From 531c644f20164131d2b59f9894fd81adef8e42e9 Mon Sep 17 00:00:00 2001
From: hrbrmstr <bob@rud.is>
Date: Tue, 27 Jul 2021 06:23:49 -0400
Subject: [PATCH] initial commit

---
 DESCRIPTION           |  13 +++++++----
 NAMESPACE             |  13 +++++++++--
 R/find-tshark.R       |  35 ++++++++++++++++++++++++++++++
 R/get-tshark.R        |  10 +++++++++
 R/packet-sum.R        |  59 ++++++++++++++++++++++++++++++++++++++++++++++++++
 R/tshark-hosts.R      |  42 +++++++++++++++++++++++++++++++++++
 R/tshark.R            |  33 ++++++++++++++++++++++++++++
 R/tsharrk-package.R   |  15 +++++++++----
 inst/pcap/http.pcap   | Bin 0 -> 25803 bytes
 man/find_tshark.Rd    |  24 ++++++++++++++++++++
 man/get_tshark.Rd     |  14 ++++++++++++
 man/packet_summary.Rd |  20 +++++++++++++++++
 man/tshark_exec.Rd    |  22 +++++++++++++++++++
 man/tshark_hosts.Rd   |  20 +++++++++++++++++
 man/tsharrk.Rd        |   7 ++++--
 15 files changed, 315 insertions(+), 12 deletions(-)
 create mode 100644 R/find-tshark.R
 create mode 100644 R/get-tshark.R
 create mode 100644 R/packet-sum.R
 create mode 100644 R/tshark-hosts.R
 create mode 100644 R/tshark.R
 create mode 100644 inst/pcap/http.pcap
 create mode 100644 man/find_tshark.Rd
 create mode 100644 man/get_tshark.Rd
 create mode 100644 man/packet_summary.Rd
 create mode 100644 man/tshark_exec.Rd
 create mode 100644 man/tshark_hosts.Rd

diff --git a/DESCRIPTION b/DESCRIPTION
index 41bfe62..32a2ab8 100644
--- a/DESCRIPTION
+++ b/DESCRIPTION
@@ -1,6 +1,6 @@
 Package: tsharrk
 Type: Package
-Title: tsharrk Title Goes Here Otherwise CRAN Checks Fail
+Title: Tools to Make Analyses Using 'tshark' Easier
 Version: 0.1.0
 Date: 2021-07-26
 Authors@R: c(
@@ -8,7 +8,10 @@ Authors@R: c(
            comment = c(ORCID = "0000-0001-5670-2640"))
   )
 Maintainer: Bob Rudis <bob@rud.is>
-Description: A good description goes here otherwise CRAN checks fail.
+Description: The 'tshark' (<https://www.wireshark.org/docs/man-pages/tshark.html>)
+    command line utility comes with Wireshark and is a is useful when performing
+    analyses on packet captures (PCAPs). Tools are provided to make it a bit easier 
+    to work with 'tshark' to perform analyses with R.
 URL: https://git.rud.is/hrbrmstr/tsharrk
 BugReports: https://git.rud.is/hrbrmstr/tsharrk/issues
 Encoding: UTF-8
@@ -18,7 +21,9 @@ Suggests:
 Depends: 
     R (>= 3.6.0)
 Imports: 
-    httr,
-    jsonlite
+    utils,
+    arrow,
+    ndjson,
+    tools
 Roxygen: list(markdown = TRUE)
 RoxygenNote: 7.1.1
diff --git a/NAMESPACE b/NAMESPACE
index 5b4b9ae..ff020c8 100644
--- a/NAMESPACE
+++ b/NAMESPACE
@@ -1,4 +1,13 @@
 # Generated by roxygen2: do not edit by hand
 
-import(httr)
-importFrom(jsonlite,fromJSON)
+export(find_tshark)
+export(get_tshark)
+export(packet_summary)
+export(tshark_exec)
+export(tshark_hosts)
+import(arrow)
+import(ndjson)
+importFrom(tools,file_ext)
+importFrom(tools,file_path_sans_ext)
+importFrom(utils,browseURL)
+importFrom(utils,help)
diff --git a/R/find-tshark.R b/R/find-tshark.R
new file mode 100644
index 0000000..90d361d
--- /dev/null
+++ b/R/find-tshark.R
@@ -0,0 +1,35 @@
+#' Find the `tshark` binary
+#'
+#' Use the environment variable `TSHARK_PATH` or specify the directory in
+#' the call to this function.
