I have a decrypted VPN pcap file. What I am trying to do is to read the pcap using tcptrace in linux. But, tcptrace does not seem to get this format that I have.
So here is the snapshot of the pcap. This is the pcap
So, what I want to do is to remove the 12 bytes, ENC header and then add a 14 byte ethernet header there.
I am not sure how to do that. I would typically like to separate a pcap that contains only requests and add a ethernet header after removing 12 bytes of ENC header.
Similarly create a pcap for reply's.
Can someone please help me on how to do this?
If tcptrace can handle pcap files with Linktype Raw, then you can use editcap to strip the first 12 bytes from the packets and not even bother with adding a dummy Ethernet header if you save the file with the rawip encapsulation. For example:
editcap infile.pcapng outfile.pcap -L -C 12 -T rawip -F pcap
Note: Here I used the -F pcap option to force the output file to be saved as a pcap file instead of a pcapng file, because I don't know if tcptrace supports pcapng files or not, and pcapng is the default output file type that editcap uses if you don't specify the output file type.
If tcptrace does not support Linktype Raw, then you should still be able to accomplish what you need, but you'll have to take the output file generated from editcap above and manipulate it further. Since editcap itself doesn't support adding a dummy Ethernet header to the packets, you can use Wireshark to save the packets to a text file and then convert the text file back to a pcap file, but when you convert it back to a pcap file, you will have the option of adding a dummy Ethernet header to the packets. That last step can also be accomplished with text2pcap. Here are the steps to follow using Wireshark:
Load the outfile.pcap file: File -> Open... -> File name: outfile.pcap.
Temporarily disable the IPv4 protocol. This is to ensure that reassembly does not occur; otherwise the output text file will not be generated in a format suitable to be imported later on should any reassembly occur: Analyze -> Enabled Protocols -> Protocols -> IPv4 -> De-select -> Apply.
Remove or hide all columns and add an absolute time column. This allows you to export the timestamp, and while not strictly required, it is very useful: Edit -> Preferences -> Columns -> De-select all columns; Add -> Field type: Absolute date, as YYYY-MM-DD, and time; Title "AbsTime" -> OK. (Note: It might be easier to create a separate Profile for "Pcap2Text" purposes in which only this column is displayed. This allows you to quickly change to this profile whenever you want to perform this operation again without affecting the columns of any other working profile.)
Export the packets to a text file: File -> Export Packet Dissections -> as "Plain Text" file... -> File name: outfile.txt; Packet Range: All packets; Packet Format: Select Packet summary line (but not column headings) and Packet Bytes.
Re-enable the IPv4 protocol: Analyze -> Enabled Protocols -> Protocols -> IPv4 -> Select -> OK.
Close the original output.pcap file.
Import the output.txt text file: File -> Import from Hex Dump... -> Filename: output.txt; Offsets: Hexadecimal; Date/Time: Select; Format: "%F %T." (no quotes, but the trailing '.' is important - this is the default); Import Encapsulation type: Ethernet; Dummy header: Select; Ethernet Ethertype (hex): 0800 -> OK.
Save the file: File -> Save As... -> File name: newfile_with_dummy_ethernet_header.pcap, Save as type: Wireshark/tcpdump/...- pcap (.pcap;.pcap.gz;.cap;.cap.gz;.dmp;.dmp.gz)
This file should now be readable by tcptrace. I can't promise that this is the most expedient method to achieve your goal, but at least it works in creating a pcap file with Ethernet encapsulation that tcptrace should be able to read.
Disclaimer: These instructions were generated using Wireshark 1.12.13 running on Windows 7 64-bit, or more specifically:
Compiled (64-bit) with GTK+ 2.24.23, with Cairo 1.10.2, with Pango 1.34.0, with
GLib 2.38.0, with WinPcap (4_1_3), with libz 1.2.5, with SMI 0.4.8, with c-ares
1.9.1, with Lua 5.2, without Python, with GnuTLS 3.2.15, with Gcrypt 1.6.2,
without Kerberos, with GeoIP, with PortAudio V19-devel (built Jul 28 2016), with
AirPcap.
Running on 64-bit Windows 7 Service Pack 1, build 7601, with WinPcap version
4.1.3 (packet.dll version 4.1.0.2980), based on libpcap version 1.0 branch
1_0_rel0b (20091008), GnuTLS 3.2.15, Gcrypt 1.6.2, with AirPcap 4.1.3 build
3348.
Intel(R) Core(TM) i5-2540M CPU # 2.60GHz, with 8072MB of physical memory.
Built using Microsoft Visual C++ 10.0 build 30319
Related
Given text in shift-jis encoding, how can I decode it into Elixir's native UTF-8 encoding, and vice-versa?
The Codepagex library supports this. You just need to figure out what it calls SHIFT_JIS.
Codepagex uses the mappings available from unicode.org. There is one for shift-jis but it's marked as OBSOLETE, so is not available in Codepagex. However, Microsoft's CP932 is also available, which is effectively SHIFT_JIS, so you can use that.
Config
It's not enabled by default, so you need to enable in in config (and re-compile with mix deps.compile codepagex --force if necessary):
config :codepagex, :encodings, [
"VENDORS/MICSFT/WINDOWS/CP932"
]
Encode/Decode
iex(1)> shift_jis = "VENDORS/MICSFT/WINDOWS/CP932"
"VENDORS/MICSFT/WINDOWS/CP932"
iex(2)> test = Codepagex.from_string!("テスト", shift_jis)
<<131, 101, 131, 88, 131, 103>>
iex(3)> Codepagex.to_string!(test, shift_jis)
"テスト"
Example repo
I made an example repo where you can see it in action.
I'm currently struggeling with following issue.
