pcapr-local 0.1.10

Sign up to get free protection for your applications and to get access to all the features.
Files changed (203) hide show
  1. data/.document +5 -0
  2. data/LICENSE.txt +20 -0
  3. data/README.md +64 -0
  4. data/Rakefile +57 -0
  5. data/VERSION +1 -0
  6. data/bin/pcap2par +49 -0
  7. data/bin/startpcapr +40 -0
  8. data/bin/stoppcapr +33 -0
  9. data/bin/xtractr +5 -0
  10. data/lib/environment.rb +106 -0
  11. data/lib/exe/xtractr +0 -0
  12. data/lib/mu/pcap.rb +110 -0
  13. data/lib/mu/pcap/ethernet.rb +148 -0
  14. data/lib/mu/pcap/header.rb +75 -0
  15. data/lib/mu/pcap/io_pair.rb +67 -0
  16. data/lib/mu/pcap/io_wrapper.rb +76 -0
  17. data/lib/mu/pcap/ip.rb +61 -0
  18. data/lib/mu/pcap/ipv4.rb +257 -0
  19. data/lib/mu/pcap/ipv6.rb +148 -0
  20. data/lib/mu/pcap/packet.rb +104 -0
  21. data/lib/mu/pcap/pkthdr.rb +155 -0
  22. data/lib/mu/pcap/reader.rb +61 -0
  23. data/lib/mu/pcap/reader/http_family.rb +170 -0
  24. data/lib/mu/pcap/sctp.rb +367 -0
  25. data/lib/mu/pcap/sctp/chunk.rb +123 -0
  26. data/lib/mu/pcap/sctp/chunk/data.rb +134 -0
  27. data/lib/mu/pcap/sctp/chunk/init.rb +100 -0
  28. data/lib/mu/pcap/sctp/chunk/init_ack.rb +68 -0
  29. data/lib/mu/pcap/sctp/parameter.rb +110 -0
  30. data/lib/mu/pcap/sctp/parameter/ip_address.rb +48 -0
  31. data/lib/mu/pcap/stream_packetizer.rb +72 -0
  32. data/lib/mu/pcap/tcp.rb +505 -0
  33. data/lib/mu/pcap/udp.rb +69 -0
  34. data/lib/mu/scenario/pcap.rb +164 -0
  35. data/lib/mu/scenario/pcap/fields.rb +50 -0
  36. data/lib/mu/scenario/pcap/rtp.rb +71 -0
  37. data/lib/pcapr_local.rb +159 -0
  38. data/lib/pcapr_local/config.rb +336 -0
  39. data/lib/pcapr_local/db.rb +197 -0
  40. data/lib/pcapr_local/scanner.rb +250 -0
  41. data/lib/pcapr_local/server.rb +178 -0
  42. data/lib/pcapr_local/www/favicon.ico +0 -0
  43. data/lib/pcapr_local/www/favicon.png +0 -0
  44. data/lib/pcapr_local/www/home/index.html +138 -0
  45. data/lib/pcapr_local/www/static/image/16x16/Cancel.png +0 -0
  46. data/lib/pcapr_local/www/static/image/16x16/Cancel.png.1 +0 -0
  47. data/lib/pcapr_local/www/static/image/16x16/Download.png +0 -0
  48. data/lib/pcapr_local/www/static/image/16x16/Folder3.png +0 -0
  49. data/lib/pcapr_local/www/static/image/16x16/Full Size.png +0 -0
  50. data/lib/pcapr_local/www/static/image/16x16/Minus.png +0 -0
  51. data/lib/pcapr_local/www/static/image/16x16/Plus.png +0 -0
  52. data/lib/pcapr_local/www/static/image/16x16/Search.png +0 -0
  53. data/lib/pcapr_local/www/static/image/16x16/User.png +0 -0
  54. data/lib/pcapr_local/www/static/image/48x48/Phone.png +0 -0
  55. data/lib/pcapr_local/www/static/image/48x48/Video.png +0 -0
  56. data/lib/pcapr_local/www/static/image/bar-orange.gif +0 -0
  57. data/lib/pcapr_local/www/static/image/beta.png +0 -0
  58. data/lib/pcapr_local/www/static/image/bg.png +0 -0
  59. data/lib/pcapr_local/www/static/image/blockquote.png +0 -0
  60. data/lib/pcapr_local/www/static/image/body-bg.png +0 -0
  61. data/lib/pcapr_local/www/static/image/body-h3.png +0 -0
  62. data/lib/pcapr_local/www/static/image/body-hl1-bg.png +0 -0
  63. data/lib/pcapr_local/www/static/image/body-hl1-h3.png +0 -0
  64. data/lib/pcapr_local/www/static/image/body-hl1-readmore.png +0 -0
  65. data/lib/pcapr_local/www/static/image/body-hl2-bg.png +0 -0
  66. data/lib/pcapr_local/www/static/image/body-hl2-h3.png +0 -0
  67. data/lib/pcapr_local/www/static/image/body-hl2-readmore.png +0 -0
  68. data/lib/pcapr_local/www/static/image/body-hl3-bg.png +0 -0
