running rake tasks, tests, etc)
|
23
|
+
# gem.add_runtime_dependency 'jabber4r', '> 0.1'
|
24
|
+
# gem.add_development_dependency 'rspec', '> 1.2.3'
|
25
|
+
gem.add_development_dependency "shoulda", ">= 0"
|
26
|
+
gem.add_development_dependency "bundler", "~> 1.0.0"
|
27
|
+
gem.add_development_dependency "jeweler", "~> 1.5.2"
|
28
|
+
gem.add_development_dependency "rcov", ">= 0"
|
29
|
+
|
30
|
+
end
|
31
|
+
Jeweler::RubygemsDotOrgTasks.new
|
32
|
+
|
33
|
+
require 'rake/testtask'
|
34
|
+
Rake::TestTask.new(:test) do |test|
|
35
|
+
test.libs << 'lib' << 'test'
|
36
|
+
test.pattern = 'test/**/test_*.rb'
|
37
|
+
test.verbose = true
|
38
|
+
end
|
39
|
+
|
40
|
+
require 'rcov/rcovtask'
|
41
|
+
Rcov::RcovTask.new(:rcov) do |test|
|
42
|
+
test.libs << 'test'
|
43
|
+
test.pattern = 'test/**/test_*.rb'
|
44
|
+
test.verbose = true
|
45
|
+
end
|
46
|
+
|
47
|
+
task :default => :test
|
48
|
+
|
49
|
+
require 'rake/rdoctask'
|
50
|
+
Rake::RDocTask.new do |rdoc|
|
51
|
+
version = File.exist?('VERSION') ? File.read('VERSION') : ""
|
52
|
+
|
53
|
+
rdoc.rdoc_dir = 'rdoc'
|
54
|
+
rdoc.title = "pcapr-local #{version}"
|
55
|
+
rdoc.rdoc_files.include('README*')
|
56
|
+
rdoc.rdoc_files.include('lib/**/*.rb')
|
57
|
+
end
|
data/VERSION
ADDED
@@ -0,0 +1 @@
|
|
1
|
+
0.1.10
|
data/bin/pcap2par
ADDED
@@ -0,0 +1,49 @@
|
|
1
|
+
#!/usr/bin/env ruby
|
2
|
+
# Copyright (C) 2008 Mu Dynamics, Inc
|
3
|
+
#
|
4
|
+
# This program is confidential and proprietary to Mu Dynamics, Inc and
|
5
|
+
# may not be reproduced, published or disclosed to others without its
|
6
|
+
# authorization.
|
7
|
+
|
8
|
+
libdir = File.dirname(__FILE__) + "/../lib"
|
9
|
+
libdir = File.expand_path(libdir)
|
10
|
+
$: << libdir
|
11
|
+
|
12
|
+
require 'pcapr_local'
|
13
|
+
require 'optparse'
|
14
|
+
require 'mu/pcap'
|
15
|
+
require 'mu/scenario/pcap'
|
16
|
+
|
17
|
+
PcaprLocal::Config.assert_environment
|
18
|
+
|
19
|
+
options = {
|
20
|
+
:isolate_l7 => false
|
21
|
+
}
|
22
|
+
|
23
|
+
opts = OptionParser.new do |opts|
|
24
|
+
opts.banner =
|
25
|
+
"Usage: pcap2par [options] <pcap> [export file]"
|
26
|
+
opts.on('-i', '--isolate', 'Include only TCP/UDP/SCTP traffic (excluding DNS, DHCP)') do
|
27
|
+
options[:isolate_l7] = true
|
28
|
+
end
|
29
|
+
opts.on_tail('-h', '--help', 'Show this message') do
|
30
|
+
puts opts
|
31
|
+
exit 0
|
32
|
+
end
|
33
|
+
end
|
34
|
+
|
35
|
+
argv = opts.parse!