+#'
+#' @param path hint to where to look for the `tshark` binary
+#' @export
+#' @return length 1 character vector of the path to the `tshark` binary or `""`
+#' @examples
+#' loc <- tryCatch(
+#'   find_tshark(),
+#'   error = function(e) message("No tshark")
+#' )
+find_tshark <- function(path = Sys.getenv("TSHARK_PATH", "")) {
+
+  if (path != "") {
+    Sys.setenv(
+      PATH = paste0(c(path, Sys.getenv("PATH")), collapse = .Platform$path.sep)
+    )
+  }
+
+  res <- Sys.which("tshark")
+
+  if (res == "") {
+    stop("Cannot locate tshark binary.", call.=FALSE)
+  }
+
+  unname(res)
+
+}
+
+set_names <- function (object = nm, nm) {
+  names(object) <- nm
+  object
+}
\ No newline at end of file
diff --git a/R/get-tshark.R b/R/get-tshark.R
new file mode 100644
index 0000000..01c7bb2
--- /dev/null
+++ b/R/get-tshark.R
@@ -0,0 +1,10 @@
+#' Get tshark
+#'
+#' Opens the default browser to the place where you can get tshark
+#'
+#' @export
+#' @examples
+#' if (interactive()) get_tshark()
+get_tshark <- function() {
+  utils::browseURL("https://tshark.dev/setup/install/")
+}
\ No newline at end of file
diff --git a/R/packet-sum.R b/R/packet-sum.R
new file mode 100644
index 0000000..2997b7f
--- /dev/null
+++ b/R/packet-sum.R
@@ -0,0 +1,59 @@
+#' Extract packet summary table (if any) from a PCAP
+#'
+#' @param pcap path to PCAP file ([path.expand()] will be called on this value)
+#' @return data frame
+#' @export
+#' @examples
+#' packet_summary(system.file("pcap", "http.pcap", package = "tsharrk"))
+packet_summary <- function(pcap) {
+
+  pcap <- path.expand(pcap[1])
+
+  if (!file.exists(pcap)) {
+    stop(sprintf("Cannont locate %s", pcap), call.=FALSE)
+  }
+
+  errf <- tempfile()
+  on.exit(unlink(errf))
+
+  outf <- tempfile()
+  on.exit(unlink(outf))
+
+  system2(
+    command = find_tshark(),
+    args = c("-T", "tabs", "-r", pcap),
+    stderr = errf,
+    stdout = outf
+  ) -> res
+
+  if (res != 0) {
+    stop("Error retrieving packet summary from PCAP.", call.=FALSE)
+  }
+
+  if (file.size(outf) == 0) {
+    data.frame(
+      packet_num = double(0),
+      ts = double(0),
+      src = character(0),
+      dst = character(0),
+      proto = character(0),
+      length = double(0),
+      info = character(0)
+    )
+  } else {
+
+    read.csv(
+      file = outf,
+      sep = "\t",
+      header = FALSE,
+      col.names = c("packet_num", "ts", "src", "junk", "dst", "proto", "length", "info"),
+      colClasses = c("double", "double", "character", "character", "character", "character", "double", "character")
+    ) -> out
+
+    out$junk <- NULL
+
+    out
+
+  }
+
+}
\ No newline at end of file
diff --git a/R/tshark-hosts.R b/R/tshark-hosts.R
new file mode 100644
index 0000000..ad17671
--- /dev/null
+++ b/R/tshark-hosts.R
@@ -0,0 +1,42 @@
+#' Extract hostname/IP table (if any) from a PCAP
+#'
+#' @param pcap path to PCAP file ([path.expand()] will be called on this value)
+#' @return data frame
+#' @export
+#' @examples
+#' tshark_hosts(system.file("pcap", "http.pcap", package = "tsharrk"))
+tshark_hosts <- function(pcap) {
+
+  pcap <- path.expand(pcap[1])
+
+  if (!file.exists(pcap)) {
+    stop(sprintf("Cannont locate %s", pcap), call.=FALSE)
+  }
+
+  tshark_exec(
+    args = c("-q", "-z", "hosts", "-r", pcap)
+  ) -> res
+
+  if (res$status != 0) {
+    stop("Error retrieving hosts from PCAP.", call.=FALSE)
+  }
+
+  host_table_raw <- tail(res$stdout, -4)
+
+  if (length(host_table_raw) == 0) {
+    data.frame(
+      ip = character(0),
+      host = character(0)
+    )
+  } else {
+    read.csv(
+      text = paste0(host_table_raw, collapse = "\n"),
+      sep = "\t",
+      header = FALSE,
+      col.names = c("ip", "host"),
+      colClasses = c("character", "character")
+    )
+  }
+
+
+}
\ No newline at end of file
diff --git a/R/tshark.R b/R/tshark.R
new file mode 100644
index 0000000..366c992
--- /dev/null
+++ b/R/tshark.R
@@ -0,0 +1,33 @@
+#' Call the tshark binary with optional custom environment variables and options
+#'
+#' This is just a convenience wrapper around [system2()]. See [find_tshark()] for
+#' information on helping this package find the tshark binary.
+#'
+#' @param tshark_bin specify a complete path or let [find_tshark()] do the dirty work.
+#' @param args same as [system2()] `args`
+#' @param env same as [system2()] `env`
+#' @return `list` with `stderr`, `stdout`, and `status` (invisibly)
+#' @export
+tshark_exec <- function(tshark_bin = find_tshark(), args = c(), env = c()) {
+
+  errf <- tempfile()
+  on.exit(unlink(errf))
+
+  outf <- tempfile()
+  on.exit(unlink(outf))
+
+  system2(
+    command = tshark_bin,
+    args = args,
+    env = env,
+    stderr = errf,
+    stdout = outf
+  ) -> res
+
+  invisible(list(
+    stderr = readLines(errf, warn = FALSE),
+    stdout = readLines(outf, warn = FALSE),
+    status = res
+  ))
+
+}
\ No newline at end of file
diff --git a/R/tsharrk-package.R b/R/tsharrk-package.R
index 19dc5fa..c97dc26 100644
--- a/R/tsharrk-package.R
+++ b/R/tsharrk-package.R
@@ -1,9 +1,16 @@
-#' ...
-#' 
+#' Tools to Make Analyses Using 'tshark' Easier
+#'
+#' The 'tshark' (<https://www.wireshark.org/docs/man-pages/tshark.html>)
+#' command line utility comes with Wireshark and is a is useful when performing
+#' analyses on packet captures (PCAPs). Tools are provided to make it a bit easier
+#' to work with 'tshark' to perform analyses with R.