  69. data/lib/pcapr_local/www/static/image/body-hl3-h3.png +0 -0
  70. data/lib/pcapr_local/www/static/image/body-hl3-readmore.png +0 -0
  71. data/lib/pcapr_local/www/static/image/body-hl4-bg.png +0 -0
  72. data/lib/pcapr_local/www/static/image/body-hl4-h3.png +0 -0
  73. data/lib/pcapr_local/www/static/image/body-hl4-readmore.png +0 -0
  74. data/lib/pcapr_local/www/static/image/body-hl5-h3.png +0 -0
  75. data/lib/pcapr_local/www/static/image/body-hl6-h3.png +0 -0
  76. data/lib/pcapr_local/www/static/image/body-hl7-h3.png +0 -0
  77. data/lib/pcapr_local/www/static/image/body-hl8-h3.png +0 -0
  78. data/lib/pcapr_local/www/static/image/body-readmore.png +0 -0
  79. data/lib/pcapr_local/www/static/image/bottom-bg.png +0 -0
  80. data/lib/pcapr_local/www/static/image/bottom-l.png +0 -0
  81. data/lib/pcapr_local/www/static/image/bottom-r.png +0 -0
  82. data/lib/pcapr_local/www/static/image/btn-search.png +0 -0
  83. data/lib/pcapr_local/www/static/image/bullet-1.png +0 -0
  84. data/lib/pcapr_local/www/static/image/bullet-2.png +0 -0
  85. data/lib/pcapr_local/www/static/image/bullet-3.png +0 -0
  86. data/lib/pcapr_local/www/static/image/bullet-4.png +0 -0
  87. data/lib/pcapr_local/www/static/image/bullet-5.png +0 -0
  88. data/lib/pcapr_local/www/static/image/bullet-6.png +0 -0
  89. data/lib/pcapr_local/www/static/image/bullet-7.png +0 -0
  90. data/lib/pcapr_local/www/static/image/bullet-hl1.png +0 -0
  91. data/lib/pcapr_local/www/static/image/bullet-hl2.png +0 -0
  92. data/lib/pcapr_local/www/static/image/bullet-hl3.png +0 -0
  93. data/lib/pcapr_local/www/static/image/bullet-hl4.png +0 -0
  94. data/lib/pcapr_local/www/static/image/bullet-pathway.png +0 -0
  95. data/lib/pcapr_local/www/static/image/bullet-section1.png +0 -0
  96. data/lib/pcapr_local/www/static/image/bullet-section2.png +0 -0
  97. data/lib/pcapr_local/www/static/image/collapsed.gif +0 -0
  98. data/lib/pcapr_local/www/static/image/crosslink.png +0 -0
  99. data/lib/pcapr_local/www/static/image/expanded.gif +0 -0
  100. data/lib/pcapr_local/www/static/image/favicon.ico +0 -0
  101. data/lib/pcapr_local/www/static/image/favicon.png +0 -0
  102. data/lib/pcapr_local/www/static/image/icon-author.png +0 -0
  103. data/lib/pcapr_local/www/static/image/icon-created.png +0 -0
  104. data/lib/pcapr_local/www/static/image/p-expand.gif +0 -0
  105. data/lib/pcapr_local/www/static/image/pcapr-logo.png +0 -0
  106. data/lib/pcapr_local/www/static/image/powered-by.png +0 -0
  107. data/lib/pcapr_local/www/static/image/section1-bg.png +0 -0
  108. data/lib/pcapr_local/www/static/image/section1-h3.png +0 -0
  109. data/lib/pcapr_local/www/static/image/section1-readmore.png +0 -0
  110. data/lib/pcapr_local/www/static/image/section2-bg.png +0 -0
  111. data/lib/pcapr_local/www/static/image/section2-h3.png +0 -0
  112. data/lib/pcapr_local/www/static/image/section2-readmore.png +0 -0
  113. data/lib/pcapr_local/www/static/image/status-alert.png +0 -0
  114. data/lib/pcapr_local/www/static/image/status-download.png +0 -0
  115. data/lib/pcapr_local/www/static/image/status-info.png +0 -0
  116. data/lib/pcapr_local/www/static/image/status-note.png +0 -0
  117. data/lib/pcapr_local/www/static/image/tab-round.png +0 -0
  118. data/lib/pcapr_local/www/static/image/throbber.gif +0 -0
  119. data/lib/pcapr_local/www/static/image/user.jpg +0 -0
  120. data/lib/pcapr_local/www/static/script/closet/async.js +421 -0
  121. data/lib/pcapr_local/www/static/script/closet/closet.api.js +241 -0
