[sci-flex commit] r414 - resources

0 views

Skip to first unread message

codesite...@google.com

unread,

Jan 21, 2009, 4:15:19 PM1/21/09

to sci-fl...@googlegroups.com

Author: senakafdo
Date: Wed Jan 21 13:13:58 2009
New Revision: 414

Added:
resources/tcpdump2xml (contents, props changed)

Log:
Adding script to convert TCP Dump to XML

Added: resources/tcpdump2xml
==============================================================================
--- (empty file)
+++ resources/tcpdump2xml Wed Jan 21 13:13:58 2009
@@ -0,0 +1,116 @@
+#!/usr/bin/awk -f
+
+# Copyright 2003 Jose Nazario <jo...@monkey.org>
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+# 1. Redistributions of source code must retain the above copyright
+# notice, this list of conditions and the following disclaimer.
+# 2. Redistributions in binary form must reproduce the above copyright
+# notice, this list of conditions and the following disclaimer in the
+# documentation and/or other materials provided with the distribution.
+# 3. All advertising materials mentioning features or use of this software
+# must display the following acknowledgement:
+# This product contains software developed by Jose Nazario.
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+# IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+BEGIN {
+ printf("<?xml version=\"1.0\" encoding=\"ISO-8859-1\" ?>\n")
+ printf(" <?xml-stylesheet type=\"text/xsl\"
href=\"pfxml.xsl\" ?>\n")
+ printf(" <pf source=\"pf2xml-0.22\" >\n")
+}
+{
+ gsub("<", "\\<", $0)
+ gsub(">", "\\>", $0)
+ if ($(6) == "IP") {
+ sub(",", "", $3)
+ printf(" <packet type=\"IP\" vlan=\"%s\">\n", $3)
+ printf(" <version>4</version>\n")
+ printf(" <timestamp date=\"Jan 21\" time=\"%s\" />\n", $1)
+ sub(",", "", $21)
+ sub("\)", "", $21)
+ printf(" <protocol>%s</protocol>\n", $18)
+ printf(" <length>%s</length>\n", $21)
+ sub(",", "", $12)
+ sub(",", "", $14)
+ sub(",", "", $16)
+ printf(" <fragment id=\"%s\" offset=\"%s\" flags=\"%s\"
/>\n", $12, $14, $16)
+ if ($(22) == "options") {
+ split($(24), sip, ".")
+ printf(" <source ip=\"%s.%s.%s.%s\"", sip[1], sip[2],
sip[3], sip[4])
+ if (sip[5] != "") {
+ printf(" port=\"%s\"", sip[5])
+ }
+ printf(" />\n")
+ sub(":", "", $(26))
+ split($(26), dip, ".")
+ if (dip[4] != "") {
+ printf(" <destination ip=\"%s.%s.%s.%s\"", dip[1],
dip[2], dip[3], dip[4])
+ if (dip[5] != "") {
+ printf (" port=\"%s\"", dip[5])
+ }
+ } else {
+ printf(" <destination ip=\"%s.%s\"", dip[1], dip[2])
+ if (dip[3] != "") {
+ printf (" port=\"%s\"", dip[3])
+ }
+ }
+ printf(" />\n")
+ sub(",", "", $8)
+ sub(",", "", $10)
+ extra = $(27) " " $(28) " " $(29) " " $(30) " " $(31) " "
$(32) " " $(33) " " $(34) " " $(35) " " $(36) " " $(37) " " $(38) " "
$(39) " " $(40) " " $(41)
+ sub("\)\)", ")", $23)
+ printf(" <extra tos=\"%s\" ttl=\"%s\" options=\"%s\"
information=\"%s\" />\n", $8, $10, $23, extra)
+ } else {
+ split($(22), sip, ".")
+ printf(" <source ip=\"%s.%s.%s.%s\"", sip[1], sip[2],
sip[3], sip[4])
+ if (sip[5] != "") {
+ printf(" port=\"%s\"", sip[5])
+ }
+ printf(" />\n")
+ sub(":", "", $(24))
+ split($(24), dip, ".")
+ printf(" <destination ip=\"%s.%s.%s.%s\"", dip[1], dip[2],
dip[3], dip[4])
+ if (dip[5] != "") {
+ printf (" port=\"%s\"", dip[5])
+ }
+ printf(" />\n")
+ sub(",", "", $8)
+ sub(",", "", $10)
+ extra = $(25) " " $(26) " " $(27) " " $(28) " " $(29) " "
$(30) " " $(31) " " $(32) " " $(33) " " $(34) " " $(35) " " $(36) " "
$(37) " " $(38) " " $(39)
+ printf(" <extra tos=\"%s\" ttl=\"%s\" information=\"%s\"
/>\n", $8, $10, extra)
+ }
+ printf(" </packet>\n")
+ } else if ($(6) == "IP6") {
+ sub(",", "", $3)
+ printf(" <packet type=\"IP\" vlan=\"%s\">\n", $3)
+ printf(" <version>6</version>\n")
+ printf(" <timestamp date=\"Jan 21\" time=\"%s\" />\n", $1)
+ sub(",", "", $14)
+ sub("\)", "", $14)
+ printf(" <length>%s</length>\n", $14)
+ printf(" <next-header>%s</next-header>\n", $10)
+ printf(" <source ip=\"%s\" />\n", $15)
+ sub(":$", "", $17)
+ printf(" <destination ip=\"%s\" />\n", $17)
+ sub(",", "", $8)
+ extra = $(18) " " $(19) " " $(20) " " $(21) " " $(22) " "
$(23) " " $(24) " " $(25) " " $(26) " " $(27) " " $(28) " " $(29) " "
$(30) " " $(31) " " $(32) " " $(33) " " $(34) " " $(35) " " $(36) " "
$(37) " " $(38) " " $(39)
+ printf(" <extra hlim=\"%s\" information=\"%s\" />\n", $8,
extra)
+ printf(" </packet>\n")
+ }
+}
+END {
+ printf(" </pf>\n")
+}

Reply all

Reply to author

Forward

0 new messages