+#'
 #' @md
 #' @name tsharrk
 #' @keywords internal
 #' @author Bob Rudis (bob@@rud.is)
-#' @import httr
-#' @importFrom jsonlite fromJSON
+#' @import arrow
+#' @import ndjson
+#' @importFrom utils browseURL help
+#' @importFrom tools file_path_sans_ext file_ext
 "_PACKAGE"
diff --git a/inst/pcap/http.pcap b/inst/pcap/http.pcap
new file mode 100644
index 0000000000000000000000000000000000000000..54f6f2953d5553eddc5af6bc29e29b49ceb864ba
GIT binary patch
literal 25803
zcmeHQdwdkt^&beJMxw!25&gk+F&JcbXE*OR<ef-DRyGl+`k}MClieY+Gt10ulEoKL
zD5CtV__G!9g`l-4K8n@{MFsI^TVH7F1FfaCh5lLrMWs@HRr#HBXJ+5KB*^d6{$bjX
z+1a^g&b{ZH?>+aNbFXjh*nICuW)x%o96ib~BjCg2nHy$2{ro7V4zBU{>!XC;$L~&N
zni<A%di@M$@tD>7R)4+jK>Ztg{*Y&7TosRgeI`7>ghpB_c8q11k)uXGF=E81krx8B
z7Ct9RO@D_@Q>Vr-GZ=QvXI7+y6d6~ZbzBE`BTzgmbjCSvT>b&2=8LCR25-XO6y6F?
zZ=$>%Oycb<pt#DFU$8aeV;GaCvqv%v{w7lydD7|4Nag1Iv{c3yY~47QVOpEJ3G0&w
zBvIyk_J9@?Nn3Zfi*?$adAV(}s#TGJfdM<O1$c$$M7viG=H>RNyke{O^Add9DK8R4
zkz-5k4pKNrkbst2O?s+{aZP4*lTy30n(&gX$6Za7{wk-vY$|Exy?ruU<ZzTYoX+CB
z+<LE<4*@-mAJo{vplIbnAyM#hnjlN5pOMjN_!NB{KUFWRb=WKQ&moZ$BzmL5Dg-${
z&xRzwakU`Co0oo}mp)Wvy_mh2UO}IAK5QMF<PSs3D&#w?T6vvbY4m|+$t(K=$zMhM
zi-eHX$M=ey#z((y3~-9dLx0-cUABsf(n_1t8rFJk74$vjR{eeDdAT!rK4hyGg?@Nd
zvBQy<+bByC@5OFckv{yA!!Pr4XY;)v0;P%sG%ZxcvdLm$eSAMJ%Ap{Lg$gn+H!l~J
zWdG-<QZ++WOHtgyZFi&MI)9v`xT`82J^HyT|6H={0$tVmrk>8M9nH|+WGbUqZMz4l
zSe==uOv_~$Q?CdJopjC2%WZ-It0LWju$4HANhcS<Z%T;MQROVJau$)+&hETiH?Q<#
zuj@mcHvq%X!Ks?96NbK5;C;|K%v+%ue61L*i?KDlfwpe$=0HN0O3vZrY$autWwvs@
zxU|IMa9E<Enhm1n)hgnNXuL|tUxOjEb?}m33sezjg`*tA5-%rB2=a1Rt96!INst??
zbtcO#_Hc||cO(S8jp-}#>MBwj(-4$c&2&&}0$o-?18OZ!yTbx1sOws-rKh{aR$-Z5
zms@i|Q&(g6JXbTQLr}~m#MRT#(cVZbHkO@J+{m&`-A!a}TX$y%0TRTmDS}sH+2&am
zc-8`6vV+*rX;bMpcAw_609Cw4fB{LZwZ!S!K(Sp`{H(LGvQlqn!H23u7`a*tFIh<R
zst(B41bEJe7jUTwn#k8R8}Ly@nhdC^VfAnHr&KK>@<f9Xs<qG&@~WzZ1bLsp)mk`F
z1lCTOAp}FRqLHv77FvQq79L?uSh5w{9CmCowOS|0Qi{+a*5sweBl{u-Q$C@ectuWy
zPHJ)pi0iC!9$;cX@M!@UcZZ|ELcF{vs-Spa=d~6P1bz;2KD2xK*&{1HUZIz2I2h!V
zNUg;nhkaLc$~tu)=?6>pgG_^h&nNPh=&P`I@Hj^T3g266VJ&qvLeOt=D9V1>Lg;AK
zTFikY0XYa1RK*MAf~*d5VEumCR#sxu6i!m@0B;t;i5jqEzN)OmLIS+t55P^huB(BT
ze)yM*W0chl*_mt`T#J0KW=ZZttR0HIC@N?e_oBq_N(mK7tz{q}XuJ(a70f}B2NW(;
zZK;dtMW8g+5VRycGYa-WA2%FmDmjBbNWm{iHu?luuOl>A{S5_)1A#v^y|NM{5*Gw5
zRe4VF22e+}fb6TagkY+K(WbbaU^=FX;>^i<{esOSNNhke+Q+(TyaIIwl)?N2y^nqZ
z1`-t)*+FZGY8)X2fcH=Sc|;WNlbr&l@bnhyT6~=76de70Tu1LgbS)IXdy`5QykAH0
z-jRs+y$8)%W5=ZoWA+00HdR~iHJzO-b#6L@RaE;<K?7i+dvX2Mg&*yH4XQ%)(@+K@
