I am using Pcap.net library in c# to change and anonymize packet fileds.i have already read packets from an offline pcap file and i have changed some fields in it.
my question is there is any way to create output file in a pcap format after change the fieds of packets like ip address,mac address and ...?
could anyone help me?
Thank you beforehand
Ftm.E
Yes.
You should follow the Pcap.Net user guide section "Saving packets to a dump file".
A code snippet from there:
// Open the device
using (PacketCommunicator communicator =
selectedDevice.Open(65536, // portion of the packet to capture
// 65536 guarantees that the whole packet will be captured on all the link layers
PacketDeviceOpenAttributes.Promiscuous, // promiscuous mode
1000)) // read timeout
{
// Open the dump file
using (PacketDumpFile dumpFile = communicator.OpenDump(args[0]))
{
Console.WriteLine("Listening on " + selectedDevice.Description + "... Press Ctrl+C to stop...");
// start the capture
communicator.ReceivePackets(0, dumpFile.Dump);
}
}
Related
I recently asked the question Apache Flume - send only new file contents
I am rephrasing the question in order to learn more and provide more benefitto future users of Flume.
Setup: Two servers, one with a .txt file that gets lines appended to it regularly.
Goal: Use flume TAILDIR source to append the most recently written line to a file on the other server.
Issue: Whenever the source file has a new line of data added, the current configuration appends everything in file on server 1 to the file in server 2. This results in duplicate lines in file 2 and does not properly recreate the file from server 1.
Configuration on server 1:
#configure the agent
agent.sources=r1
agent.channels=k1
agent.sinks=c1
#using memort channel to hold upto 1000 events
agent.channels.k1.type=memory
agent.channels.k1.capacity=1000
agent.channels.k1.transactionCapacity=100
#connect source, channel,sink
agent.sources.r1.channels=k1
agent.sinks.c1.channel=k1
#define source
agent.sources.r1.type=TAILDIR
agent.sources.r1.channels=k1
agent.sources.r1.filegroups=f1
agent.sources.r1.filegroups.f1=/home/tail_test_dir/test.txt
agent.sources.r1.maxBackoffSleep=1000
#connect to another box using avro and send the data
agent.sinks.c1.type=avro
agent.sinks.c1.hostname=10.10.10.4
agent.sinks.c1.port=4545
Configuration on server 2:
#configure the agent
agent.sources=r1
agent.channels=k1
agent.sinks=c1
#using memory channel to hold up to 1000 events
agent.channels.k1.type=memory
agent.channels.k1.capacity=1000
agent.channels.k1.transactionCapacity=100
#connect source, channel, sink
agent.sources.r1.channels=k1
agent.sinks.c1.channel=k1
#here source is listening at the specified port using AVRO for data
agent.sources.r1.type=avro
agent.sources.r1.bind=0.0.0.0
agent.sources.r1.port=4545
#use file_roll and write file at specified directory
agent.sinks.c1.type=file_roll
agent.sinks.c1.sink.directory=/home/Flume_dump
You have to set position json file. Then the source check the position and write only new added lines to sink.
ex) agent.sources.s1.positionFile = /var/log/flume/tail_position.json
How should i go about reading value from TAR register in msp430. I wnat to see the values, like we have serial monitor to do so in Arduino. I know we do not have anything like that in msp(except energia of course).I am coding in CCS 5.5.0.
The registers for the MSP430 processors are defined in standard headers and can then just be accessed as variables, they are just memory locations after all. There is a gotcha with the TAR and TBR registers in that they can sometimes return an intermediate value if they are in the process of being updated as a clock count increments the register contents so I have always used the following code to guard against this problem.
uint16_t Timer_Value ;
Timer_Value = TAR ;
while ( Timer_Value != TAR )
{
Timer_Value = TAR ;
}
I've search high and low looking for a way to display all text from FTP.exe to a richtextbox. so far i've only been able to do is display the output code. the idea is to run the test and display and capture to a file which hasn't been a problem except i can't seem to display all text as you would see it in Command.Hoping to see all text when done. Please Help!!