  122. data/lib/pcapr_local/www/static/script/closet/closet.folders.js +94 -0
  123. data/lib/pcapr_local/www/static/script/closet/closet.js +187 -0
  124. data/lib/pcapr_local/www/static/script/closet/closet.mr.js +219 -0
  125. data/lib/pcapr_local/www/static/script/closet/closet.options.js +359 -0
  126. data/lib/pcapr_local/www/static/script/closet/closet.quantity.js +73 -0
  127. data/lib/pcapr_local/www/static/script/closet/closet.render.js +205 -0
  128. data/lib/pcapr_local/www/static/script/closet/closet.report.js +86 -0
  129. data/lib/pcapr_local/www/static/script/closet/closet.reports.http.js +135 -0
  130. data/lib/pcapr_local/www/static/script/closet/closet.reports.overview.js +163 -0
  131. data/lib/pcapr_local/www/static/script/closet/closet.reports.sip.js +159 -0
  132. data/lib/pcapr_local/www/static/script/closet/closet.reports.tcp.js +72 -0
  133. data/lib/pcapr_local/www/static/script/closet/closet.reports.visualize.js +263 -0
  134. data/lib/pcapr_local/www/static/script/closet/closet.util.js +40 -0
  135. data/lib/pcapr_local/www/static/script/jquery/jquery-1.4.2.min.js +154 -0
  136. data/lib/pcapr_local/www/static/script/jquery/jquery-ui.js +10921 -0
  137. data/lib/pcapr_local/www/static/script/jquery/jquery.flot.js +2123 -0
  138. data/lib/pcapr_local/www/static/script/jquery/jquery.flot.selection.js +184 -0
  139. data/lib/pcapr_local/www/static/script/jquery/jquery.flot.stack.js +184 -0
  140. data/lib/pcapr_local/www/static/script/jquery/jquery.form.js +643 -0
  141. data/lib/pcapr_local/www/static/script/jquery/jquery.jsonp.min.js +3 -0
  142. data/lib/pcapr_local/www/static/script/jquery/jquery.menu.js +142 -0
  143. data/lib/pcapr_local/www/static/script/jquery/jquery.suggest.js +308 -0
  144. data/lib/pcapr_local/www/static/script/jquery/jquery.ui.core.js +203 -0
  145. data/lib/pcapr_local/www/static/script/jquery/jquery.ui.slider.js +629 -0
  146. data/lib/pcapr_local/www/static/script/jquery/jquery.ui.sortable.js +1055 -0
  147. data/lib/pcapr_local/www/static/script/jquery/jquery.ui.widget.js +236 -0
  148. data/lib/pcapr_local/www/static/script/json2.js +481 -0
  149. data/lib/pcapr_local/www/static/script/sammy/plugins/sammy.cache.js +115 -0
  150. data/lib/pcapr_local/www/static/script/sammy/plugins/sammy.template.js +117 -0
  151. data/lib/pcapr_local/www/static/script/sammy/sammy.js +1696 -0
  152. data/lib/pcapr_local/www/static/script/tipsy/jquery.tipsy.js +104 -0
  153. data/lib/pcapr_local/www/static/style/c3p0.css +116 -0
  154. data/lib/pcapr_local/www/static/style/jquery.suggest.css +27 -0
  155. data/lib/pcapr_local/www/static/style/page.css +1113 -0
  156. data/lib/pcapr_local/www/static/style/tipsy.css +7 -0
  157. data/lib/pcapr_local/www/templates/browse.services.template +10 -0
  158. data/lib/pcapr_local/www/templates/browse.template +77 -0
  159. data/lib/pcapr_local/www/templates/flows.template +38 -0
  160. data/lib/pcapr_local/www/templates/pcap.template +63 -0
  161. data/lib/pcapr_local/www/templates/sip.calls.template +35 -0
  162. data/lib/pcapr_local/www/templates/statistics.template +6 -0
  163. data/lib/pcapr_local/xtractr.rb +179 -0
  164. data/lib/pcapr_local/xtractr/instance.rb +172 -0
  165. data/pcapr-local.gemspec +297 -0
  166. data/test/mu/pcap/reader/tc_http_family.rb +251 -0
  167. data/test/mu/pcap/tc_ethernet.rb +71 -0
  168. data/test/mu/pcap/tc_header.rb +56 -0
  169. data/test/mu/pcap/tc_ipv4.rb +103 -0
  170. data/test/mu/pcap/tc_ipv6.rb +83 -0
