Useful Scripts and Programs

Blue Bar separator




The following are links to articles containing all the various scripts and programs that I have scattered around here.


Platform/OS Independent

addTraceLabels.plA Perl script to send a labeling frame for inclusion into a protocol analyzer trace file
delta.plA Perl script to calculate the delta values between 2 or more sets of numbers contained in a file
delta_time_stamp.plA Perl script to calculate the delta time between timestamps at the start of a line
genpass2.plPerl script to generate "good" passwords based on easy to remember passphrase
genpass_javascript.htmlJavaScript script to generate "good" passwords based on easy to remember passphrase
graph concurrent connectionsGraph concurrent connections in a packet trace file
not really a script but an example of how to do it using tshark and gunplot
split-pcap.plPerl script to separate the TCP flows in a pcap file -- See split-pcap.py below for an updated version that does not have the file number limitation of this script
tcplisten.plPerl script to listen on a TCP port and send back a specified message when there is a connection
tshark-data-2-text.plA perl script that takes a character string in the format of XX:XX:XX:XX... where each XX is between 00 and FF and converts it to reachable text. Design to be used with tshark-follow-stream.sh.
tshark-follow-stream.shA shell script that calls tshark to output a packet stream, color coding the segments in each direction, requires the tshark-data-2-text.pl perl script
tuc.plPerl script to send a UDP datagram to a speficied IP address and por and wait for a response
udpecho.plPerl script to listen on a UDP port and echo back a response when a datagram is received

Linux

ping-date.shA shell script to ping a host using the date/time as text as the payload
measure_retrans_effect.shA shell script to measure the effects of retransmissions

Packet Analysis tools (Linux shell scripts) found on GitHub

average.shA simple wrapper around tshark to extract a fields from a set of packets and average them.
build_filter.shBuilds a tshark filter by ANDing or ORing the values in a list with a tshark variable
bytes-in-flight.shCalculates the bytes-in-flight and available window for every single TCP segment in a connection instead of only when segments are sent (which is what Wireshark does). Gives a more (I think) realistic view of bytes in flight and available window..
check-subnet.shTest whether an IPv4 address is part of a subnet or not
dns-time.shCalculates the DNS response time for each answered DNS query and lists unanswered queries.
failed-connection-attempts.shFind TCP connection attempts that have a failed. There are 7 failure scenarios.
find-ips.shUses egrep to list all strings in a file that match an IPv4 address format and then sort -u to get a unique list. Really just a one-liner by this way I do not have to remember (or type) the egrep string. Its useful with build-filter.sh to create a filter to display all the IPs listed in say a log file.
find-mangled-sequence-numbers.shFind TCP connections where some middleware device has rewritten the TCP header sequence numbers but not the numbers in the SACK block.
find-reset-connections.shFind TCP connections that have been reset without being closed.
find-retran-failures.shFind TCP connections that appear to have failed because of retransmission failures.
fix-pcap.shRemoves a partial packet at the end of a packet trace file.
local-drops.shFor each retransmitted TCP segment determine if the segment is seen more than once.
packet-matcher-faster.shCompares IP ID and absolute TCP sequence and ACK numbers between two traces to match up TCP segments where the IP addresses and or TCP have been changed (i.e. NAT).
packet-matcher.shExtracts byte strings from a TCP stream in a template trace and looks for the strings in a target trace. The goal is to find a match TCP stream in the target trace file.
percent-retransmissions.shFor every connection in the trace file calculate the percentage of retransmissions for every source IP address as retransmissions / not-retransmitted source segments. segments must contain data, i.e.will not identify retransmitted SYNs or FINs without data.
ping-message.shA script to send an ICMP echo request (ping) with a 16 character message embedded in it instead of the standard sequence of ascii characaters.
ping-time.shA script to send an ICMP echo request (ping) with a 16 character time stamp (HH:MM:SS.sssssssss) embedded in it instead of the standard sequence of ascii characaters.
split-pcap.pyReads X.pcap and creates a set of X.pcap_IP1-Port1_IP2-Port2_split.pcap files, one for each TCP four-tuple. Reads only pcap files not pcapng. Requires Python and the scapy module.
start-packet-tracing.shRuns tcpdump in the background with 10 files of 100 Meg each.
stream-throughput.shCalculate the throughput of all TCP streams in a trace file.
throughput-per-sec.shCalculate throughput per second of a specific stream at resolutions of 1, 1/10, 1/100, and 1/1000 of a second. results are suitable for graphing.
time-summary.shFinds all files in the current directory and any sub directories and displays then start and end times in sorted order.
unterminated-connections.shFind TCP connections that have not been closed or reset.

VOS

3rd_party_keep_alive.cm.cmCommand macro that given a socket's PCB address calls 3rd_party_keep_alive.pm every N minutes to keep a connection active
3rd_party_keep_alive.pmsends a TCP segment mimicking a keep-alive segment from the specified connection.
arp_flush.cmFlushes the STCP ARP cache by deleting each entry in the cache one at a time
arp_scan.cmUses a fast ping to generate an ARP request for each host in a class C subnet and then dumps the resulting ARP table. Similar to scan.cm but simpler.
beacon.cBeacon packet to assist in protocol trace synchronization
BPRI_LO_alert.cmSends 25th line message when current STREAMS memory usage exceeds specified threshold
BPRI_LO_check.cmDisplays current and max STREAMS memory usage
cr.plPerl script to add (or remove) carriage return characters to the end of lines prior to (or after) transferring files to (or from) an MS Windows system using SFTP or FTP in binary mode
cycle_output_files.cmRuns a process till the output file gets to a certain size then stops it and runs it again cycling to another output file
dump_process_set.cmExecute a set of analyze_system requests against a set of running processes
dump_streams.cmGather as much information as possible about the current STREAMS usage
find_my_ip_address.cmA script that can be used to determine your public IP address
fnet.cmFilter the output of the STCP netstat command
gather_stcp.cmGather STCP Interface and Ethernet adapter statistics for performance monitoring and troubleshooting
get_connection_meters.cmDump the stcp_meters statistics for a select connection or connections
get_process_sockets.cmA macro to dump the TCB and socket meters for all sockets associated with a process (or processes). This keys off of a process name or number
get_socket_info.cmDump the stcp_meters statistics and/or TCB data for a select connection or connections. This keys off IP address, port number or TCB address
get_switch_interface_stats.cmA macro to dump the interfaces group counters from the MIB-II MIB for a specific port on a switch.
list_all_process_network.cmList all the STCP IP socket connections for all process currently running. See tcp_socket_owner.cm for a faster alternative that might do what you need.
list_process_network.cmList all the STCP IP socket connections for a given process
list_vterm_parameters.cmList the parameters needed for telnet_msd to work for all vterms matching a star name
logd.cC source code for a very simple log server
map_connections.cmA macro to call both map_telnetd_connections and map_secured_connections.
map_telnetd_connections.cmDisplay or write a file containing a list of all users who are connected to the module via telnetd, the device they are connected to and the IP address and port number they are connecting from.
map_secured_connections.cmDisplay or write a file containing a list of all users who are connected to the module via sshd, the device they are connected to and the IP address and port number they are connecting from.
match.plPerl script to match lines from files or command output
monitor_sdlmux_adapter_status.cmPeriodically checks the status of network links and sends 25th line message and puts entry in the syserr_log if it finds that a link is down or an adapter has failed.
netstat-all-interfaces.cmloop through all STCP interfaces doing netstat -interface
netstat_filter.plMonitor netstat output filtering out uninteresting lines
new_resolve.cExample program showing how to call getaddrinfo to resolve host names
osl_server_times.cmCommad macro to display the last_run_time for all the osl_server processes
personal_ssh_setup.cmSet up Stratus STCP SSH to use public key authentication
ping_forever.cmContinuously ping a host without flooding the network
pm.cmRun STCP packet_monitor with the most common/useful options
pm21line.plCombines all of the protocol header lines displayed by packet_monitor into 1 line eliminating non-header lines
pm2text2pcap.plPerl script to process packet_monitor out so that text2pcap can be run over it to create a pcap file
process_packet_monitor_scan.cmProcesses the output of packet_monitor to construct a list of seen IP addresses
resolve.cExample program showing how to call gethostname to resolve host names
scan.cmA scanner to find all hosts on a local subnet (uses ARP)
send_cmds.cC program that allows you to log into a remote system via "telnet" and execute commands in a script. Allows execution within a command macro
smtp.plPerl script using the SMTP Perl module to sent an E-mail or SMS message
socket_count.cmCalculate the current socket usage and how close to the various limits you are
start_more_osl_servers.cmCommand macro to start more osl_server processes
stcp_deadgw.cmDetermine if a STCP gateway has stopped working and switch to another gateway (MS Word file)
stcp_device_lockers.cmList all the processes with an STCP device clone locked - sorted by number of devices locked
stcp_tping.cC program that "pings" a remote host by establishing a TCP connection (MS Word file).
tcpos_deadgw.cmDetermine if a TCP_OS gateway has stopped working and switch to another gateway (MS Word file)
tcp_socket_owner.cmList processes attached to an STCP TCP socket. This is much faster than list_all_process_network.cm but does not list UDP sockets or identify the actual connections. It also requires perl.
timeout_recv.cAn example of how to timeout a blocking recv so that it does not block forever
whos_running.cmlist who bound the program module and who created the file for every running program module

ftServer/Windows

beacon.cBeacon packet to assist in protocol trace synchrontization
dgw.plPerl script to determine if a gateway has stopped working and switch to another gateway (MS Word file)
genpass.exePassword generation program, runs under Windows.
kill_dumpcap.vbsA VBS script to stop a dumpcap (Wireshark) trace when a packet is seen (or not seen) in a tracefile.
list_dumpcap.vbsA VBS script to list the PID of all the dumpcap (Wireshark) processes running.
ListFilesBySize.vbsA VBS script to list all files in a directory tree sorted by size
netstat-statistics.vbsA VBS script to periodically collect network statistics for baselining and trouble shooting Windows systems
ping_trigger.vbsVBS script to ping a host and execute a command if the ping fails
tping-w.plPerl script that uses TCP to "ping" a host.

Other

mm.cProxy program to split and combine application layer messages accross and within TCP layer segments. This tests an applications ability to correctly handle TCP's byte stream protocol versus a mesage protocol. The program is written in C for FreeBSD but it should compile on just anout any Unix or Linux platform.


Blue Bar separator
This page was last modified on 21-12-07
mailbox Send comments and suggestions
to noah@noahdavids.org