|
36
|
+
unless argv.size == 1 or argv.size == 2
|
37
|
+
$stderr.puts opts
|
38
|
+
exit 1
|
39
|
+
end
|
40
|
+
|
41
|
+
pcap = argv[0]
|
42
|
+
archive = argv[1] || "export.par"
|
43
|
+
io = Mu::Scenario::Pcap.export_to_par pcap, options
|
44
|
+
archive_io = open(archive, 'wb')
|
45
|
+
while block=io.read(4096)
|
46
|
+
archive_io.print block
|
47
|
+
end
|
48
|
+
|
49
|
+
puts "export is located at #{archive}"
|
data/bin/startpcapr
ADDED
@@ -0,0 +1,40 @@
|
|
1
|
+
#!/usr/bin/env ruby
|
2
|
+
|
3
|
+
libdir = File.dirname(__FILE__) + "/../lib"
|
4
|
+
libdir = File.expand_path(libdir)
|
5
|
+
$: << libdir
|
6
|
+
|
7
|
+
require 'pcapr_local'
|
8
|
+
require 'optparse'
|
9
|
+
|
10
|
+
PcaprLocal::Config.assert_environment
|
11
|
+
|
12
|
+
config_file = nil
|
13
|
+
debug_mode = false
|
14
|
+
opts = OptionParser.new do |opts|
|
15
|
+
opts.banner = "Usage: #{$0} [-f config_file]"
|
16
|
+
opts.on('-f', '--config_file FILE', 'Config file') do |f|
|
17
|
+
config_file = f
|
18
|
+
end
|
19
|
+
opts.on('-d', '--debug_mode', 'Run in debug mode (server runs in foreground)') do
|
20
|
+
debug_mode = true
|
21
|
+
end
|
22
|
+
opts.on_tail('-h', '--help', 'Show this message') do
|
23
|
+
puts opts
|
24
|
+
exit 0
|
25
|
+
end
|
26
|
+
end
|
27
|
+
opts.parse!
|
28
|
+
|
29
|
+
config = PcaprLocal::Config.config config_file
|
30
|
+
if debug_mode
|
31
|
+
config["debug_mode"] = true
|
32
|
+
# log to stdout
|
33
|
+
config["log_dir"] = nil
|
34
|
+
else
|
35
|
+
config["debug_mode"] = false
|
36
|
+
end
|
37
|
+
|
38
|
+
|
39
|
+
PcaprLocal.start config
|
40
|
+
|
data/bin/stoppcapr
ADDED
@@ -0,0 +1,33 @@
|
|
1
|
+
#!/usr/bin/env ruby
|
2
|
+
|
3
|
+
libdir = File.dirname(__FILE__) + "/../lib"
|
4
|
+
libdir = File.expand_path(libdir)
|
5
|
+
$: << libdir
|
6
|
+
|
7
|
+
require 'pcapr_local'
|
8
|
+
require 'optparse'
|
9
|
+
|
10
|
+
PcaprLocal::Config.assert_environment
|
11
|
+
|
12
|
+
include PcaprLocal
|
13
|
+
|
14
|
+
config_file = nil
|
15
|
+
opts = OptionParser.new do |opts|
|
16
|
+
opts.banner = "Usage: #{$0} [-f config_file]"
|
17
|
+
opts.on('-f', '--config_file FILE', 'Config file') do |f|
|
18
|
+
config_file = f
|
19
|
+
end
|
20
|
+
opts.on_tail('-h', '--help', 'Show this message') do
|
21
|
+
puts opts
|
22
|
+
exit 0
|
23
|
+
end
|
24
|
+
end
|
25
|
+
opts.parse!
|
26
|
+
|
27
|
+
config_file ||= PcaprLocal::Config.user_config_path
|
28
|
+
|
29
|
+
if File.exist?(config_file)
|
30
|
+
config = PcaprLocal::Config.config config_file
|
31
|
+
PcaprLocal.stop config
|
32
|
+
end
|
33
|
+
|
data/bin/xtractr
ADDED
data/lib/environment.rb
ADDED
@@ -0,0 +1,106 @@
|
|
1
|
+
# http://www.mudynamics.com
|
2
|
+
# http://labs.mudynamics.com
|
3
|
+
# http://www.pcapr.net
|
4
|
+
|
5
|
+
if defined? Encoding
|
6
|
+
Encoding.default_external = Encoding::BINARY
|
7
|
+
end
|
8
|
+
|
9
|
+
module PcaprLocal
|
10
|
+
ROOT = File.expand_path(File.dirname(File.dirname(__FILE__)))
|
11
|
+
$: << ROOT
|
12
|
+
end
|
13
|
+
|
14
|
+
class Integer
|
15
|
+
# Make sure Integer#ord is present
|
16
|
+
if RUBY_VERSION < "1.8.7"
|
17
|
+
def ord
|
18
|
+
return self
|
19
|
+
end
|
20
|
+
end
|
21
|
+
end
|
22
|
+
|
23
|
+
# Make sure barebones Dir.mktmpdir is present
|
24
|
+
require 'tempfile'
|
25
|
+
class Dir
|
26
|
+
if not self.respond_to? :mktmpdir
|
27
|
+
def self.mktmpdir
|
28
|
+
t = (Time.now.to_f * 1_000_000).to_i.to_s(36)
|
29
|
+
path = "#{tmpdir}/d#{t}-#{$$}-#{rand(0x100000000).to_s(36)}"
|
30
|
+
Dir.mkdir path
|
31
|
+
path
|
32
|
+
end
|
33
|
+
end
|
34
|
+
end
|
35
|
+
|
36
|
+
|
37
|
+
module Process
|
38
|
+
# Supply daemon for pre ruby 1.9
|
39
|
+
# Adapted from lib/active_support/core_ext/process/daemon.rb
|
40
|
+
def self.daemon(nochdir = nil, noclose = nil)
|
41
|
+
exit! if fork # Parent exits, child continues.