zjsZamg|#?<0n-r{ff$`d7DJ!|V9F|L6mk;(cmS*wAx@XOSC)DOKedA}v^S+|Hca1z
zQ-JrV<#=RGlY?f1_%~5223^&W$uE1t@FcuB(aOQZ^)IM_Bg2VSVyF%qk3Qx-)EERs
zYA|#(jX^huDxMTv8vqt<fR7n1;&o94i}r8|^r<F<8Xc84Kv^3Al>sm{VDysNJ)@1v
z1O8rJ!{S#7O$A9)WM7yXl%X)~akqv+(u5XdY&abFWUmSxXp+5Q^r@&PI*ivw2SF56
z4GDGN-{T?B%PllUpr!uO;~|jj8A7LGz9J=9!-C+_NLJ$d(+YO7!izko@?bGty}g20
z;6yUpxRs7WolZt!PnOX^0Jj~mtP3xR3$9UH(+=2>sKG)+GO3v=a9q?x-p_#t(t&@-
zELju0yiO-!&@QmqNCOWu52^Q&lCp}yG6%8QU{K>QoAY@@+1rP9qIwk}6pu*k0<NFa
z@4~zc)N=i@>=*g@oNvBY6hHw<EwO~c9$QhdqtXfgE2$_eN2EUIvr*abzLnzrfmFN~
zyAkijXLY=HE;}`we}6B<do~g8#cmVtPn*dw#brg6mg+dRsVfCs!)V0c)*TSIU*?Fv
zjnd|5C-u>r&#5tLURjit`MSG><4^`a#l<P#`|-OL`jh;fC`f(yt%Lp~e+y1!X0kZP
z;<v^02b!`hNER@Q%J5ji1lXYfZn)DSSX6SpBD*eKH6r<pMJ{y^^lw=;AP<1xRr>;*
zlH%T^&o8JRq*?NzswL}~sbK(ifg%%Z(Fx`i7y|Ga1@Km~S}%HTI*xY-coH>lRSqj&
zp1?|kCq{e10S|(tYT%;7f`xzx&1Jt8;J`=PI1RerAxPmtwuSe}3TLHl+_K0if=awF
zA9#3Z7Y0JIM8Nc6K?ODx^>YV!4@}h>kIjITps6G%D2lA8b{H1~tw2egTW75iSOdqi
zL}wqDn^n0{6pmZXn3FagaUY<vBEXD_aRy6WC%zqDsKcV^xEQUYEdi<|Ueh^AN2Wdu
zRKaoP(vrcYyV;8YLE$xsb?`nrP-Io!8&(7@!h(O?$7?n(7t+ECA6@AHi`i+%*uoW?
z{uZ`Z3)!Q*qa$jmYvsY*q)1x+qK^VGaC7YoLZEjE!*mG;^L6&N*pmTaQM%EYDMKtN
zduxXzI3&90OnP%CCvp)r!@y!c)i7{vS0UyT_ONgXj$I!clqErv6<D{$kEDBm2iGnw
zBf7SOLi>3tmyjYafT#?$%w9p{ReLB9n(kNRaA-bQR8eUuIJ8s^Td<8zlj<kvXiI`7
z0+SHFNf8OMYYu!yMMS(`T$Gm$sn=7awkIO>!lx-xk3W}uSjsS#7z-(ioWw>3Ws4EW
zpvOq&_;pz)@Aug?P$6Ejb6z{Av4Yeqs}VIuH*UBnpUGOGlK~wt3>7T`?%B<DR5vr2
zLac{egbRihjw)l)=%g`&xOR)Y_AnQ;2L}x^jKwQZzWkuzl@oO@*7i7+*i<+KZVX4N
z8j17$h_2Ks;S|8reoheSy18HAVlWx^IQ2OvbCN81`(YZwi%3uotEBNVH}V|^z-Fws
zvV!ew#-Of)o$JEC#iTttJ$y509uTDBqKtN72CJfyP0{NF7%_=u(C)aoB7=G#Q?-Zo
zhD6oO1lA_4ZvxpSjWimYJhx>8Zj;9G!?#J{#DTa;@!t;0O{C6}<Y}Xx`TkVTeBgZa
z%(=hoo;l+EJc!)mZ%RC8=IQMWvv{2Mex$PctC6pqx}7Oy%JUy(CPS(Vvt96WlHqiY
zOL01Lz!|{DMj*Rt-)Y$<mJM`bu_aC{1LvDdfDMBTW11gpiY0?P6$82yJ54}XlS~FX
zjgiS<rbC*AhV+u5&qWF3j%!9TDWtXcSf4Y_OJ@5twjS3y%j{$lI6-riNiN<-P1oI6
zCFpAe!V-OzKwRMc!a@nw+26#SS3*Gyykt<qWZX+p#e^xtpp`)rPr!^Zq!$cr!Z1js
z)t}^E1I2VMzCj|53MCWBI9(Vdj(@f=2%Nad!XTKUhsWijN4ZP8V2l}BidrQgoIxdn
zTE(cu0B#B(^<{s{8sfi%PAng#PApe1#);*M)eM7F+ATTR@curE_em8ES1&g4{`MS(
zNm#lL32cYb-=Sk|JhkJ3T7y7ZONkABMx-^Gr?HZ_##w;YXn%rm)}WT6-ZVm@2V71J
zuBv+Y=0rhjj9dmYI05K7)OQRGU}MzMYECjlX294Ol{5;JOd})A#;6=W(#B|<IIxY;
zj918{fZD$}%o5`<gO3n1<LodVBa}gfV}xQzJ~Z@1r2auDhuI2_JpLvZ-!PAy{i7Mo
zk#QUTj_yBVK2r*dfVGa1%;Y7D!MCTyaYI-FY#Ymr#udZX?aVmy@iF>}VcV2#)%usr
zB4)xEeK}!#H-_uue3F_2O3rMXi)#sB@hWE2u1~51NuRygm&=!qVorj&1Amj3Gb4|j
