.Rbuildignore

@@ -0,0 +1,26 @@
+^.vscode$
+^.*\.Rproj$
+^\.Rproj\.user$
+^\.travis\.yml$
+^README\.*Rmd$
+^README\.*html$
+^NOTES\.*Rmd$
+^NOTES\.*html$
+^\.codecov\.yml$
+^README_files$
+^doc$
+^docs$
+^tmp$
+^notes$
+^CONDUCT.*$
+^CODE.*$
+^\.gitlab-ci\.yml$
+^\.vscode$
+^CRAN-RELEASE$
+^appveyor\.yml$
+^tools$
+^LICENSE\.md$
+^bld$
+^node_modules^
+^package-lock\.json$
+^\.github$

.codecov.yml

@@ -0,0 +1 @@
+comment: false

.github/FUNDING.yaml

@@ -0,0 +1 @@
+github: hrbrmstr

.github/workflows/R-CMD-check.yaml

@@ -0,0 +1,26 @@
+# For help debugging build failures open an issue on the RStudio community with the 'github-actions' tag.
+# https://community.rstudio.com/new-topic?category=Package%20development&tags=github-actions
+on:
+  push:
+    branches:
+      - batman
+  pull_request:
+    branches:
+      - batman
+
+name: R-CMD-check
+
+jobs:
+  R-CMD-check:
+    runs-on: macOS-latest
+    steps:
+      - uses: actions/checkout@v2
+      - uses: r-lib/actions/setup-r@master
+      - name: Install dependencies
+        run: |
+          install.packages(c("remotes", "rcmdcheck"))
+          remotes::install_deps(dependencies = TRUE)
+        shell: Rscript {0}
+      - name: Check
+        run: rcmdcheck::rcmdcheck(args = "--no-manual", error_on = "error")
+        shell: Rscript {0}

.gitignore

@@ -0,0 +1,9 @@
+.DS_Store
+.Rproj.user
+.Rhistory
+.RData
+.Rproj
+README_cache
+src/*.o
+src/*.so
+src/*.dll

.travis.yml

@@ -0,0 +1,12 @@
+language: R
+sudo: false
+cache: packages
+
+before_install:
+  - echo "options(repos = c(CRAN = 'https://packagemanager.rstudio.com/all/__linux__/xenial/latest'))" >> ~/.Rprofile.site
+  - echo "options(HTTPUserAgent = paste0('R/', getRversion(), ' R (',
+       paste(getRversion(), R.version['platform'], R.version['arch'], R.version['os']),
+       ')'))" >> ~/.Rprofile.site
+
+after_success:
+- Rscript -e 'covr::codecov()'

CONDUCT.md

@@ -0,0 +1,25 @@
+# Contributor Code of Conduct
+
+As contributors and maintainers of this project, we pledge to respect all people who 
+contribute through reporting issues, posting feature requests, updating documentation,
+submitting pull requests or patches, and other activities.
+
+We are committed to making participation in this project a harassment-free experience for
+everyone, regardless of level of experience, gender, gender identity and expression,
+sexual orientation, disability, personal appearance, body size, race, ethnicity, age, or religion.
+
+Examples of unacceptable behavior by participants include the use of sexual language or
+imagery, derogatory comments or personal attacks, trolling, public or private harassment,
+insults, or other unprofessional conduct.
+
+Project maintainers have the right and responsibility to remove, edit, or reject comments,
+commits, code, wiki edits, issues, and other contributions that are not aligned to this 
+Code of Conduct. Project maintainers who do not follow the Code of Conduct may be removed 
+from the project team.
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by 
+opening an issue or contacting one or more of the project maintainers.
+
+This Code of Conduct is adapted from the Contributor Covenant 
+(http:contributor-covenant.org), version 1.0.0, available at 
+http://contributor-covenant.org/version/1/0/0/