  171. data/test/mu/pcap/tc_packet.rb +44 -0
  172. data/test/mu/pcap/tc_pair.rb +58 -0
  173. data/test/mu/pcap/tc_pkthdr.rb +33 -0
  174. data/test/mu/pcap/tc_reader.rb +76 -0
  175. data/test/mu/pcap/tc_tcp.rb +426 -0
  176. data/test/mu/pcap/tc_udp.rb +33 -0
  177. data/test/mu/pcap/tc_wrapper.rb +80 -0
  178. data/test/mu/scenario/pcap/tc_fields.rb +67 -0
  179. data/test/mu/scenario/pcap/tc_rtp.rb +135 -0
  180. data/test/mu/scenario/sip_signalled_call_1.pcap +0 -0
  181. data/test/mu/scenario/tc_pcap.rb +190 -0
  182. data/test/mu/scenario/test_data/arp.pcap +0 -0
  183. data/test/mu/scenario/test_data/dns.pcap +0 -0
  184. data/test/mu/scenario/test_data/http-v6.pcap +0 -0
  185. data/test/mu/scenario/test_data/http.pcap +0 -0
  186. data/test/mu/scenario/test_data/http_chunked.pcap +0 -0
  187. data/test/mu/scenario/test_data/http_deflate.pcap +0 -0
  188. data/test/mu/scenario/test_data/httpauth3.pcap +0 -0
  189. data/test/mu/scenario/test_data/icmp.pcap +0 -0
  190. data/test/mu/scenario/test_data/sip_signalled_call_1.pcap +0 -0
  191. data/test/mu/tc_pcap.rb +39 -0
  192. data/test/mu/testcase.rb +86 -0
  193. data/test/pcapr_local/arp.pcap +0 -0
  194. data/test/pcapr_local/data.js +3 -0
  195. data/test/pcapr_local/http_chunked.pcap +0 -0
  196. data/test/pcapr_local/tc_api.rb +181 -0
  197. data/test/pcapr_local/test.tgz +0 -0
  198. data/test/pcapr_local/test_scanner.rb +241 -0
  199. data/test/pcapr_local/test_xtractr.rb +219 -0
  200. data/test/pcapr_local/testcase.rb +107 -0
  201. data/test/test_export_to_scenario.sh +25 -0
  202. data/test/test_pcapr_local.rb +29 -0
  203. metadata +450 -0
data/.document ADDED
@@ -0,0 +1,5 @@
1
+ lib/**/*.rb
2
+ bin/*
3
+ -
4
+ features/**/*.feature
5
+ LICENSE.txt
data/LICENSE.txt ADDED
@@ -0,0 +1,20 @@
1
+ Copyright (c) 2011 Mu Dynamics
2
+
3
+ Permission is hereby granted, free of charge, to any person obtaining
4
+ a copy of this software and associated documentation files (the
5
+ "Software"), to deal in the Software without restriction, including
6
+ without limitation the rights to use, copy, modify, merge, publish,
7
+ distribute, sublicense, and/or sell copies of the Software, and to
8
+ permit persons to whom the Software is furnished to do so, subject to
9
+ the following conditions:
10
+
11
+ The above copyright notice and this permission notice shall be
12
+ included in all copies or substantial portions of the Software.
13
+
14
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
15
+ EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
16
+ MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
17
+ NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
18
+ LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
19
+ OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
20
+ WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
data/README.md ADDED
@@ -0,0 +1,64 @@
1
+ # pcapr.Local #
2
+
3
+ ## Introduction
4
+
5
+ pcapr.Local is a tool for browsing and managing a large repository of packet captures (pcaps). After you tell pcapr.Local where your pcaps are located, it will index them automatically and let you navigate your collection in the comfort of your web browser. pcapr.Local builds on and integrates with [Xtractr](http://code.google.com/p/pcapr/wiki/Xtractr) so you can analyze your pcaps in the Xtractr web UI. The Xtractr web UI is hosted on pcapr.net but talks to a local Xtractr instance (managed by pcapr.Local) and your data never leaves your network.