Here is he code:
Private Sub Rectangle1_Click(sender As Object, e As EventArgs) Handles Rectangle1.Click
Dim p As New Process()
With p
.StartInfo.Arguments = " -s:c:\dsl\ftptest\speed1.txt 65.40.220.20"
.StartInfo.CreateNoWindow = True
.StartInfo.FileName = "ftp"
.StartInfo.RedirectStandardError = True
.StartInfo.RedirectStandardOutput = True
.StartInfo.UseShellExecute = False
.Start()
Dim StErr As StreamReader = .StandardError
Dim StOut As StreamReader = .StandardOutput
While (Not StOut.EndOfStream)
Me.RichTextBox1.AppendText(String.Format("{0}", StOut.ReadLine() & vbCrLf))
End While
.WaitForExit()
End With
End Sub
End Class
Here is the output from the code:
User (65.40.220.20:(none)): Hash mark printing On ftp: (2048 bytes/hash mark) .
hash
get test.1meg
#
cd upload
put test.1meg
#
close
bye
Here is What I'm looking for:
C:\DSL\FTPTEST>call FTP -s:c:\dsl\FTPtest\speed1.txt 65.40.220.20
Connected to 65.40.220.20.
220-
This server is provided as a EMBARQ Speedtest server for DSL customers only.
Any other use is prohibited.
You may login using anonymous ftp and download the test files to determine your speed.
You may upload the same files to the upload directory to test your upload speed.
You may only upload the files that you previously downloaded from this server.
You cannot download anything from the upload directory.
Remember, some ftp programs measure speed in bytes per second.
DSL speeds are measured in bits per second. There are 8 bits in a byte.
If you can download at 64 kilobytes per second then that is the same as
512 kilobits per second.
220 65.40.220.20 FTP server ready
User (65.40.220.20:(none)):
331 Anonymous login ok, send your complete email address as your password.
230-
This server is provided as a EMBARQ Speedtest server for DSL customers only.
Any other use is prohibited.
You may login using anonymous ftp and download the test files to determine your speed.
You may upload the same files to the upload directory to test your upload speed.
You may only upload the files that you previously downloaded from this server.
You cannot download anything from the upload directory.
Remember, some ftp programs measure speed in bytes per second.
DSL speeds are measured in bits per second. There are 8 bits in a byte.
If you can download at 64 kilobytes per second then that is the same as
512 kilobits per second.
230 Anonymous access granted, restrictions apply.
ftp> hash
Hash mark printing On ftp: (2048 bytes/hash mark) .
ftp> get test.1meg
200 PORT command successful
150 Opening ASCII mode data connection for test.1meg (1048576 bytes)
#
#
#
ftp: 1048576 bytes received in 5.96Seconds 175.94Kbytes/sec.
ftp>
ftp> cd upload
250 CWD command successful
ftp> put test.1meg
200 PORT command successful
150 Opening ASCII mode data connection for test.1meg
#
#
#
226 Transfer complete.
ftp: 1048576 bytes sent in 5.98Seconds 175.23Kbytes/sec.
ftp>
ftp>
I think that you might be able to redirect the output of your command to a file. e.g, at the end of the command add (assuming that you have a directory c:\temp)
your command here > c:\temp\TestOutput.text
Then in your program, add a file system watcher to watch that file and load it into the textbox when it changes. If you're doing this lots of time then you might have to dynamically generate a filename and delete the files when no-longer needed.
I have a procedure which is writing a file, emailing it using mail_files, and then an OS-DELETE statement to delete the file after it is sent. The call to the external procedure which calls mail_files or the actual OS-COMMAND itself are asynchronous. The OS is AIX 6 and the version of Progress is 102B. Here's an example below:
Here is the main procedure:
DEFINE STREAM outStr.
OUTPUT STREAM outStr TO foo.txt.
FOR EACH customer NO-LOCK:
EXPORT STREAM outStr customer.
END.
OUTPUT STREAM outStr CLOSE. /*EDIT: The problem occurs even if it's closed*/
RUN sendmail.p.
OS-DELETE foo.txt.
Here is sendmail.p:
DEFINE STREAM stMail.