DESCRIPTION

@@ -0,0 +1,29 @@
+Package: tsharrk
+Type: Package
+Title: Tools to Make Analyses Using 'tshark' Easier
+Version: 0.1.0
+Date: 2021-07-26
+Authors@R: c(
+    person("Bob", "Rudis", email = "bob@rud.is", role = c("aut", "cre"), 
+           comment = c(ORCID = "0000-0001-5670-2640"))
+  )
+Maintainer: Bob Rudis <bob@rud.is>
+Description: The 'tshark' (<https://www.wireshark.org/docs/man-pages/tshark.html>)
+    command line utility comes with Wireshark and is a is useful when performing
+    analyses on packet captures (PCAPs). Tools are provided to make it a bit easier 
+    to work with 'tshark' to perform analyses with R.
+URL: https://git.rud.is/hrbrmstr/tsharrk
+BugReports: https://git.rud.is/hrbrmstr/tsharrk/issues
+Encoding: UTF-8
+License: AGPL
+Suggests: 
+    covr, tinytest
+Depends: 
+    R (>= 3.6.0)
+Imports: 
+    utils,
+    arrow,
+    ndjson,
+    tools
+Roxygen: list(markdown = TRUE)
+RoxygenNote: 7.1.1

NAMESPACE

@@ -0,0 +1,13 @@
+# Generated by roxygen2: do not edit by hand
+
+export(find_tshark)
+export(get_tshark)
+export(packet_summary)
+export(tshark_exec)
+export(tshark_hosts)
+import(arrow)
+import(ndjson)
+importFrom(tools,file_ext)
+importFrom(tools,file_path_sans_ext)
+importFrom(utils,browseURL)
+importFrom(utils,help)

NEWS.md

@@ -0,0 +1,2 @@
+0.1.0 
+* Initial release

R/find-tshark.R

@@ -0,0 +1,35 @@
+#' Find the `tshark` binary
+#'
+#' Use the environment variable `TSHARK_PATH` or specify the directory in
+#' the call to this function.
+#'
+#' @param path hint to where to look for the `tshark` binary
+#' @export
+#' @return length 1 character vector of the path to the `tshark` binary or `""`
+#' @examples
+#' loc <- tryCatch(
+#'   find_tshark(),
+#'   error = function(e) message("No tshark")
+#' )
+find_tshark <- function(path = Sys.getenv("TSHARK_PATH", "")) {
+
+  if (path != "") {
+    Sys.setenv(
+      PATH = paste0(c(path, Sys.getenv("PATH")), collapse = .Platform$path.sep)
+    )
+  }
+
+  res <- Sys.which("tshark")
+
+  if (res == "") {
+    stop("Cannot locate tshark binary.", call.=FALSE)
+  }
+
+  unname(res)
+
+}
+
+set_names <- function (object = nm, nm) {
+  names(object) <- nm
+  object
+}

R/get-tshark.R

@@ -0,0 +1,10 @@
+#' Get tshark
+#'
+#' Opens the default browser to the place where you can get tshark
+#'
+#' @export
+#' @examples
+#' if (interactive()) get_tshark()
+get_tshark <- function() {
+  utils::browseURL("https://tshark.dev/setup/install/")
+}

R/packet-sum.R

@@ -0,0 +1,59 @@
+#' Extract packet summary table (if any) from a PCAP
+#'
+#' @param pcap path to PCAP file ([path.expand()] will be called on this value)
+#' @return data frame
+#' @export
+#' @examples
+#' packet_summary(system.file("pcap", "http.pcap", package = "tsharrk"))
+packet_summary <- function(pcap) {
+
+  pcap <- path.expand(pcap[1])
+
+  if (!file.exists(pcap)) {
+    stop(sprintf("Cannont locate %s", pcap), call.=FALSE)
+  }
+
+  errf <- tempfile()
+  on.exit(unlink(errf))
+
+  outf <- tempfile()
+  on.exit(unlink(outf))
+
+  system2(
+    command = find_tshark(),
+    args = c("-T", "tabs", "-r", pcap),
+    stderr = errf,
+    stdout = outf
+  ) -> res
+
+  if (res != 0) {
+    stop("Error retrieving packet summary from PCAP.", call.=FALSE)
+  }
+
+  if (file.size(outf) == 0) {
+    data.frame(
+      packet_num = double(0),
+      ts = double(0),
+      src = character(0),
+      dst = character(0),
+      proto = character(0),
+      length = double(0),
+      info = character(0)
+    )
+  } else {
+
+    read.csv(
+      file = outf,
+      sep = "\t",
+      header = FALSE,
+      col.names = c("packet_num", "ts", "src", "junk", "dst", "proto", "length", "info"),
+      colClasses = c("double", "double", "character", "character", "character", "character", "double", "character")
+    ) -> out
+
+    out$junk <- NULL
+
+    out
+
+  }
+
+}