z-idS9y(;ztD0uUxF|M)~CKlTJ+{;|!EfuFi<r}S8Ga}^>B%iLQM{2#C4W^)k^a!RT
zra&=-PYyznPDM#cNpVTBqo|^EiWr3Q9Y;k`Nm;q0$T3AvKGa4t4^yDL2QtRBSPwG=
zk^^v|g$j!63yNCc|H-9Sa0|0d(Gt2TM!LdZtLGw&&zMK3)sqOu9ZX8p>KO^+4!%oI
zZkR;$5)=JiN^PF8uuGp!__k0FDhh4?hJ||Zx`H)dXckW%&YH!WMP0hTq`GuV_Ml5Q
z$ELe<Uk>DEbLsA<F5R@mCH#^-rb{>J8g%JmQRpF}+R**AB!b7~vc+hmoqJ<Io6&2F
zQAjiI#<kDlxW!1EAm1%UFn+eAt7IeR7nesKQjRZMN<Eh1YY-%;S|jmGU5F1uHV!g0
zzKBheZ4e;}LBfMzLJF7UNzr3KPRPpzq5O%!6shOz?U265>HsM3g3KKx_24qvJP383
zK0d_j89#tTUXeJgU=#(90$D+LgCKduFc#U7)(*kLwsy~)X2q{VkPWkvS&$ZU&+2qp
ziK}sTvz}0Foz+9?n`XJ~KxdvDh9qKy1h{^9xlBxGj?Y#iQ$a{Q0{6U`!Nm79!+l!k
zY$O-;%CdwqKxa}JAXE@#C<BB7K;rS!xuDiE*$Y3Fm5|Pb%&Zoua~XpLwKW0rUWcsL
zI~S@`_1k(0j!{S$UqnR97VDuxnkS7QpD+w!RgFi1P=}Xvxyf8;NDJpu+Q8f6>T?Vy
zvlpfzdx|UO^Ux$D$Q*NBQB<(hwO}gUr6<H_0wWzwAE!Xv2P-yJyNuGNpD~F7)hG1Y
zh2I&8GUPVeSu<-5H7ZcSLB}grK1F-pz>`83CkCfarM+(8yC5SmoF3y0?%_R<PNq2^
z$iK2hmE|Cv2EGAqrsFCtBTYbqlPDAVB>_!jX~H`TLx}f6=h$pW{S%7R7bhb1iZ(Ng
z_w4BmlSYuHk=cEeFPgG~>^#)9VkR_Bg!)bFrZufbq$7msBut<tQZnuik5m|wLaAJt
zx6=*(v6TXoUM&jGH@KTj?WBS+?q!ijnvp~W=>=jQ)kjAWDmPhOnc-^s!Y~h|zGk$0
z3RIp#<ua{Prq86~Kdt(-LRpV2lWyJ{kf6fF58y{xHtruwk23I$8#82C&sQ3tjY6|=
zfU}WByb{#|qpA#f1}jg;^|432%|$uxR>EZ^q(>44hd9o$c@`jd07@R9=pJh@sXdzN
z$9f_*th<bI3}xPxc4rwx9#GnI^k!rZv?GNjc8AZ3drbg5xw;xP9O4!D69l=`IiZGz
zUcg^^AJHZrbJB{(=v$l1)-y~*4TQpj&=b0o0|j9Z_pyOc$Or#GDNL)@$0B$el|LAx
z?wN^9r#D7Qj8pqShG5v)>BRX&S%_&8WY&GW*sIwkF+0IoRLh~<#Ya&w3sJ9X4{Kb&
z&ilgIN%jC(XYDJ`L*iWY@Sv7<FPEKIBWSgc7L#OQEyQbJVpvA7h-0(UgCY(sFh%mH
zq3Zfx#YE~XS-dXlneR>Y%vWtf&%A@zJ@YdcW=*a=K=FQRBHpjsWP0Y$FJ~Cg7HXnk
z^#teo!XP>?MmT|bWmstnRaa0*#lvP9TE=vdO1BDt`{n1STCrIo-k*3gbUN%s4%pEH
z+fMX9&f_x3V<S&{Lnnov`u1TOC!PGmqKNoD0JRWC8At=%f?@OqV7nDXkd(nP-6bd?
z2}?r1z#D}roG=I`d>K@#NE~7y-Mynl4B2F*1x-Uf6?|K$SmMBdp!k~_kO!DC;JK%<
zqdtyQ0&;;STmZFz^=d%mBczqUwlh(dpnkT-tA+=9$>p4OCGmk}LO%xtZyz!o?yJ+Q
z2KDmp6c^DPS2tT+=`a#=g=U_v++Kvf=`fs29PJbi*lQ_&>}*#jqMyOP$$fOhl0f>{
zI?)L@rEq<`Tkh4Ua+o*tehi;;h|q)wZBQvk$x=<>CDtp;eLQUafem-)8y8#Z8tI*=
zeHKDe2<A1YmV}yh0ZJJ49eq<1gqO*$?-aa>teQQTqwlFCg;4&^i&j!x1Y1b7;}C-B
zuFy`zFZlFqy`>InlcB<SC>DS+MW=ociX169D38Nh{aA(5eEJoH&!7a`)jX?tZujhZ
zIy%D^DNI1<(Y0WWD6PS#a@Fq+QJyi7gDKSX=rCQSQ!$r0DjPz)cdj`tT2Gx6Y|Up1
zmsc=M`Ix8LF*r$st**Rj7@RD7fgEw=FWNI^6~kNvRKEB)Yl_ZAXN^6nv&Jp?IBT>*
z5EZFR>Ca(a9nH|+WL`!;xBPYF<!AqqmY4C1_H24D&8|yVv8#%NWN<zrbi0`WYA8}Y
z*b5<5*mH?h?z(7U=HPs6s5oSYJ%1J}X>`?EW_7ibrsm6t%Uut@O{D!Y_<LCs>FRco
zuAbTOcQ$FCg`XQ?qa|!<rCTb8v<1?9I5BP)+X&iN-_i`*lX0gk?g)kW1a1ovp-+m?
