hrbrmstr
/
tsharrk
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
54 KiB
 
Branch: batman
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'batman'
${ noResults }
tsharrk/README.md

7.2 KiB
Raw Permalink Blame History

Project Status: Active – The project has reached a stable, usablestate and is being activelydeveloped. Signedby Signed commit% R-CMD-check Linux buildStatus CoverageStatus Minimal RVersion License

tsharrk

Tools to Make Analyses Using ‘tshark’ Easier

Description

The ‘tshark’ (https://www.wireshark.org/docs/man-pages/tshark.html) command line utility comes with Wireshark and is a is useful when performing analyses on packet captures (PCAPs). Tools are provided to make it a bit easier to work with ‘tshark’ to perform analyses with R.

What’s Inside The Tin

The following functions are implemented:

  • find_tshark: Find the tshark binary
  • get_tshark: Get tshark
  • packet_summary: Extract packet summary table (if any) from a PCAP
  • pcap_to_json: Convert an entire PCAP file to JSON
  • ts_read_json: Read in a JSON file created with pcap_to_json()
  • tshark_exec: Call the tshark binary with optional custom environment variables and options
  • tshark_hosts: Extract hostname/IP table (if any) from a PCAP

Installation

remotes::install_git("https://git.rud.is/hrbrmstr/tsharrk.git")
# or
remotes::install_gitlab("hrbrmstr/tsharrk")
# or
remotes::install_github("hrbrmstr/tsharrk")

NOTE: To use the ‘remotes’ install options you will need to have the {remotes} package installed.

Usage

library(tsharrk)

# current version
packageVersion("tsharrk")
## [1] '0.1.0'

tsharrk Metrics

Lang # Files (%) LoC (%) Blank lines (%) # Lines (%)
R 10 0.38 172 0.40 56 0.33 102 0.37
YAML 2 0.08 27 0.06 6 0.04 2 0.01
Rmd 1 0.04 18 0.04 22 0.13 34 0.12
SUM 13 0.50 217 0.50 84 0.50 138 0.50

clock Package Metrics for tsharrk

tshark_hosts(system.file("pcap", "http.pcap", package = "tsharrk"))
##               ip                     host
## 1 216.239.59.104 pagead.google.akadns.net
## 2  216.239.59.99 pagead.google.akadns.net

library(tibble)

as_tibble(
  packet_summary(system.file("pcap", "http.pcap", package = "tsharrk"))
)
## # A tibble: 43 x 7
##    packet_num    ts src          dst          proto length info                                                         
##         <dbl> <dbl> <chr>        <chr>        <chr>  <dbl> <chr>                                                        
##  1          1 0     145.254.160… 65.208.228.… TCP       62 "3372 → 80 [SYN] Seq=0 Win=8760 Len=0 MSS=1460 SACK_PERM=1"  
##  2          2 0.911 65.208.228.… 145.254.160… TCP       62 "80 → 3372 [SYN, ACK] Seq=0 Ack=1 Win=5840 Len=0 MSS=1380 SA…
##  3          3 0.911 145.254.160… 65.208.228.… TCP       54 "3372 → 80 [ACK] Seq=1 Ack=1 Win=9660 Len=0"                 
##  4          4 0.911 145.254.160… 65.208.228.… HTTP     533 "GET /download.html HTTP/1.1 "                               
##  5          5 1.47  65.208.228.… 145.254.160… TCP       54 "80 → 3372 [ACK] Seq=1 Ack=480 Win=6432 Len=0"               
##  6          6 1.68  65.208.228.… 145.254.160… TCP     1434 "HTTP/1.1 200 OK  [TCP segment of a reassembled PDU]"        
##  7          7 1.81  145.254.160… 65.208.228.… TCP       54 "3372 → 80 [ACK] Seq=480 Ack=1381 Win=9660 Len=0"            
##  8          8 1.81  65.208.228.… 145.254.160… TCP     1434 "80 → 3372 [ACK] Seq=1381 Ack=480 Win=6432 Len=1380 [TCP seg…
##  9          9 2.01  145.254.160… 65.208.228.… TCP       54 "3372 → 80 [ACK] Seq=480 Ack=2761 Win=9660 Len=0"            
## 10         10 2.44  65.208.228.… 145.254.160… TCP     1434 "80 → 3372 [ACK] Seq=2761 Ack=480 Win=6432 Len=1380 [TCP seg…
## # … with 33 more rows

tf <- tempfile()
pcap_to_json(system.file("pcap", "http.pcap", package = "tsharrk"), json = tf)
## /opt/homebrew/bin/tshark -T json -r /Library/Frameworks/R.framework/Versions/4.1-arm64/Resources/library/tsharrk/pcap/http.pcap

http_cap <- ts_read_json(tf)

http_cap
## Capture: packets-2004-05-13
## ───────────────────────────
##  1. frame ── eth ── ip ── tcp
##  2. frame ── eth ── ip ── tcp
##  3. frame ── eth ── ip ── tcp
##  4. frame ── eth ── ip ── tcp ── http
##  5. frame ── eth ── ip ── tcp
##  6. frame ── eth ── ip ── tcp
##  7. frame ── eth ── ip ── tcp
##  8. frame ── eth ── ip ── tcp
##  9. frame ── eth ── ip ── tcp
## 10. frame ── eth ── ip ── tcp
## 11. frame ── eth ── ip ── tcp
## 12. frame ── eth ── ip ── tcp
## 13. frame ── eth ── ip ── udp ── dns
## 14. frame ── eth ── ip ── tcp
## 15. frame ── eth ── ip ── tcp
## 16. frame ── eth ── ip ── tcp
## 17. frame ── eth ── ip ── udp ── dns
## 18. frame ── eth ── ip ── tcp ── http
## 19. frame ── eth ── ip ── tcp
## 20. frame ── eth ── ip ── tcp
## 21. frame ── eth ── ip ── tcp
## 22. frame ── eth ── ip ── tcp
## 23. frame ── eth ── ip ── tcp
## 24. frame ── eth ── ip ── tcp
## 25. frame ── eth ── ip ── tcp
## 26. frame ── eth ── ip ── tcp
## 27. frame ── eth ── ip ── tcp ── tcp.segments ── http ── data-text-lines
## 28. frame ── eth ── ip ── tcp
## 29. frame ── eth ── ip ── tcp
## 30. frame ── eth ── ip ── tcp
## 31. frame ── eth ── ip ── tcp
## 32. frame ── eth ── ip ── tcp
## 33. frame ── eth ── ip ── tcp
## 34. frame ── eth ── ip ── tcp
## 35. frame ── eth ── ip ── tcp
## 36. frame ── eth ── ip ── tcp
## 37. frame ── eth ── ip ── tcp
## 38. frame ── eth ── ip ── tcp ── tcp.segments ── http ── xml
## 39. frame ── eth ── ip ── tcp
## 40. frame ── eth ── ip ── tcp
## 41. frame ── eth ── ip ── tcp
## 42. frame ── eth ── ip ── tcp
## 43. frame ── eth ── ip ── tcp

unlink(tf)

Code of Conduct

Please note that this project is released with a Contributor Code of Conduct. By participating in this project you agree to abide by its terms.