R/tshark-hosts.R

@@ -0,0 +1,42 @@
+#' Extract hostname/IP table (if any) from a PCAP
+#'
+#' @param pcap path to PCAP file ([path.expand()] will be called on this value)
+#' @return data frame
+#' @export
+#' @examples
+#' tshark_hosts(system.file("pcap", "http.pcap", package = "tsharrk"))
+tshark_hosts <- function(pcap) {
+
+  pcap <- path.expand(pcap[1])
+
+  if (!file.exists(pcap)) {
+    stop(sprintf("Cannont locate %s", pcap), call.=FALSE)
+  }
+
+  tshark_exec(
+    args = c("-q", "-z", "hosts", "-r", pcap)
+  ) -> res
+
+  if (res$status != 0) {
+    stop("Error retrieving hosts from PCAP.", call.=FALSE)
+  }
+
+  host_table_raw <- tail(res$stdout, -4)
+
+  if (length(host_table_raw) == 0) {
+    data.frame(
+      ip = character(0),
+      host = character(0)
+    )
+  } else {
+    read.csv(
+      text = paste0(host_table_raw, collapse = "\n"),
+      sep = "\t",
+      header = FALSE,
+      col.names = c("ip", "host"),
+      colClasses = c("character", "character")
+    )
+  }
+
+
+}

R/tshark.R

@@ -0,0 +1,33 @@
+#' Call the tshark binary with optional custom environment variables and options
+#'
+#' This is just a convenience wrapper around [system2()]. See [find_tshark()] for
+#' information on helping this package find the tshark binary.
+#'
+#' @param tshark_bin specify a complete path or let [find_tshark()] do the dirty work.
+#' @param args same as [system2()] `args`
+#' @param env same as [system2()] `env`
+#' @return `list` with `stderr`, `stdout`, and `status` (invisibly)
+#' @export
+tshark_exec <- function(tshark_bin = find_tshark(), args = c(), env = c()) {
+
+  errf <- tempfile()
+  on.exit(unlink(errf))
+
+  outf <- tempfile()
+  on.exit(unlink(outf))
+
+  system2(
+    command = tshark_bin,
+    args = args,
+    env = env,
+    stderr = errf,
+    stdout = outf
+  ) -> res
+
+  invisible(list(
+    stderr = readLines(errf, warn = FALSE),
+    stdout = readLines(outf, warn = FALSE),
+    status = res
+  ))
+
+}

R/tsharrk-package.R

@@ -0,0 +1,16 @@
+#' Tools to Make Analyses Using 'tshark' Easier
+#'
+#' The 'tshark' (<https://www.wireshark.org/docs/man-pages/tshark.html>)
+#' command line utility comes with Wireshark and is a is useful when performing
+#' analyses on packet captures (PCAPs). Tools are provided to make it a bit easier
+#' to work with 'tshark' to perform analyses with R.
+#'
+#' @md
+#' @name tsharrk
+#' @keywords internal
+#' @author Bob Rudis (bob@@rud.is)
+#' @import arrow
+#' @import ndjson
+#' @importFrom utils browseURL help
+#' @importFrom tools file_path_sans_ext file_ext
+"_PACKAGE"