6
+
7
+ In addition to managing your pcaps, you can use pcapr.Local to leverage your custom wireshark dissectors when creating Scenarios in Mu Studio. PAR files (described below) created by pcapr.Local can be imported into Mu Studio just like a pcap, but Mu Studio will use your wireshark data to guide Scenario creation.
8
+
9
+ ## Dependencies
10
+
11
+ ### CouchDB
12
+ CouchDB needs to be available. Either or local or remote installation will work. On Ubuntu/Debian you can install CouchDB with:
13
+
14
+ $ sudo apt-get install couchdb
15
+
16
+ ### Wireshark
17
+
18
+ You need to have wireshark installed. In particular the command line "tshark" utility should be available.
19
+
20
+ ### Ruby
21
+
22
+ Tested with Ruby 1.8.6, 1.8.7, and 1.9.2.
23
+
24
+ ## Supported environments
25
+
26
+ Linux only. Sorry.
27
+
28
+ ## Running pcapr.Local
29
+
30
+ 1. Install the gem.
31
+ 2. Run the "startpcapr" executable that is installed with the gem:
32
+
33
+ $ startpcapr
34
+
35
+ This will ask you some basic questions, and will record your answers in a config file at ~/.pcapr_local/config that will be used on subsequent invocations. After collecting configuration information, the server process will continue running in the background and you'll get your prompt back. If you like to keep an eye on what's going on you can tail the pcapr.Local log file with:
36
+
37
+ $ tail -F ~/pcapr.Local/log/server.log
38
+
39
+ 3. Add pcaps to the pcap directory you configured (default ~/pcapr.Local/pcaps) and wait a short while for them to be noticed and indexed (about a minute).
40
+ 4. Point your browser to http://localhost:8080 (or whatever you configured).
41
+ 5. If you want to stop the pcapr.Local server you can do so with:
42
+
43
+ $ stoppcapr
44
+
45
+ ## Creating PAR files
46
+
47
+ A PAR file (Pcap ARchive) is a format that can be imported onto a Mu Studio to create a Scenario. For purposes of Scenario creation, a PAR file is equivalent to the starting pcap with a couple of exceptions:
48
+
49
+ 1. The PAR file contains wireshark dissection data from your local wireshark installation. This means you get the full benefits of any custom dissectors you may have.
50
+ 2. When you import a PAR you'll bypass the normal flow selection page and go directly to the Scenario editor.
51
+
52
+ ### In the GUI
53
+
54
+ Select a pcap in the pcapr.Local browser. The page that opens has a link at the bottom that lets you download a PAR file for that pcap.
55
+
56
+ ### On the Command Line
57
+
58
+ The gem bundles a CLI tool for creating PAR files called 'pcap2par'. Usage is very simple, just provide a path to your pcap:
59
+
60
+ $ pcap2par my_traffic.pcap
61
+
62
+ This will create the PAR file called "export.par" in the current directory. You can optionally specify the output file as a second argument:
63
+
64
+ $ pcap2par my_traffic.pcap ~/par_files/my_traffic.par
data/Rakefile ADDED
@@ -0,0 +1,57 @@
1
+ require 'rubygems'
2
+ require 'rake'
3
+
4
+ require 'jeweler'
5
+ Jeweler::Tasks.new do |gem|
6
+ # gem is a Gem::Specification... see http://docs.rubygems.org/read/chapter/20 for more options
7
+ gem.name = "pcapr-local"
8
+ gem.homepage = "http://github.com/pcapr-local/pcapr-local"
9
+ gem.license = "MIT"
10
+ gem.summary = %Q{Manage your pcap collection}
11
+ gem.description = %Q{Index, Browse, and Query your vast pcap collection.}
12
+ gem.email = "nbaggott@gmail.com"
13
+ gem.authors = ["Mu Dynamics"]
14
+ gem.add_dependency "rest-client", ">= 1.6.1"
15
+ gem.add_dependency "couchrest", "~> 1.0.1"
16
+ gem.add_dependency "sinatra", "~> 1.1.0"
17
