diff options
Diffstat (limited to 'tools/netscreen2dump.py')
| -rwxr-xr-x | tools/netscreen2dump.py | 137 |
1 files changed, 137 insertions, 0 deletions
diff --git a/tools/netscreen2dump.py b/tools/netscreen2dump.py new file mode 100755 index 00000000..7aaac94b --- /dev/null +++ b/tools/netscreen2dump.py @@ -0,0 +1,137 @@ +#!/usr/bin/env python +""" +Converts netscreen snoop hex-dumps to a hex-dump that text2pcap can read. + +Copyright (c) 2004 by Gilbert Ramirez <gram@alumni.rice.edu> + +SPDX-License-Identifier: GPL-2.0-or-later +""" + +import sys +import re +import os +import stat +import time + + +class OutputFile: + TIMER_MAX = 99999.9 + + def __init__(self, name, base_time): + try: + self.fh = open(name, "w") + except IOError, err: + sys.exit(err) + + self.base_time = base_time + self.prev_timestamp = 0.0 + + def PrintPacket(self, timestamp, datalines): + # What do to with the timestamp? I need more data about what + # the netscreen timestamp is, then I can generate one for the text file. + # print("TS:", timestamp.group("time")) + try: + timestamp = float(timestamp.group("time")) + except ValueError: + sys.exit("Unable to convert '%s' to floating point." % + (timestamp,)) + + # Did we wrap around the timeer max? + if timestamp < self.prev_timestamp: + self.base_time += self.TIMER_MAX + + self.prev_timestamp = timestamp + + packet_timestamp = self.base_time + timestamp + + # Determine the time string to print + gmtime = time.gmtime(packet_timestamp) + subsecs = packet_timestamp - int(packet_timestamp) + assert subsecs <= 0 + subsecs = int(subsecs * 10) + + print >> self.fh, "%s.%d" % (time.strftime("%Y-%m-%d %H:%M:%S", gmtime), \ + subsecs) + + # Print the packet data + offset = 0 + for lineno, hexgroup in datalines: + hexline = hexgroup.group("hex") + hexpairs = hexline.split() + print >> self.fh, "%08x %s" % (offset, hexline) + offset += len(hexpairs) + + # Blank line + print >> self.fh + + +# Find a timestamp line +re_timestamp = re.compile(r"^(?P<time>\d+\.\d): [\w/]+\((?P<io>.)\)(:| len=)") + +# Find a hex dump line +re_hex_line = re.compile(r"(?P<hex>([0-9a-f]{2} ){1,16})\s+(?P<ascii>.){1,16}") + + +def run(input_filename, output_filename): + try: + ifh = open(input_filename, "r") + except IOError, err: + sys.exit(err) + + # Get the file's creation time. + try: + ctime = os.stat(input_filename)[stat.ST_CTIME] + except OSError, err: + sys.exit(err) + + output_file = OutputFile(output_filename, ctime) + + timestamp = None + datalines = [] + lineno = 0 + + for line in ifh.xreadlines(): + lineno += 1 + # If we have no timestamp yet, look for one + if not timestamp: + m = re_timestamp.search(line) + if m: + timestamp = m + + # Otherwise, look for hex dump lines + else: + m = re_hex_line.search(line) + if m: + datalines.append((lineno, m)) + else: + # If we have been gathering hex dump lines, + # and this line is not a hex dump line, then the hex dump + # has finished, and so has the packet. So print the packet + # and reset our variables so we can look for the next packet. + if datalines: + output_file.PrintPacket(timestamp, datalines) + timestamp = None + datalines = [] + + # At the end of the file we may still have hex dump data in memory. + # If so, print the packet + if datalines: + output_file.PrintPacket(timestamp, datalines) + timestamp = None + datalines = [] + + +def usage(): + print >> sys.stderr, "Usage: netscreen2dump.py netscreen-dump-file new-dump-file" + sys.exit(1) + + +def main(): + if len(sys.argv) != 3: + usage() + + run(sys.argv[1], sys.argv[2]) + + +if __name__ == "__main__": + main() |