README.Rmd

@@ -0,0 +1,51 @@
+---
+output: rmarkdown::github_document
+editor_options: 
+  chunk_output_type: console
+---
+```{r pkg-knitr-opts, include=FALSE}
+hrbrpkghelpr::global_opts()
+```
+
+```{r badges, results='asis', echo=FALSE, cache=FALSE}
+hrbrpkghelpr::stinking_badges()
+```
+
+```{r description, results='asis', echo=FALSE, cache=FALSE}
+hrbrpkghelpr::yank_title_and_description()
+```
+
+## What's Inside The Tin
+
+The following functions are implemented:
+
+```{r ingredients, results='asis', echo=FALSE, cache=FALSE}
+hrbrpkghelpr::describe_ingredients()
+```
+
+## Installation
+
+```{r install-ex, results='asis', echo=FALSE, cache=FALSE}
+hrbrpkghelpr::install_block()
+```
+
+## Usage
+
+```{r lib-ex}
+library(tsharrk)
+
+# current version
+packageVersion("tsharrk")
+
+```
+
+## tsharrk Metrics
+
+```{r cloc, echo=FALSE}
+cloc::cloc_pkg_md()
+```
+
+## Code of Conduct
+
+Please note that this project is released with a Contributor Code of Conduct. 
+By participating in this project you agree to abide by its terms.

README.md

@@ -1,2 +0,0 @@
-# tsharrk
-

appveyor.yml

@@ -0,0 +1,52 @@
+# DO NOT CHANGE the "init" and "install" sections below
+
+# Download script file from GitHub
+init:
+  ps: |
+         = "Stop"
+        Invoke-WebRequest http://raw.github.com/krlmlr/r-appveyor/master/scripts/appveyor-tool.ps1 -OutFile "..\appveyor-tool.ps1"
+        Import-Module '..\appveyor-tool.ps1'
+
+install:
+  ps: Bootstrap
+
+cache:
+  - C:\RLibrary
+
+environment:
+  NOT_CRAN: true
+  # env vars that may need to be set, at least temporarily, from time to time
+  # see https://github.com/krlmlr/r-appveyor#readme for details
+  # USE_RTOOLS: true
+  # R_REMOTES_STANDALONE: true
+
+# Adapt as necessary starting from here
+
+build_script:
+  - travis-tool.sh install_deps
+
+test_script:
+  - travis-tool.sh run_tests
+
+on_failure:
+  - 7z a failure.zip *.Rcheck\*
+  - appveyor PushArtifact failure.zip
+
+artifacts:
+  - path: '*.Rcheck\**\*.log'
+    name: Logs
+
+  - path: '*.Rcheck\**\*.out'
+    name: Logs
+
+  - path: '*.Rcheck\**\*.fail'
+    name: Logs
+
+  - path: '*.Rcheck\**\*.Rout'
+    name: Logs
+
+  - path: '\*_*.tar.gz'
+    name: Bits
+
+  - path: '\*_*.zip'
+    name: Bits

inst/tinytest/test_tsharrk.R

@@ -0,0 +1,4 @@
+
+# Placeholder with simple test
+expect_equal(1 + 1, 2)
+

man/find_tshark.Rd

@@ -0,0 +1,24 @@
+% Generated by roxygen2: do not edit by hand
+% Please edit documentation in R/find-tshark.R
+\name{find_tshark}
+\alias{find_tshark}
+\title{Find the \code{tshark} binary}
+\usage{
+find_tshark(path = Sys.getenv("TSHARK_PATH", ""))
+}
+\arguments{
+\item{path}{hint to where to look for the \code{tshark} binary}
+}
+\value{
+length 1 character vector of the path to the \code{tshark} binary or \code{""}
+}
+\description{
+Use the environment variable \code{TSHARK_PATH} or specify the directory in
+the call to this function.
+}
+\examples{
+loc <- tryCatch(
+  find_tshark(),
+  error = function(e) message("No tshark")
+)
+}

man/get_tshark.Rd

@@ -0,0 +1,14 @@
+% Generated by roxygen2: do not edit by hand
+% Please edit documentation in R/get-tshark.R
+\name{get_tshark}
+\alias{get_tshark}
+\title{Get tshark}
+\usage{
+get_tshark()
+}
+\description{
+Opens the default browser to the place where you can get tshark
+}
+\examples{
+if (interactive()) get_tshark()
+}