+ gem.add_dependency "json", ">= 1.4.6"
18
+ gem.add_dependency "thin", "~> 1.2.7"
19
+ gem.add_dependency "rack", "~> 1.2.1"
20
+ gem.add_dependency "rack-contrib", "~> 1.1.0"
21
+ # Include your dependencies below. Runtime dependencies are required when using your gem,
22
+ # and development dependencies are only needed for development (ie running rake tasks, tests, etc)
23
+ # gem.add_runtime_dependency 'jabber4r', '> 0.1'
24
+ # gem.add_development_dependency 'rspec', '> 1.2.3'
25
+ gem.add_development_dependency "shoulda", ">= 0"
26
+ gem.add_development_dependency "bundler", "~> 1.0.0"
27
+ gem.add_development_dependency "jeweler", "~> 1.5.2"
28
+ gem.add_development_dependency "rcov", ">= 0"
29
+
30
+ end
31
+ Jeweler::RubygemsDotOrgTasks.new
32
+
33
+ require 'rake/testtask'
34
+ Rake::TestTask.new(:test) do |test|
35
+ test.libs << 'lib' << 'test'
36
+ test.pattern = 'test/**/test_*.rb'
37
+ test.verbose = true
38
+ end
39
+
40
+ require 'rcov/rcovtask'
41
+ Rcov::RcovTask.new(:rcov) do |test|
42
+ test.libs << 'test'
43
+ test.pattern = 'test/**/test_*.rb'
44
+ test.verbose = true
45
+ end
46
+
47
+ task :default => :test
48
+
49
+ require 'rake/rdoctask'
50
+ Rake::RDocTask.new do |rdoc|
51
+ version = File.exist?('VERSION') ? File.read('VERSION') : ""
52
+
53
+ rdoc.rdoc_dir = 'rdoc'
54
+ rdoc.title = "pcapr-local #{version}"
55
+ rdoc.rdoc_files.include('README*')
56
+ rdoc.rdoc_files.include('lib/**/*.rb')
57
+ end
data/VERSION ADDED
@@ -0,0 +1 @@
1
+ 0.1.10
data/bin/pcap2par ADDED
@@ -0,0 +1,49 @@
1
+ #!/usr/bin/env ruby
2
+ # Copyright (C) 2008 Mu Dynamics, Inc
3
+ #
4
+ # This program is confidential and proprietary to Mu Dynamics, Inc and
5
+ # may not be reproduced, published or disclosed to others without its
6
+ # authorization.
7
+
8
+ libdir = File.dirname(__FILE__) + "/../lib"
9
+ libdir = File.expand_path(libdir)
10
+ $: << libdir
11
+
12
+ require 'pcapr_local'
13
+ require 'optparse'
14
+ require 'mu/pcap'
15
+ require 'mu/scenario/pcap'
16
+
17
+ PcaprLocal::Config.assert_environment
18
+
19
+ options = {
20
+ :isolate_l7 => false
21
+ }
22
+
23
+ opts = OptionParser.new do |opts|
24
+ opts.banner =
25
+ "Usage: pcap2par [options] <pcap> [export file]"
26
+ opts.on('-i', '--isolate', 'Include only TCP/UDP/SCTP traffic (excluding DNS, DHCP)') do
27
+ options[:isolate_l7] = true
28
+ end
29
+ opts.on_tail('-h', '--help', 'Show this message') do
30
+ puts opts
31
+ exit 0
32
+ end
33
+ end
34
+
35
+ argv = opts.parse!
36
+ unless argv.size == 1 or argv.size == 2
37
+ $stderr.puts opts
38
+ exit 1
39
+ end
40
+
41
+ pcap = argv[0]
42
+ archive = argv[1] || "export.par"
43
+ io = Mu::Scenario::Pcap.export_to_par pcap, options
44
+ archive_io = open(archive, 'wb')
45
+ while block=io.read(4096)
46
+ archive_io.print block
47
+ end
48
+
49
+ puts "export is located at #{archive}"
data/bin/startpcapr ADDED
@@ -0,0 +1,40 @@
1
+ #!/usr/bin/env ruby
2
+
3
+ libdir = File.dirname(__FILE__) + "/../lib"
4
+ libdir = File.expand_path(libdir)
5
+ $: << libdir
6
+
7
+ require 'pcapr_local'
8
+ require 'optparse'
9
+
10
+ PcaprLocal::Config.assert_environment
11
+
12
+ config_file = nil
13
+ debug_mode = false
14
+ opts = OptionParser.new do |opts|
15
+ opts.banner = "Usage: #{$0} [-f config_file]"
16
+ opts.on('-f', '--config_file FILE', 'Config file') do |f|
17
+ config_file = f
18
+ end
19
+ opts.on('-d', '--debug_mode', 'Run in debug mode (server runs in foreground)') do
20
+ debug_mode = true
21
+ end
22
+ opts.on_tail('-h', '--help', 'Show this message') do
23
+ puts opts
24
+ exit 0
25
+ end
26
+ end
27
+ opts.parse!
