syspy 0.0.19 → 0.0.20

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. data/bin/syspy +1 -1
  2. data/lib/tcpflow +0 -0
  3. data/lib/tds_package_stream.rb +18 -59
  4. metadata +31 -52
data/bin/syspy CHANGED
@@ -44,7 +44,7 @@ module Syspy
44
44
  index += 1
45
45
  }
46
46
  end
47
- Log.info("Replaced parameters: #{index}\n\n#{replaced_statement.gsub("\n","\r\n").squeeze(" ")}\n------------------------------------------------------")
47
+ Log.info("Replaced parameters: #{index}\n\n#{replaced_statement.gsub("\r\n","\n").gsub("\n"," ").gsub("\t"," ").squeeze(" ").strip}\n------------------------------------------------------")
48
48
  end
49
49
  }
50
50
  end
data/lib/tcpflow ADDED
Binary file
data/lib/tds_package_stream.rb CHANGED
@@ -7,6 +7,9 @@ require "tds_tokens"
7
7
 
8
8
  module Syspy
9
9
  class TdsPackageStream
10
+
11
+ HEADER_LENGTH = 45
12
+ HEADER_REGEXP = /\d{3}\.\d{3}\.\d{3}\.\d{3}\.\d{5}-\d{3}\.\d{3}\.\d{3}\.\d{3}\.\d{5}: /
10
13
 
11
14
  def initialize(interface,dst,dst_port)
12
15
  @interface = interface
@@ -18,32 +21,21 @@ module Syspy
18
21
  def each_package()
19
22
  Thread.abort_on_exception = true
20
23
  @tcpdump_thread = Thread.new(){
21
- IO.popen("tcpdump -y EN10MB -B 2048 -q -x -i #{@interface} tcp and dst #{@dst} and dst port #{@dst_port} 2>/dev/null"){|io|
22
- buffer = StringIO.new()
23
- io.each_line(){|line|
24
- if(line.match(/^\d{1,2}:\d{1,2}:\d{1,2}.+$/))
25
- unless(buffer.string.empty?)
26
- data_io = StringIO.new(buffer.string)
27
- tcp_length = read_ip_header(data_io)
28
- Log.debug "Got IP package: #{tcp_length}"
29
- content_length = read_tcp_header(data_io,tcp_length)
30
- Log.debug "Got TCP package: #{content_length}"
31
- if(content_length > 0)
32
- content = data_io.read(content_length)
33
- @out.write(content)
34
- @out.flush
35
- end
36
- buffer = StringIO.new()
37
- end
38
- else
39
- token = line.squeeze(" ").split(" ")[1..-1].join("")
40
- 0.upto((token.size / 2) - 1){|i|
41
- char = token[i*2,2].to_i(16)
42
- buffer.putc(char)
43
- }
24
+ IO.popen("#{File.dirname(__FILE__)}/tcpflow -c -B -i #{@interface} tcp and dst #{@dst} and dst port #{@dst_port} 2>/dev/null"){|io|
25
+ content = ""
26
+ loop(){
27
+ content << io.read(1)
28
+
29
+ if(content.match(HEADER_REGEXP))
30
+ payload = content[0..(-2 - HEADER_LENGTH)]
31
+ @out.write(payload)
32
+ @out.flush
33
+ content = ""
44
34
  end
45
- }
46
- }
35
+
36
+ Log.debug "Network package done"
37
+ }
38
+ }
47
39
  }
48
40
 