OUTPUT STREAM stMail THROUGH
"mail_files -f foo#bar.com -t me#here.com -s\"subject\" -b~\foo.txt\").
PUT STREAM stMail "Email body".
OUTPUT STREAM stMail CLOSE.
In testing it on my own, I can't replicate the error. Is Progress trying to "optimize" something here? Is there anything to cleanly make it do what I want without hard-coding a pause?
EDIT:
The stream is being closed before the email attempt, but the error still occurs. No partial file is sent.
The error I get is from mail_files because it can't find the file. I've checked, and no other processes are scheduled to run which would access the file.
No such file or directory
/usr/local/bin/mail_files[268]: foo.txt: cannot open
DEFINE STREAM outStr.
OUTPUT STREAM outStr TO foo.txt.
FOR EACH customer NO-LOCK:
EXPORT STREAM outStr customer.
END.
/* Dont forget to close */
OUTPUT STREAM outStr CLOSE.
RUN sendmail.p.
OS-DELETE foo.txt.
This looks like a pathing issue to me.
In your output stream statement you never define the path that the file will be written to. This will result in the path being the current working directory of whatever application this is running under. The path of the current working directory may not necessarily be the same path that mail__files is reading from (which appears to be /usr/local/bin).
I would suggest updating your code as follows:
OUTPUT STREAM outStr TO /usr/tmp/foo.txt.
and
OUTPUT STREAM stMail THROUGH
"mail_files -f foo#bar.com -t me#here.com -s\"subject\" -b\"/usr/tmp/foo.txt\").
...or you could just try updating this line to point at /usr/local/bin (although /usr/local/bin doesn't really strike me as an appropriate directory for temporary files):
OUTPUT STREAM outStr TO /usr/local/bin/foo.txt.
If I understood correctly, Progress removes your file before mail_files use it.
If this is that, you can use unique files and cron, delete all files that are supperior to a certain date.
For example:
DEFINE VARIABLE wlc-Identifiant AS CHARACTER NO-UNDO.
DEFINE VARIABLE wlc-file-txt AS CHARACTER NO-UNDO.
wlc-Identifiant = STRING(YEAR(TODAY), "9999") + STRING(MONTH(TODAY), "99") + STRING(DAY(TODAY), "99") + REPLACE(STRING(TIME, "HH:MM:SS"), ":", "").
wlc-file-txt = wlc-Identifiant + "foo.txt".
DEFINE STREAM outStr.
OUTPUT STREAM outStr TO VALUE (wlc-file-txt).
FOR EACH customer NO-LOCK:
EXPORT STREAM outStr customer.
END.
OUTPUT STREAM outStr CLOSE.
RUN sendmail.p (INPUT wlc-file-txt). /* add the file in parameter */
/*OS-DELETE foo.txt.*/ /* It 's a cron job */
In sendmail.p:
DEFINE INPUT PARAMETER wlpic-file-txt AS CHARACTER NO-UNDO.
DEFINE STREAM stMail.
OUTPUT STREAM stMail THROUGH
"mail_files -f foo#bar.com -t me#here.com -s\"subject\" -b~\" + wlpic-file-txt + "\").
PUT STREAM stMail "Email body".
OUTPUT STREAM stMail CLOSE.
And with cron, delete old files that were created there today - 1 (it's an examle)
I hope it will help you. :)
I am exploring redis to do pub/sub. I wanted to write a script that uses redis-cli to subscribe to a channel and dump whatever is published to a file. What I notice however is that redis-cli subscripe channel > output does not quite work.
This is because there is no automatic flush of stdout when redis-cli displays the messages associated to the subscription. So the last messages before stopping redis-cli do not appear in the output file.
There is no option you can use to enforce a systematic flush, redis-cli.c needs to be patched. In Redis source code, edit src/redis-cli.c, and find the following piece of code. Add the missing fflush line.
if (config.pubsub_mode) {
if (config.output != OUTPUT_RAW)
printf("Reading messages... (press Ctrl-C to quit)\n");
while (1) {
if (cliReadReply(output_raw) != REDIS_OK) exit(1);
// The following line must be added
fflush(stdout);
}
}
Once redis-cli has been compiled again, it should work as expected.