28
+
29
+ config = PcaprLocal::Config.config config_file
30
+ if debug_mode
31
+ config["debug_mode"] = true
32
+ # log to stdout
33
+ config["log_dir"] = nil
34
+ else
35
+ config["debug_mode"] = false
36
+ end
37
+
38
+
39
+ PcaprLocal.start config
40
+
data/bin/stoppcapr ADDED
@@ -0,0 +1,33 @@
1
+ #!/usr/bin/env ruby
2
+
3
+ libdir = File.dirname(__FILE__) + "/../lib"
4
+ libdir = File.expand_path(libdir)
5
+ $: << libdir
6
+
7
+ require 'pcapr_local'
8
+ require 'optparse'
9
+
10
+ PcaprLocal::Config.assert_environment
11
+
12
+ include PcaprLocal
13
+
14
+ config_file = nil
15
+ opts = OptionParser.new do |opts|
16
+ opts.banner = "Usage: #{$0} [-f config_file]"
17
+ opts.on('-f', '--config_file FILE', 'Config file') do |f|
18
+ config_file = f
19
+ end
20
+ opts.on_tail('-h', '--help', 'Show this message') do
21
+ puts opts
22
+ exit 0
23
+ end
24
+ end
25
+ opts.parse!
26
+
27
+ config_file ||= PcaprLocal::Config.user_config_path
28
+
29
+ if File.exist?(config_file)
30
+ config = PcaprLocal::Config.config config_file
31
+ PcaprLocal.stop config
32
+ end
33
+
data/bin/xtractr ADDED
@@ -0,0 +1,5 @@
1
+ #!/usr/bin/env ruby
2
+
3
+ xtractr = File.dirname(__FILE__) + "/../lib/exe/xtractr"
4
+ xtractr = File.expand_path xtractr
5
+ exec xtractr, *ARGV
@@ -0,0 +1,106 @@
1
+ # http://www.mudynamics.com
2
+ # http://labs.mudynamics.com
3
+ # http://www.pcapr.net
4
+
5
+ if defined? Encoding
6
+ Encoding.default_external = Encoding::BINARY
7
+ end
8
+
9
+ module PcaprLocal
10
+ ROOT = File.expand_path(File.dirname(File.dirname(__FILE__)))
11
+ $: << ROOT
12
+ end
13
+
14
+ class Integer
15
+ # Make sure Integer#ord is present
16
+ if RUBY_VERSION < "1.8.7"
17
+ def ord
18
+ return self
19
+ end
20
+ end
21
+ end
22
+
23
+ # Make sure barebones Dir.mktmpdir is present
24
+ require 'tempfile'
25
+ class Dir
26
+ if not self.respond_to? :mktmpdir
27
+ def self.mktmpdir
28
+ t = (Time.now.to_f * 1_000_000).to_i.to_s(36)
29
+ path = "#{tmpdir}/d#{t}-#{$$}-#{rand(0x100000000).to_s(36)}"
30
+ Dir.mkdir path
31
+ path
32
+ end
33
+ end
34
+ end
35
+
36
+
37
+ module Process
38
+ # Supply daemon for pre ruby 1.9
39
+ # Adapted from lib/active_support/core_ext/process/daemon.rb
40
+ def self.daemon(nochdir = nil, noclose = nil)
41
+ exit! if fork # Parent exits, child continues.
42
+ Process.setsid # Become session leader.
43
+ exit! if fork # Zap session leader. See [1].
44
+
45
+ unless nochdir
46
+ Dir.chdir "/" # Release old working directory.
47
+ end
48
+
49
+ unless noclose
50
+ STDIN.reopen "/dev/null" # Free file descriptors and
51
+ STDOUT.reopen "/dev/null", "a" # point them somewhere sensible.
52
+ STDERR.reopen '/dev/null', 'a'
53
+ end
54
+
55
+ trap("TERM") { exit }
56
+
57
+ return 0
58
+
59
+ end unless self.respond_to? :daemon
60
+ end
61
+
62
+ class Regexp
63
+ # Patch Regexp.union to accept an array
64
+ if RUBY_VERSION < "1.8.7"
65
+ class << self
66
+ alias :union_pre187 :union
67
+ def union *arg
68
+ if arg.size == 1 and arg[0].is_a? Array
69
+ arg = arg[0]
70
+ end
71
+ union_pre187 *arg
72
+ end
73
+ end
74
+ end
75
+ end
76
+
77
+ class String
78
+ # Convert from hex. E.g. "0d0a".from_hex is "\r\n".
79
+ # Raises ArgumentError on invalid input.
80
+ def from_hex
81
+ return "" if self.empty?