49
41
  content = ""
@@ -86,39 +78,6 @@ module Syspy
86
78
  return package
87
79
  end
88
80
  nil
89
- end
90
-
91
- def read_ip_header(io)
92
- # read IP version and header length
93
- ver_len = Bytes.uint(io)
94
- version = ver_len >> 4
95
-
96
- raise "Invalid IP version: #{version}" unless version == 4 || version == 6
97
-
98
- header_length = (ver_len & 0x0F) * 4
99
-
100
- # skip TOS
101
- Bytes.uint(io)
102
-
103
- # get package length
104
- content_length = Bytes.uint16be(io)
105
-
106
- # consume remaining IP header
107
- io.read(header_length - 4)
108
- content_length - header_length
109
- end
110
-
111
- def read_tcp_header(io, ip_package_size)
112
- # skip first 12
113
- io.read(12)
114
-
115
- # get header length
116
- tcp_offset = (Bytes.uint(io) >> 4) * 4
117
-
118
- # consume remaining tcp header
119
- io.read(tcp_offset - 13)
120
-
121
- ip_package_size - tcp_offset
122
- end
81
+ end
123
82
  end
124
83
  end
metadata CHANGED
@@ -1,46 +1,35 @@
1
- --- !ruby/object:Gem::Specification
1
+ --- !ruby/object:Gem::Specification
2
2
  name: syspy
3
- version: !ruby/object:Gem::Version
4
- hash: 57
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.0.20
5
5
  prerelease:
6
- segments:
7
- - 0
8
- - 0
9
- - 19
10
- version: 0.0.19
11
6
  platform: ruby
12
- authors:
7
+ authors:
13
8
  - Matthias Balmer
14
9
  autorequire:
15
10
  bindir: bin
16
11
  cert_chain: []
17
-
18
- date: 2013-02-14 00:00:00 +01:00
19
- default_executable:
20
- dependencies:
21
- - !ruby/object:Gem::Dependency
12
+ date: 2013-02-14 00:00:00.000000000 Z
13
+ dependencies:
14
+ - !ruby/object:Gem::Dependency
22
15
  name: bindata
23
- prerelease: false
24
- requirement: &id001 !ruby/object:Gem::Requirement
16
+ requirement: &20472460 !ruby/object:Gem::Requirement
25
17
  none: false
26
- requirements:
27
- - - ">="
28
- - !ruby/object:Gem::Version
29
- hash: 3
30
- segments:
31
- - 0
32
- version: "0"
18
+ requirements:
19
+ - - ! '>='
20
+ - !ruby/object:Gem::Version
21
+ version: '0'
33
22
  type: :runtime
34
- version_requirements: *id001
23
+ prerelease: false
24
+ version_requirements: *20472460
35
25
  description:
36
26
  email: matthias.balmer@sysinf.ch
37
- executables:
27
+ executables:
38
28
  - syspy
39
29
  extensions: []
40
-
41
30
  extra_rdoc_files: []
42
-
43
- files:
31
+ files:
32
+ - lib/tcpflow
44
33
  - lib/bytes.rb
45
34
  - lib/tds_types.rb
46
35
  - lib/tds_tokens.rb
@@ -53,39 +42,29 @@ files:
53
42
  - lib/syspy.rb
54
43
  - lib/tds_package.rb
55
44
  - bin/syspy
56
- has_rdoc: true
57
45
  homepage:
58
46
  licenses: []
59
-
60
- post_install_message: To use syspy as standalone application run "sudo syspy <interface> <destination_ip> <destination_port>"
47
+ post_install_message: To use syspy as standalone application run "sudo syspy <interface>
48
+ <destination_ip> <destination_port>"
61
49
  rdoc_options: []
62
-
63
- require_paths:
50
+ require_paths:
64
51
  - lib
65
- required_ruby_version: !ruby/object:Gem::Requirement
52
+ required_ruby_version: !ruby/object:Gem::Requirement
66
53
  none: false
67
- requirements:
68
- - - ">="
69
- - !ruby/object:Gem::Version
70
- hash: 3
71
- segments:
72
- - 0
73
- version: "0"
74
- required_rubygems_version: !ruby/object:Gem::Requirement
54
+ requirements:
55
+ - - ! '>='
56
+ - !ruby/object:Gem::Version
57
+ version: '0'
58
+ required_rubygems_version: !ruby/object:Gem::Requirement
75
59
  none: false
76
- requirements:
77
- - - ">="
78
- - !ruby/object:Gem::Version
79
- hash: 3
80
- segments:
81
- - 0
82
- version: "0"
60
+ requirements:
61
+ - - ! '>='
62
+ - !ruby/object:Gem::Version
63
+ version: '0'
83
64
  requirements: []
84
-
85
65
  rubyforge_project:
86
- rubygems_version: 1.4.2
66
+ rubygems_version: 1.8.11
87
67
  signing_key:
88
68
  specification_version: 3
89
69
  summary: Observe TDS packages directly from a network interface
90
70
  test_files: []
91
-