man/packet_summary.Rd

@@ -0,0 +1,20 @@
+% Generated by roxygen2: do not edit by hand
+% Please edit documentation in R/packet-sum.R
+\name{packet_summary}
+\alias{packet_summary}
+\title{Extract packet summary table (if any) from a PCAP}
+\usage{
+packet_summary(pcap)
+}
+\arguments{
+\item{pcap}{path to PCAP file (\code{\link[=path.expand]{path.expand()}} will be called on this value)}
+}
+\value{
+data frame
+}
+\description{
+Extract packet summary table (if any) from a PCAP
+}
+\examples{
+packet_summary(system.file("pcap", "http.pcap", package = "tsharrk"))
+}

man/tshark_exec.Rd

@@ -0,0 +1,22 @@
+% Generated by roxygen2: do not edit by hand
+% Please edit documentation in R/tshark.R
+\name{tshark_exec}
+\alias{tshark_exec}
+\title{Call the tshark binary with optional custom environment variables and options}
+\usage{
+tshark_exec(tshark_bin = find_tshark(), args = c(), env = c())
+}
+\arguments{
+\item{tshark_bin}{specify a complete path or let \code{\link[=find_tshark]{find_tshark()}} do the dirty work.}
+
+\item{args}{same as \code{\link[=system2]{system2()}} \code{args}}
+
+\item{env}{same as \code{\link[=system2]{system2()}} \code{env}}
+}
+\value{
+\code{list} with \code{stderr}, \code{stdout}, and \code{status} (invisibly)
+}
+\description{
+This is just a convenience wrapper around \code{\link[=system2]{system2()}}. See \code{\link[=find_tshark]{find_tshark()}} for
+information on helping this package find the tshark binary.
+}

man/tshark_hosts.Rd

@@ -0,0 +1,20 @@
+% Generated by roxygen2: do not edit by hand
+% Please edit documentation in R/tshark-hosts.R
+\name{tshark_hosts}
+\alias{tshark_hosts}
+\title{Extract hostname/IP table (if any) from a PCAP}
+\usage{
+tshark_hosts(pcap)
+}
+\arguments{
+\item{pcap}{path to PCAP file (\code{\link[=path.expand]{path.expand()}} will be called on this value)}
+}
+\value{
+data frame
+}
+\description{
+Extract hostname/IP table (if any) from a PCAP
+}
+\examples{
+tshark_hosts(system.file("pcap", "http.pcap", package = "tsharrk"))
+}

man/tsharrk.Rd

@@ -0,0 +1,25 @@
+% Generated by roxygen2: do not edit by hand
+% Please edit documentation in R/tsharrk-package.R
+\docType{package}
+\name{tsharrk}
+\alias{tsharrk}
+\alias{tsharrk-package}
+\title{Tools to Make Analyses Using 'tshark' Easier}
+\description{
+The 'tshark' (\url{https://www.wireshark.org/docs/man-pages/tshark.html})
+command line utility comes with Wireshark and is a is useful when performing
+analyses on packet captures (PCAPs). Tools are provided to make it a bit easier
+to work with 'tshark' to perform analyses with R.
+}
+\seealso{
+Useful links:
+\itemize{
+  \item \url{https://git.rud.is/hrbrmstr/tsharrk}
+  \item Report bugs at \url{https://git.rud.is/hrbrmstr/tsharrk/issues}
+}
+
+}
+\author{
+Bob Rudis (bob@rud.is)
+}
+\keyword{internal}

tests/tinytest.R

@@ -0,0 +1,5 @@
+
+if ( requireNamespace("tinytest", quietly=TRUE) ){
+  tinytest::test_package("tsharrk")
+}
+

tsharrk.Rproj

@@ -0,0 +1,21 @@
+Version: 1.0
+
+RestoreWorkspace: Default
+SaveWorkspace: Default
+AlwaysSaveHistory: Default
+
+EnableCodeIndexing: Yes
+UseSpacesForTab: Yes
+NumSpacesForTab: 2
+Encoding: UTF-8
+
+RnwWeave: Sweave
+LaTeX: pdfLaTeX
+
+StripTrailingWhitespace: Yes
+
+BuildType: Package
+PackageUseDevtools: Yes
+PackageInstallArgs: --no-multiarch --with-keep.source
+PackageBuildArgs: --resave-data
+PackageRoxygenize: rd,collate,namespace