z4>fOAGHAmsxi+~EcD}`4E}Hu}i^_|RwfD3{-#wa_JL$%gX~=!#(bwkeQ{S)1KYHzT
z%U=(+uNiY*PGspb&d3{2bS^q@fBCar<(mtBx8>wle&jp3^YiEb@bdT&@!hifwbyRv
z4()oN|L{|ruUa|r(`(s#*BrX)lCH`Fhp&}NuHC$2PuZ*YpYd7Ynbx<v`(NRgx|J2d
zj+-iGKKiCDcl3(jq4o1>0xjni|945j9lu&R-u=wV>l<Ht=}`TH>*xO9*AMRf>EOkO
z!u$HH4^7<U+!XoQo^9WqdCs1-E49a`_59?QUvB&?*#F?mKYz1$+4&E=`PajD7OlSc
zR_kvcU)B<tFhRKQtuK5lR#$Dg>#<v}U-@v!JI^#sT&oql{Y=N|A6FjOZM(4H=T|<z
zbAK?{^S8nC-j!FMbNg$}*S~i6U2PL0P0Nm4|C9G`+E};ut&Wp^tB(9&^t0<NFa6H5
zVriGP;dke~xcG)zuGsTXjVu4AlHL9Lem}P6sZEdEndcn));n{TitiTQSl_XuckI&N
z|8$LS?$VcM)(5ta8?oZjGtRx~zBQXd7lt>~IuHG#y6Ksvf4pe<1qC~Pv!h{P^CMT?
zJCE%izx0cmRnJ}5I<NAQ@%!FBIK6u9z`*BwZkspIyY946x34F4Wk3JZJpSRi*Z;O{
z{){zqKbqJ1%7u?^o^bYWPnle`anqSE|EcMY|Gc*A&x_sNiuT26){+N49&ue;<(zX*
zyP)~*y|2G>?v(rH=G5lj;;OvkCGKzUO{_Wa<eRn+yWSD^+k*QiZrT-iWLKzsS7F!m
zr?~u4ReyZL)+Yr7{;M^2<$k*Gr0@2ebk1M$C*OVlr!R)oO}F}&|N4c{L*b{p|FGoD
z@4fB`z2<wl;m^wGm78yF+qrK1jPti`J^R#OO<dc-+}VB8<O>=Xtnlm+4~R?de|QV`
zeEu`*C%yF2T@S3Z`jpU1CCrAsYaT!N{^QK1DsI7wo9-R8FSMoYz6od7{_^oxx8A#}
ze9@jQ?{$9X?0qNyaQr<Jmt3>dz4iMAJFag1u)B0y-Hlt;<?NiibY;)7jo1HX?62<r
zyMN*Skz;=RUmuRY_;=ecEcyD&^^g6sZ%yRu%a#AQrl<46dzQcJc=7AY-~Zo=nu;U;
zc;si(D|Sr^Kljy#|2%NhMD39;KkU&e4u18QgF9M}{^PAbe6=TM<rD2+N7`QeWW&w(
z<bD6k^=JQe$#w7D&=q*)=obagT%B{p&r2pnq`d#SLSf&ms#fm&d)sph?pgA9H~jlz
z!;5!rDLr`3pY|?)diCD=4R1>mw;bGe{{90`9q#z(X#4C}UjKB%Gt2F79?g4t=h%Ur
zr>u*7?;m%3Frr<0HT3zf&$WN@;CBxE>1Y3Y(XEbv6uM}_FS;*&YX*CG;I7p(N^4%;
zQn>Txt4e3gCqMWjd(ZmY>{~~^dW~|!*N=_5^`D>Qd{jI0^Yi}s<t3+X&spg8%w6`z
zHKQ*5;mco6B75u3oIPpxR}*SRZT$VCM-J`xod3i3)wZv~lV<<V&L4E|tGjP-+$BGm
zcCY4{`dP=1zW<*+V+zm9d7<vEySIM&=!8$M8|CTh`h3Dmci$e&+1%wiC_mP6QOA-=
zxgURVbX4$-8w;y~s~mq0EdEjbm3Q+E3!eBmf5O^>yAj*hoiU1e2hat7ld+xo)$*N)
z?N6SOi0$(x(0K;1efLyIgst^{%s%k+*oUh3KK$bwR=)V&`QeWrD){Rahqs@4?M=J?