82
+ hex = self
83
+ Integer("0x#{hex}")
84
+ if hex.length % 2 == 1
85
+ hex = "0#{hex}"
86
+ end
87
+ [hex].pack 'H*'
88
+ end
89
+ end
90
+
91
+ # Implement simple Readline.readline if interpreter is not
92
+ # compiled with readline support.
93
+ begin
94
+ require 'readline'
95
+ rescue LoadError
96
+ class Readline
97
+ def self.readline prompt
98
+ print prompt
99
+ gets
100
+ end
101
+ end
102
+ end
103
+
104
+
105
+
106
+
data/lib/exe/xtractr ADDED
Binary file
data/lib/mu/pcap.rb ADDED
@@ -0,0 +1,110 @@
1
+ # http://www.mudynamics.com
2
+ # http://labs.mudynamics.com
3
+ # http://www.pcapr.net
4
+
5
+ require 'socket'
6
+ require 'stringio'
7
+
8
+ module Mu
9
+
10
+ class Pcap
11
+ class ParseError < StandardError ; end
12
+
13
+ LITTLE_ENDIAN = 0xd4c3b2a1
14
+ BIG_ENDIAN = 0xa1b2c3d4
15
+
16
+ DLT_NULL = 0
17
+ DLT_EN10MB = 1
18
+ DLT_RAW = 12 # DLT_LOOP in OpenBSD
19
+ DLT_LINUX_SLL = 113
20
+
21
+ attr_accessor :header, :pkthdrs
22
+
23
+ def initialize
24
+ @header = Header.new
25
+ @pkthdrs = []
26
+ end
27
+
28
+ # Read PCAP file from IO and return Mu::Pcap. If decode is true, also
29
+ # decode the Pkthdr packet contents to Mu::Pcap objects.
30
+ def self.read io, decode=true
31
+ pcap = Pcap.new
32
+ pcap.header = each_pkthdr(io, decode) do |pkthdr|
33
+ pcap.pkthdrs << pkthdr
34
+ end
35
+ return pcap
36
+ end
37
+
38
+ # Create PCAP from list of packets.
39
+ def self.from_packets packets
40
+ pcap = Pcap.new
41
+ packets.each do |packet|
42
+ pkthdr = Mu::Pcap::Pkthdr.new
43
+ pkthdr.pkt = packet
44
+ pcap.pkthdrs << pkthdr
45
+ end
46
+ return pcap
47
+ end
48
+
49
+ # Write PCAP file to IO. Uses big-endian and linktype EN10MB.
50
+ def write io
51
+ @header.write io
52
+ @pkthdrs.each do |pkthdr|
53
+ pkthdr.write io
54
+ end
55
+ end
56
+
57
+ # Read PCAP packet headers from IO and return Mu::Pcap::Header. If decode
58
+ # is true, also decode the Pkthdr packet contents to Mu::Pcap objects. Use
59
+ # this for large files when each packet header can processed independently
60
+ # - it will perform better.
61
+ def self.each_pkthdr io, decode=true
62
+ header = Header.read io
63
+ while not io.eof?
64
+ pkthdr = Pkthdr.read io, header.magic
65
+ if decode
66
+ pkthdr.decode! header.magic, header.linktype
67
+ end
68
+ yield pkthdr
69
+ end
70
+ return header
71
+ end
72
+
73
+ # Read packets from PCAP
74
+ def self.read_packets io, decode=true
75
+ packets = []
76
+ each_pkthdr(io) { |pkthdr| packets << pkthdr.pkt }
77
+ return packets
78
+ end
79
+
80
+ # Assertion used during Pcap parsing
81
+ def self.assert cond, msg
82
+ if not cond
83
+ raise ParseError, msg
84
+ end
85
+ end
86
+
87
+ # Warnings from Pcap parsing are printed using this method.
88
+ def self.warning msg
89
+ $stderr.puts "WARNING: #{msg}"
90
+ end
91
+
92
+ def == other
93
+ return self.class == other.class &&
94
+ self.header == other.header &&
95
+ self.pkthdrs == other.pkthdrs
96
+ end
97
+ end
98
+
99
+ end
100
+
101
+ require 'mu/pcap/header'
102
+ require 'mu/pcap/pkthdr'
103
+ require 'mu/pcap/packet'
104
+ require 'mu/pcap/ethernet'
105
+ require 'mu/pcap/ip'
106
+ require 'mu/pcap/ipv4'
107
+ require 'mu/pcap/ipv6'
108
+ require 'mu/pcap/tcp'
109
+ require 'mu/pcap/udp'
110
+ require 'mu/pcap/sctp'