pstream 0.1.5 → 0.1.6

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 1afe70b3724cd8353c6bd17031e138c7dd42b50b
-  data.tar.gz: 4d3bf554e42032d0cbc2c881cc9fa21aab4bd251
+  metadata.gz: db60008303d60fa05efe50c9481ad9218c69f7f2
+  data.tar.gz: 7eb962f4c41ee92d12b2ae00d68e783d92ba8954
 SHA512:
-  metadata.gz: 08103ae437935a21d93334da06aabc13687c5dfcf3d9d1ff6b426e60311605cdf9a6788063fcee666cf4c7ae5ec8e1b3fd79f1752d00f0987cd7027b2599745c
-  data.tar.gz: 71803c79752fdb01a8b268eb589017ddc191bf30d88a29ed90ed4a9ac02654f3e4fe47fd8985ae58d3396f1fe0c8e9e2d31f395ce1cbb725a2c18d5da4855817
+  metadata.gz: 91c364b4931a5f687ef496e1705101ecad13097aa7c8dc5e490e45cfdee15fac03290034db6ff0992f38399245ff2b08d7a938f521de5e30cfbd05328a581d97
+  data.tar.gz: 371ed0e85b84eb5ce2c66c3e0b5a594055c6a08e092146c9fdb75fec6a7e1f83f9c2a4f5c38920aeeb2758c4c74e2d3d2e98de79f395e9cadbf9fa782f8ae9cf

data/bin/pstream

@@ -1,5 +1,7 @@
 #!/usr/bin/env ruby
 
+require "colorize"
+require "io/wait"
 require "optparse"
 require "pstream"
 require "string"
@@ -18,6 +20,7 @@ def parse(args)
     options["ciphers"] = false
     options["prot"] = "tcp"
     options["stream"] = nil
+    options["verbose"] = false
 
     info = "Analyze pcap files. Can view tcp/udp streams or " \
         "ciphersuites in use."
@@ -46,6 +49,14 @@ def parse(args)
             options["prot"] = "udp"
         end
 
+        opts.on(
+            "-v",
+            "--verbose",
+            "Show backtrace when error occurs"
+        ) do
+            options["verbose"] = true
+        end
+
         opts.on("", info.word_wrap)
     end
 
@@ -80,19 +91,45 @@ begin
     pstream = PStream.new(options["pcap"])
 
     if (options["stream"])
-        case options["prot"]
-        when "tcp"
-            puts pstream.tcp_streams[options["stream"]].contents
-        when "udp"
-            puts pstream.udp_streams[options["stream"]].contents
-        end
+        puts pstream.get_stream(
+            options["stream"].to_i,
+            options["prot"]
+        ).contents
     elsif (options["ciphers"])
         puts pstream.ciphers
     else
-        puts pstream.summary
+        puts pstream.to_s
     end
 rescue PStream::Error => e
-    puts e.message
+    $stderr.puts e.message.red
+    if (options["verbose"])
+        e.backtrace.each do |line|
+            $stderr.puts line.yellow
+        end
+    end
+    exit PStreamExit::EXCEPTION
+rescue Interrupt
+    # ^C
+    # Exit gracefully
+rescue Errno::EPIPE
+    # Do nothing. This can happen if piping to another program such as
+    # less. Usually if less is closed before PStream is done with
+    # STDOUT.
+rescue Exception => e
+    $stderr.puts "Oops! Looks like an error has occured! If the " \
+        "error persists, file a bug at:"
+    $stderr.puts
+    $stderr.puts "    https://gitlab.com/mjwhitta/pstream/issues"
+    $stderr.puts
+    $stderr.puts "Maybe the message below will help. If not, you " \
+        "can use the --verbose flag to get a backtrace.".word_wrap
+
+    $stderr.puts e.message.red
+    if (options["verbose"])
+        e.backtrace.each do |line|
+            $stderr.puts line.yellow
+        end
+    end
     exit PStreamExit::EXCEPTION
 end
 exit PStreamExit::GOOD

data/lib/pstream.rb

@@ -2,24 +2,56 @@ require "pathname"
 require "scoobydoo"
 
 class PStream
-    attr_accessor :tcp_streams
-    attr_accessor :udp_streams
+    attr_reader :tcp_streams
+    attr_reader :udp_streams
 
     def ciphers
         # List ciphers during ssl handshake
         out = %x(
-            tshark -r #{@pcap} -Y ssl.handshake.ciphersuite -V | \
-                 \grep -E "Internet Protocol|Hostname:|Cipher Suite"
+            tshark -r #{@pcap} -Y ssl.handshake.ciphersuite -V 2>&1 \
+                | \grep -E "Internet Protocol|Hostname:|Cipher Suite"
         )
         return out
     end
 