zxpc*fX}1*2xc|L~Yv<-|x5>YJs333Z&ExLBaGUGhX|_8)T6W0|kxQ>Q*nfwzWM%NV
z>ld7IIFNhxk@qhD<i5wQ*=u{B-+pMu)U&S0-~BH9|CNL9T;H~F&VO^;7A|`B+|Rmp
zZh8Cg%7*P{<=uFme|7zrgXesw`Y)YtZY^8OzVQ5rt3Jr79DkZVgJCbTte)IB58hXY
z^I$C9M~>M0=52B1TPo(k!4^1Hfh)&ki<bSAuAT}LS5LR(o6)lGA7Pk2KkULuh+VO>
zo9ml8o6R6dwBiglLnk>YX@dh@;QxSQLcI~=dWh~w+>DD(l<AO|n}ea+8g{+t(WXR(
zEp-{gOUHJNT^&sjXySsDVf-+h=u*ss3W+`&b&6?x3EfDQRX7L=!^|JsH#3Cbim{@g
z?3k;I;jm<kA{4zq_*&mQL;1or1>4*ZnFVnpL$+`SV%9$NKS`m&FAT$;8<qHB)#aU<
zZAskAi7Foe8Bs?Fx7@RS_-9cx90g04HeON$(u%jE%NDvqH!B@tLwBMAUFAayab@dS
z!df6*L0bB?K$2Y?Tj^$ZHO|x(O_y`@<M2&Ift`~v#WS`tn65jksa(8Ni~wR(B1w#=
zHE4HZ7b(O-0N5!PA&r~}Tjn@D!GLkiIS?se(a?tx<cza))hkmiQv1SEA4VNOciiSR
z@>!K3FjE8}Fv^PVjpM!=vl$y6C{IQRlT}iVM2~}}9Ii;FiM=L0v)bp93Q9C-G^1*O
zNd4rgCuhU^%jmjicj~(5HVxN3^>^ub|5nk-+3<cN#rumA@%}c=jF!!ZXj#VGk-N2>
z>SDX{FN{@}*-M8KrA{?rL!+XhE7dPhy#RRQ2W=28=fqHeGjI>ON;4v;Zs`P<-V8*T
z39&_--MSO+4c~aF;hIr>W1}Mm8s<X~ZGdj2^F(Sf(m#bBvtYv06o{nN;?8*p!o<~t
zr_Rt(70fL5utfC0N(6$WK|RmnHVPSOXl3}lf?Zm=O&esQQo*tz+z+T1T{@hs!%4y+
z2wzY!kU~gwg+n-(^S+^lgxuM<cf0CmHx8eBbC78l65>IzVuXZgfD~3(Nu{p0DY4NL
zKg|`{A(umJ<{Pu;b23^A#x+1rQPDs-10rwY9a30sB^4QZ77yYX1P)sh!Te0CGsIp&
z3l1u2f}WFLdojVNB(<!@CYnsit_VZXX?HWlGI!YBe4PHA8di1phL&%`2Rb@HF5aQT
zvWnEQfdRz(@3C1cjvk~)JtYyT@7!e~^_U3^Lj`0o5r!C?9>$3tN{2f(VSKguX5pl6
zT%GzZaD+9zB1Kf?*rrC@n;4hhGY>q`x3#zTk_gm@^uggnMD7JCMF<?qlUxRa#Vb&B
zLNh8@6k>(?7FyJzV(Cf{c2B~fXfpg0-D8e7HMz<(EE~A-m)Cb+X?{jSv(%ZN(tS%o
z+T2$eG8Ld#mNl%Tp|uc~JFg_onB8dxcM?lg%*q;we_;$3@;{zPJX3M%o9ck3=27W@
z>h(FQu_ZsA+VISL5xCekI7-l70$PP1kUHk+qC+-3dg!tPy&}8Q0R&r5070#9S{y+r
zH2Q`dLe5#VmD<bfPGHalA1FOUg5&Qs1g&kV6bu1fNPh!e2wT$%D5MQ!qw^|U8--U8
z*@Yw!6hCz*rO7W+htEg*EO&Q(M~6M+>$TLusW>Ue;egX@7E#d%J^i5QXZOH44N<Oq
zGBqmjXT=o8=;0B@tY|0AhJ8i##4s&{ahvfJnpQfEKK3)lxD5zefIuk+l(ookUK&6~
z`a^JrUT&A+%o$p4hr2MiAg$Qa&vbw(z}(zM2xRzp2_o%K|Av@k9Q#1%Q3C`{%7|^(
zhIs_e8Hksn-Oj3%GN^`rVYb(28OZ&bNS!4TGlzQSzfbkd*F!M3U~Adix@UfhJ8Rw2
zLlo}|67hb0jfwY_B5V>hM;dycbhuLdc(|Hc%wrI7L_pFp$io9jA+y~Y7T_?FgwfIS
zZb_p<PjZ4Ii;P8M8YQOrapa30K^A{z&ya+l{)iy6$`TUPlu4+m^y7S@07gUN%*Vq~
zb$!@3bU&d864em!ydkW@K`p8ZCt^Y_8m_GHfY+X@m)Kx$GZMmDKyG2QBoHnX@G>c3
zd#+KSmX$!%Lur?&g}TBXNEGP|f}I$gv=~)ZSxL>|L<!DZYlLU}NMqCNu1=#hEvLyo
zAZ`4B$ZML-g+V!}?V<gWBKBNdv}JGV7Jy-}kybcYFd%r%!J|tEm#a~4oG|*A@V&jT
z+*cHPu2DXjwO@%<mqwrTL}GT%P=k%<V#!Q9oa;)@$;sZ<c*uC0z8=cTB|f5(Zdrjt
zC*d5STnui&Bt$E;s0)e<yma~qlYTF8b8y}nh%UT{z}jC|AmiP!rC`?gyEr^ow2xdS
zi<l{gx<TN<aE!AyOkU}juSE~{7!Bcx`c@F4nLfA14kI#?=#_9{YxEjcGv;+C)DfH4
zv%0Oh<~1H=p;s82cjmgNyP0w5VsFo-R$C8q9WBL<nY`gwL2vYvjX)CMyTLd^$%u}0
zf&#KpLs&EbHO#PG08UpjQ8N{y&_Cqy^u6drt0LYbQfI;YxfJg|NX7dH)*;?I7cxvC
zP&t3@h%6cCRr@hZvGHhPmcqz}f182+HUs@_2Kw6!^tT!4f5Qy4iS1cth<P+OTY)n~
zrra!2`BWIm?1p+J{7uSZGb7&Ewh31R>>m?X1P`n;bF;O#!HNJJ6Jt>qTaOXW1Eshz
zpC1;p;6cTE_Q~NE2wo{_mVisz?~Sz}Y+-`n4Q>I#kdNI6C$_-C)+;NDUcINXc=R`2
zEJ78zANE4gYr1mP0x+H9VTD*|OA67|s`1o8)TV~@)I~c1+^6(&YGPms76pR%{}Wd-
zI)x|b!-lPd6ZGNue0VFIqmL)>$JRlterP%@R3V^Umy6Q=V&v#-Ud0vEtJsz5Rcvf?
