SCRIPTS
Here find you scripts and script snippets for split up dump files in different files, creat packets or analyse traffic
All scripts are easy to adapt to your requierments. Some Scripts are from me, some other are form other peoples.
 

Analyse Script Collection
 dns.sh
 dscp_split.sh
 multicast_split.sh
 protocol_split.sh
 syn.sh
 udpstreams.pl
 ip2anonip.pl

Converter Script Collection
 arbor2text.pl

Packet Create Script Collection
 tv-igmp.sh
 dscp_craft.sh
 icmppacket.sh
 continuous DNS Test

netknuddel.sh
Script for splitting a capture file in some smaller filter based files and some basic analysis.
 
	netknuddel.sh -hV
	netknuddel.sh
	Version 0.54 (c)2009 by packetlevel.ch
	netknuddel help
	-a            ARP
	-c CAPFILE    capture file (recuired)
	-d            DNS
	-f            TCP Flags
	-g            Global Traffic
	-i            ICMP
	-k            Host IP's
	-l            Host Step 2 IP's
	-m            Multicast
	-n            ntp
	-o            OS Detection
	-p            port's
	-s            strange Traffic
	-t            TCP
	-u            UDP
	-v            verbose
	-A            do standart things
	-B            do anything
	-R            Routing Tarffic
	-V            Show version
		-6            IPv6 Traffic
	-h / -?       help
 
 netknuddel.sh
 
 
tcpdump2csv
 
This tool is providet from the afterglow project and very usefull, to analyse the traffic
 
Example:
tcpdump -vttttnneli eth0 | tcpdump2csv.pl "sip dip dport"
 
generate the following output
 
192.168.2.100,195.186.1.110,53
192.168.2.100,195.186.1.110,53
192.168.2.100,193.99.144.85,80
192.168.2.100,193.99.144.85,80
192.168.2.100,193.99.144.85,80
192.168.2.100,193.99.144.85,80
192.168.2.100,193.99.144.85,80
192.168.2.100,195.186.1.110,53
195.186.1.110,192.168.2.100,32787
192.168.2.100,193.99.144.86,80
192.168.2.100,193.99.144.86,80
192.168.2.100,193.99.144.85,80
192.168.2.100,193.99.144.85,80
192.168.2.100,193.99.144.85,80
192.168.2.100,195.186.1.110,53
195.186.1.110,192.168.2.100,32786
192.168.2.100,213.229.61.37,80
192.168.2.100,193.99.144.86,80
192.168.2.100,193.99.144.86,80
 
Possible Options of tcpdump2csv.pl are:
 
timestampTimestamp
dipDestination IP
sipSource IP
ttlTime to Live
tosType of Service
offsetOffset
flagsFlags
lenLength
sourcemacSouce Macaddress
detsmacDestination Macaddress
ipflagsIP Flags
sportSource Port
dportDestination Port
 
This output is very usefull for analysing in scripts, or grafik tools.
 tcpdump2csv.pl (from local site)
 afterglow website

Capture Time Sync
Problem: In order to analyse a problem, two traces at different locations need to be compared, but the timestamps are different
Output New file with “synchronized” timestamps
Input Two capture files (with icmp packets)
Steps Make sure to ping between the capture host
 Match icmp packets in both files
 Calculate min and max difference in time
 Create new file with corrected timestamp#s
 
 captimesync.pl Merge some Capture Files after a ping

Some Other Usefull Scripts
 dcrawl.pl Directory Crawl for Webserver
 fcrawl.pl File Crawl for Webserver

(c) 2008 by packetlevel.ch / last update: 25.01.2009