|
42
|
+
Process.setsid # Become session leader.
|
43
|
+
exit! if fork # Zap session leader. See [1].
|
44
|
+
|
45
|
+
unless nochdir
|
46
|
+
Dir.chdir "/" # Release old working directory.
|
47
|
+
end
|
48
|
+
|
49
|
+
unless noclose
|
50
|
+
STDIN.reopen "/dev/null" # Free file descriptors and
|
51
|
+
STDOUT.reopen "/dev/null", "a" # point them somewhere sensible.
|
52
|
+
STDERR.reopen '/dev/null', 'a'
|
53
|
+
end
|
54
|
+
|
55
|
+
trap("TERM") { exit }
|
56
|
+
|
57
|
+
return 0
|
58
|
+
|
59
|
+
end unless self.respond_to? :daemon
|
60
|
+
end
|
61
|
+
|
62
|
+
class Regexp
|
63
|
+
# Patch Regexp.union to accept an array
|
64
|
+
if RUBY_VERSION < "1.8.7"
|
65
|
+
class << self
|
66
|
+
alias :union_pre187 :union
|
67
|
+
def union *arg
|
68
|
+
if arg.size == 1 and arg[0].is_a? Array
|
69
|
+
arg = arg[0]
|
70
|
+
end
|
71
|
+
union_pre187 *arg
|
72
|
+
end
|
73
|
+
end
|
74
|
+
end
|
75
|
+
end
|
76
|
+
|
77
|
+
class String
|
78
|
+
# Convert from hex. E.g. "0d0a".from_hex is "\r\n".
|
79
|
+
# Raises ArgumentError on invalid input.
|
80
|
+
def from_hex
|
81
|
+
return "" if self.empty?
|
82
|
+
hex = self
|
83
|
+
Integer("0x#{hex}")
|
84
|
+
if hex.length % 2 == 1
|
85
|
+
hex = "0#{hex}"
|
86
|
+
end
|
87
|
+
[hex].pack 'H*'
|
88
|
+
end
|
89
|
+
end
|
90
|
+
|
91
|
+
# Implement simple Readline.readline if interpreter is not
|
92
|
+
# compiled with readline support.
|
93
|
+
begin
|
94
|
+
require 'readline'
|
95
|
+
rescue LoadError
|
96
|
+
class Readline
|
97
|
+
def self.readline prompt
|
98
|
+
print prompt
|
99
|
+
gets
|
100
|
+
end
|
101
|
+
end
|
102
|
+
end
|
103
|
+
|
104
|
+
|
105
|
+
|
106
|
+
|
data/lib/exe/xtractr
ADDED
Binary file
|
data/lib/mu/pcap.rb
ADDED
@@ -0,0 +1,110 @@
|
|
1
|
+
# http://www.mudynamics.com
|
2
|
+
# http://labs.mudynamics.com
|
3
|
+
# http://www.pcapr.net
|
4
|
+
|
5
|
+
require 'socket'
|
6
|
+
require 'stringio'
|
7
|
+
|
8
|
+
module Mu
|
9
|
+
|
10
|
+
class Pcap
|
11
|
+
class ParseError < StandardError ; end
|
12
|
+
|
13
|
+
LITTLE_ENDIAN = 0xd4c3b2a1
|
14
|
+
BIG_ENDIAN = 0xa1b2c3d4
|
15
|
+
|
16
|
+
DLT_NULL = 0
|
17
|
+
DLT_EN10MB = 1
|
18
|
+
DLT_RAW = 12 # DLT_LOOP in OpenBSD
|
19
|
+
DLT_LINUX_SLL = 113
|
20
|
+
|
21
|
+
attr_accessor :header, :pkthdrs
|
22
|
+
|
23
|
+
def initialize
|
24
|
+
@header = Header.new
|
25
|
+
@pkthdrs = []