z<zILfdKINW<;Jd@D3xTLVG6fBj5_07k*G5p_1!Py&V_TZQ>i3xC5Dr(=TlzZPQyz(
z<t4;0^}x#$PiF0rhf?`XS}Nn9N3u?3-S*rpJu?3DASFpXY6mMgg#VR=8ZX2AAI&dS
AHvj+t

literal 0
HcmV?d00001

diff --git a/man/find_tshark.Rd b/man/find_tshark.Rd
new file mode 100644
index 0000000..03b8122
--- /dev/null
+++ b/man/find_tshark.Rd
@@ -0,0 +1,24 @@
+% Generated by roxygen2: do not edit by hand
+% Please edit documentation in R/find-tshark.R
+\name{find_tshark}
+\alias{find_tshark}
+\title{Find the \code{tshark} binary}
+\usage{
+find_tshark(path = Sys.getenv("TSHARK_PATH", ""))
+}
+\arguments{
+\item{path}{hint to where to look for the \code{tshark} binary}
+}
+\value{
+length 1 character vector of the path to the \code{tshark} binary or \code{""}
+}
+\description{
+Use the environment variable \code{TSHARK_PATH} or specify the directory in
+the call to this function.
+}
+\examples{
+loc <- tryCatch(
+  find_tshark(),
+  error = function(e) message("No tshark")
+)
+}
diff --git a/man/get_tshark.Rd b/man/get_tshark.Rd
new file mode 100644
index 0000000..92339bf
--- /dev/null
+++ b/man/get_tshark.Rd
@@ -0,0 +1,14 @@
+% Generated by roxygen2: do not edit by hand
+% Please edit documentation in R/get-tshark.R
+\name{get_tshark}
+\alias{get_tshark}
+\title{Get tshark}
+\usage{
+get_tshark()
+}
+\description{
+Opens the default browser to the place where you can get tshark
+}
+\examples{
+if (interactive()) get_tshark()
+}
diff --git a/man/packet_summary.Rd b/man/packet_summary.Rd
new file mode 100644
index 0000000..414a61f
--- /dev/null
+++ b/man/packet_summary.Rd
@@ -0,0 +1,20 @@
+% Generated by roxygen2: do not edit by hand
+% Please edit documentation in R/packet-sum.R
+\name{packet_summary}
+\alias{packet_summary}
+\title{Extract packet summary table (if any) from a PCAP}
+\usage{
+packet_summary(pcap)
+}
+\arguments{
+\item{pcap}{path to PCAP file (\code{\link[=path.expand]{path.expand()}} will be called on this value)}
+}
+\value{
+data frame
+}
+\description{
+Extract packet summary table (if any) from a PCAP
+}
+\examples{
+packet_summary(system.file("pcap", "http.pcap", package = "tsharrk"))
+}
diff --git a/man/tshark_exec.Rd b/man/tshark_exec.Rd
new file mode 100644
index 0000000..af9c71f
--- /dev/null
+++ b/man/tshark_exec.Rd
@@ -0,0 +1,22 @@
+% Generated by roxygen2: do not edit by hand
+% Please edit documentation in R/tshark.R
+\name{tshark_exec}
+\alias{tshark_exec}
+\title{Call the tshark binary with optional custom environment variables and options}
+\usage{
+tshark_exec(tshark_bin = find_tshark(), args = c(), env = c())
+}
+\arguments{
+\item{tshark_bin}{specify a complete path or let \code{\link[=find_tshark]{find_tshark()}} do the dirty work.}
+
+\item{args}{same as \code{\link[=system2]{system2()}} \code{args}}
+
+\item{env}{same as \code{\link[=system2]{system2()}} \code{env}}
+}
+\value{
+\code{list} with \code{stderr}, \code{stdout}, and \code{status} (invisibly)
+}
+\description{
+This is just a convenience wrapper around \code{\link[=system2]{system2()}}. See \code{\link[=find_tshark]{find_tshark()}} for
+information on helping this package find the tshark binary.
+}
diff --git a/man/tshark_hosts.Rd b/man/tshark_hosts.Rd
new file mode 100644
index 0000000..25a1788
--- /dev/null
+++ b/man/tshark_hosts.Rd
@@ -0,0 +1,20 @@
+% Generated by roxygen2: do not edit by hand
+% Please edit documentation in R/tshark-hosts.R
+\name{tshark_hosts}
+\alias{tshark_hosts}
+\title{Extract hostname/IP table (if any) from a PCAP}
+\usage{
+tshark_hosts(pcap)
+}
+\arguments{
+\item{pcap}{path to PCAP file (\code{\link[=path.expand]{path.expand()}} will be called on this value)}
+}
+\value{
+data frame
+}
+\description{
+Extract hostname/IP table (if any) from a PCAP
+}
+\examples{
+tshark_hosts(system.file("pcap", "http.pcap", package = "tsharrk"))
+}
diff --git a/man/tsharrk.Rd b/man/tsharrk.Rd
index eb47b10..cee494b 100644
--- a/man/tsharrk.Rd
+++ b/man/tsharrk.Rd
@@ -4,9 +4,12 @@
 \name{tsharrk}
 \alias{tsharrk}
 \alias{tsharrk-package}
-\title{...}
+\title{Tools to Make Analyses Using 'tshark' Easier}
 \description{
-A good description goes here otherwise CRAN checks fail.
+The 'tshark' (\url{https://www.wireshark.org/docs/man-pages/tshark.html})
+command line utility comes with Wireshark and is a is useful when performing
+analyses on packet captures (PCAPs). Tools are provided to make it a bit easier
+to work with 'tshark' to perform analyses with R.
 }
 \seealso{
 Useful links: