Hi Heikki,
Am 10.08.2017 um 12:04 schrieb Heikki Vatiainen:
On 9.8.2017 20.11, Karl Gaissmaier wrote:
is there already a wrapper in your toolbox to feed the msglog to
text2pcap, using the proper directives per packet and collecting all
packets in one pcap file?
No, there is not. If I remember correctly, the idea was to have the
directives more or less ready for text2pcap so that it could do the
processing when it creates the pcap file. As you probably noticed from
text2pcap documentation, line starting with '#TEXT2PCAP' is a special
directive but it looks like it does nothing yet (and currently Radiator
adds ##TEXT2PCAP).
The only, slightly, related thing in goodies is hexdump2wireshark.pl
which creates similar output from Trace 5 messages dumps.
In case someone wants to try this now, running text2pcap against the
file with one set of command line options does create a valid pcap file.
However, the ports and IPs are all the same, so the direction needs to
be deduced from the message contents.
Please let us know how it goes if you decide to do a script,Hi Heikki,
yes, I'll do, but before, please inspect the following patches:
1.) Please add a dot as delimiter between seconds and microseconds, then
text2pcap can parse the timestamp with the option flag '-t %s.'
diff --git a/Radius/MessageLogFILE.pm b/Radius/MessageLogFILE.pm
index f86362a..656377f 100644
--- a/Radius/MessageLogFILE.pm
+++ b/Radius/MessageLogFILE.pm
@@ -140,7 +140,7 @@ sub format_radius_text2pcap
$from_ip = Radius::Util::inet_ntop($from_ip);
$to_ip = Radius::Util::inet_ntop($to_ip);
my $t = "##TEXT2PCAP -i 17 -4 $to_ip,$from_ip -u $to_port,$from_port\n";
- $t .= $sec . $usec . " 0000 ";
+ $t .= "$sec.$usec" . " 0000 ";
$t .= join ' ', map {sprintf "%02x", $_} unpack('C*', $data);
return "$t\n";
2.) and if we already patch and change the output format, we should also
trim the directive line to meet promised text2pcap enhancements:
diff --git a/Radius/MessageLogFILE.pm b/Radius/MessageLogFILE.pm
index 656377f..68619ff 100644
--- a/Radius/MessageLogFILE.pm
+++ b/Radius/MessageLogFILE.pm
@@ -139,7 +139,7 @@ sub format_radius_text2pcap
$from_ip = Radius::Util::inet_ntop($from_ip);
$to_ip = Radius::Util::inet_ntop($to_ip);
- my $t = "##TEXT2PCAP -i 17 -4 $to_ip,$from_ip -u $to_port,$from_port\n";
+ my $t = "#TEXT2PCAP -i 17 -4 $to_ip,$from_ip -u $to_port,$from_port\n";
$t .= "$sec.$usec" . " 0000 ";
$t .= join ' ', map {sprintf "%02x", $_} unpack('C*', $data);
Regards
Charly
--
Karl Gaissmaier
Universität Ulm
kiz, Kommunikations und Informationszentrum
89069 Ulm
Tel.: 49(0)731/50-22499
Fax : 49(0)731/50-12-22499
_______________________________________________
radiator mailing list
radiator@lists.open.com.au
http://lists.open.com.au/mailman/listinfo/radiator