|
26
|
+
end
|
27
|
+
|
28
|
+
# Read PCAP file from IO and return Mu::Pcap. If decode is true, also
|
29
|
+
# decode the Pkthdr packet contents to Mu::Pcap objects.
|
30
|
+
def self.read io, decode=true
|
31
|
+
pcap = Pcap.new
|
32
|
+
pcap.header = each_pkthdr(io, decode) do |pkthdr|
|
33
|
+
pcap.pkthdrs << pkthdr
|
34
|
+
end
|
35
|
+
return pcap
|
36
|
+
end
|
37
|
+
|
38
|
+
# Create PCAP from list of packets.
|
39
|
+
def self.from_packets packets
|
40
|
+
pcap = Pcap.new
|
41
|
+
packets.each do |packet|
|
42
|
+
pkthdr = Mu::Pcap::Pkthdr.new
|
43
|
+
pkthdr.pkt = packet
|
44
|
+
pcap.pkthdrs << pkthdr
|
45
|
+
end
|
46
|
+
return pcap
|
47
|
+
end
|
48
|
+
|
49
|
+
# Write PCAP file to IO. Uses big-endian and linktype EN10MB.
|
50
|
+
def write io
|
51
|
+
@header.write io
|
52
|
+
@pkthdrs.each do |pkthdr|
|
53
|
+
pkthdr.write io
|
54
|
+
end
|
55
|
+
end
|
56
|
+
|
57
|
+
# Read PCAP packet headers from IO and return Mu::Pcap::Header. If decode
|
58
|
+
# is true, also decode the Pkthdr packet contents to Mu::Pcap objects. Use
|
59
|
+
# this for large files when each packet header can processed independently
|
60
|
+
# - it will perform better.
|
61
|
+
def self.each_pkthdr io, decode=true
|
62
|
+
header = Header.read io
|
63
|
+
while not io.eof?
|
64
|
+
pkthdr = Pkthdr.read io, header.magic
|
65
|
+
if decode
|
66
|
+
pkthdr.decode! header.magic, header.linktype
|
67
|
+
end
|
68
|
+
yield pkthdr
|
69
|
+
end
|
70
|
+
return header
|
71
|
+
end
|
72
|
+
|
73
|
+
# Read packets from PCAP
|
74
|
+
def self.read_packets io, decode=true
|
75
|
+
packets = []
|
76
|
+
each_pkthdr(io) { |pkthdr| packets << pkthdr.pkt }
|
77
|
+
return packets
|
78
|
+
end
|
79
|
+
|
80
|
+
# Assertion used during Pcap parsing
|
81
|
+
def self.assert cond, msg
|
82
|
+
if not cond
|
83
|
+
raise ParseError, msg
|
84
|
+
end
|
85
|
+
end
|
86
|
+
|
87
|
+
# Warnings from Pcap parsing are printed using this method.
|
88
|
+
def self.warning msg
|
89
|
+
$stderr.puts "WARNING: #{msg}"
|
90
|
+
end
|
91
|
+
|
92
|
+
def == other
|
93
|
+
return self.class == other.class &&
|
94
|
+
self.header == other.header &&
|
95
|
+
self.pkthdrs == other.pkthdrs
|
96
|
+
end
|
97
|
+
end
|
98
|
+
|
99
|
+
end
|
100
|
+
|
101
|
+
require 'mu/pcap/header'
|
102
|
+
require 'mu/pcap/pkthdr'
|
103
|
+
require 'mu/pcap/packet'
|
104
|
+
require 'mu/pcap/ethernet'
|
105
|
+
require 'mu/pcap/ip'
|
106
|
+
require 'mu/pcap/ipv4'
|
107
|
+
require 'mu/pcap/ipv6'
|
108
|
+
require 'mu/pcap/tcp'
|
109
|
+
require 'mu/pcap/udp'
|
110
|
+
require 'mu/pcap/sctp'
|