+    def get_stream(stream, prot = "tcp")
+        case prot
+        when "tcp"
+            if (@tcp_streams.empty? && !@udp_streams.empty?)
+                return get_stream(stream, "udp")
+            end
+            if (stream >= @tcp_streams.length)
+                raise PStream::Error::StreamNotFound.new(stream, prot)
+            else
+                return @tcp_streams[stream]
+            end
+        when "udp"
+            if (@udp_streams.empty? && !@tcp_streams.empty?)
+                return get_stream(stream, "udp")
+            end
+            if (stream >= @udp_streams.length)
+                raise PStream::Error::StreamNotFound.new(stream, prot)
+            else
+                return @udp_streams[stream]
+            end
+        else
+            raise PStream::Error::ProtocolNotSupported.new(prot)
+        end
+    end
+
     def get_streams(prot)
+        case prot
+        when "tcp", "udp"
+            # Do nothing
+        else
+            raise PStream::Error::ProtocolNotSupported.new(prot)
+        end
+
         streams = Array.new
 
         out = %x(
-            tshark -r #{@pcap} -z conv,#{prot} | \grep -E "<->" | \
-                awk '{print $1, $2, $3, "|", $8, "Frames"}'
+            tshark -r #{@pcap} -z conv,#{prot} 2>&1 | \grep -E "<->" \
+                | awk '{print $1, $2, $3, "|", $8, "Frames"}'
         )
 
         count = 0
@@ -54,6 +86,16 @@ class PStream
         @udp_streams = get_streams("udp")
     end
 
+    def negotiated_ciphers
+        f = "ssl.handshake.ciphersuite && ssl.handshake.type == 2"
+        out = %x(
+            tshark -r #{@pcap} -Y "#{f}" -V 2>&1 | \
+                \grep -E "Cipher Suite:" | \
+                sed -r "s|^ +Cipher Suite: ||g" | sort -u
+        )
+        return out.split("\n")
+    end
+
     def summary
         ret = Array.new
 
@@ -77,16 +119,11 @@ class PStream
 
         # List ciphers that were actually selected
         ret.push("Ciphers in use:")
-        f = "ssl.handshake.ciphersuite && ssl.handshake.type == 2"
-        out = %x(
-            tshark -r #{@pcap} -Y "#{f}" -V | \
-                \grep -E "Cipher Suite:" | \
-                sed -r "s|^ +Cipher Suite: ||g" | sort -u
-        )
-        ret.concat(out.split("\n"))
+        ret.concat(negotiated_ciphers)
 
         return ret.join("\n")
     end
+    private :summary
 
     def to_s
         return summary

data/lib/pstream/error.rb

@@ -3,4 +3,6 @@ end
 
 require "pstream/error/pcap_not_found"
 require "pstream/error/pcap_not_readable"
+require "pstream/error/protocol_not_supported"
+require "pstream/error/stream_not_found"
 require "pstream/error/tshark_not_found"

data/lib/pstream/error/protocol_not_supported.rb

@@ -0,0 +1,5 @@
+class PStream::Error::ProtocolNotSupported < PStream::Error
+    def initialize(prot)
+        super("Protocol #{prot} not supported")
+    end
+end

data/lib/pstream/error/stream_not_found.rb

@@ -0,0 +1,5 @@
+class PStream::Error::StreamNotFound < PStream::Error
+    def initialize(stream, prot = "tcp")
+        super("Protocol #{prot} does not have stream #{stream}")
+    end
+end

data/lib/pstream/stream.rb

@@ -1,7 +1,7 @@
 class PStream::Stream
-    attr_accessor :desc
-    attr_accessor :frames
-    attr_accessor :id
+    attr_reader :desc
+    attr_reader :frames
+    attr_reader :id
 
     def contents
         out = %x(
@@ -19,7 +19,7 @@ class PStream::Stream
         @prot = prot
     end
 
-    def to_s()
+    def to_s
         return contents
     end
 end

metadata

@@ -1,15 +1,35 @@
 --- !ruby/object:Gem::Specification
 name: pstream
 version: !ruby/object:Gem::Version
-  version: 0.1.5
+  version: 0.1.6
 platform: ruby
 authors:
 - Miles Whittaker
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2016-02-18 00:00:00.000000000 Z
+date: 2016-03-03 00:00:00.000000000 Z
 dependencies:
+- !ruby/object:Gem::Dependency
+  name: colorize
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.7'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.7.7
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.7'
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.7.7
 - !ruby/object:Gem::Dependency
   name: scoobydoo
   requirement: !ruby/object:Gem::Requirement
@@ -42,6 +62,8 @@ files:
 - lib/pstream/error.rb
 - lib/pstream/error/pcap_not_found.rb
 - lib/pstream/error/pcap_not_readable.rb
+- lib/pstream/error/protocol_not_supported.rb
+- lib/pstream/error/stream_not_found.rb
 - lib/pstream/error/tshark_not_found.rb
 - lib/pstream/stream.rb
 - lib/string.rb