Developing in Lua
Different file encoding per file extension (for instance: "*.lua" -> iso88591, "*.lu8" -> utf8)
Actually there is no way to solve this in the settings.json (only per language).
So I decided to develop an extension setting the charset per file name (custom setting charset.assignment).
settings.json
...
"files.associations": {
"*.lu8": "lua"
},
"[lua]": {
"files.encoding": "utf8"
},
"charset.assignment": {
"*.lua": "iso88591"
},
...
So now I "only" have to set the character set of the current file in my extension.ts, but I didn't find any opportunity to do this. At the moment I'm trying to execute the workbench command workbench.action.editor.changeEncoding, it shows up, but I still have to manually chose the character set.Anyone knows, if it's possible to refer some parameters to the command (like vscode.commands.executeCommand('workbench.action.editor.changeEncoding', 'iso88591');?
Similar question (but for getting the current charset):
VSCode: activeTextEditor encoding
Links:
Provide encoding-related APIs for editor extensions
add support for charset
ChangeEncodingAction
File extension specific settings
I have added this (https://github.com/kewlbear/FFmpeg-iOS-build-script) version of ffmpeg to my project. I can't see the entry point to the library in the headers included.
How do I get access to the same text command based system that the stand alone application has, or an equivalent?
I would also be happy if someone could point me towards documentation that allows you to use FFmpeg without the command line interface.
This is what I am trying to execute (I have it working on windows and android using the CLI version of ffmpeg)
ffmpeg -framerate 30 -i snap%03d.jpg -itsoffset 00:00:03.23333 -itsoffset 00:00:05 -i soundEffect.WAV -c:v libx264 -vf fps=30 -pix_fmt yuv420p result.mp4
Actually you can build ffmpeg library including the ffmpeg binary's code (ffmpeg.c). Only thing to care about is to rename the function main(int argc, char **argv), for example, to ffmpeg_main(int argc, char **argv) - then you can call it with arguments just like you're executing ffmpeg binary. Note that argv[0] should contain program name, just "ffmpeg" should work.
The same approach was used in the library VideoKit for Android.
To do what you want, you have to use your compiled FFmpeg library in your code.
What you are looking for is exactly the code providing by FFmpeg documentation libavformat/output-example.c (that mean AVFormat and AVCodec FFmpeg's libraries in general).
Stackoverflow is not a "do it for me please" platform. So I prefer explaining here what you have to do, and I will try to be precise and to answer all your questions.
I assume that you already know how to link your compiled (static or shared) library to your Xcode project, this is not the topic here.
So, let's talk about this code. It creates a video (containing video stream and audio stream randomly generated) based on a duration. You want to create a video based on a picture list and sound file. Perfect, there are only three main modifications you have to do:
The end condition is not reaching a duration, but reaching the end of your file list (In code there is already a #define STREAM_NB_FRAMES you can use to iterate over all you frames).
Replace the dummy void fill_yuv_image by your own method that load and decode image buffer from file.
Replace the dummy void write_audio_frame by your own method that load and decode the audio buffer from your file.
(you can find "how to load audio file content" example on documentation starting at line 271, easily adaptable for video content regarding documentation)
In this code, comparing to your CLI, you can figure out that:
const char *filename; in the main should be you output file "result.mp4".
#define STREAM_FRAME_RATE 25 (replace it by 30).
For MP4 generation, video frames will be encoded in H.264 by default (in this code, the GOP is 12). So no need to precise libx264.
#define STREAM_PIX_FMT PIX_FMT_YUV420P represents your desired yuv420p decoding format.
Now, with these official examples and related documentation, you can achieve what you desire. Be careful that there is some differences between FFmpeg's version in these examples and current FFmpeg's version. For example:
st = av_new_stream(oc, 1); // line 60
Could be replaced by:
st = avformat_new_stream(oc, NULL);
st->id = 1;
Or:
if (avcodec_open(c, codec) < 0) { // line 97
Could be replaced by:
if (avcodec_open2(c, codec, NULL) < 0) {
Or again:
dump_format(oc, 0, filename, 1); // line 483
Could be replaced by:
av_dump_format(oc, 0, filename, 1);
Or CODEC_ID_NONE by AV_CODEC_ID_NONE... etc.
Ask your questions, but you got all the keys! :)
MobileFFMpeg is an easy to use pod for the purpose. Instructions on how to use MobileFFMpeg at: https://stackoverflow.com/a/59325680/1466453
MobileFFMpeg gives a very simple method for translating ffmpeg commands to your IOS objective-c program.
Virtually all ffmpeg commands and switches are supported. However you have to get the pod with appropriate license. e.g min-gpl will not give you features of libiconv. libiconv is convered in vidoe, gpl and full-gpl licenses.
Please highlight if you have specific issues regarding use of MobileFFMpeg
When extracting a ZIP file with System.Zip.TZipFile:
System.Zip.TZipFile.ExtractZipFile('C:\test.zip', 'R:\_TEST\');
for a specific ZIP file I get this error message box:
Stream read error.
Why?
The zip file which to reproduce the error, base64 encoded:
UEsDBC0ACAAIAHyDiEcAAAAA//////////8WABQATmV1ZXMgVGV4dGRva3VtZW50LnR4dAEAEAAA AAAAAAAAAAIAAAAAAAAAAwBQSwcIAAAAAAIAAAAAAAAAAAAAAAAAAABQSwECLQstAAgACAB8g4hH AAAAAP//////////FgA4AAAAAAABAAAAAAAAAAAATmV1ZXMgVGV4dGRva3VtZW50LnR4dAEAEAAA AAAAAAAAAAIAAAAAAAAACgAgAAAAAAABABgA1LFkAs0x0QHUsWQCzTHRAdSxZALNMdEBUEsFBgAA AAABAAEAfAAAAGIAAAAAAA==
Go to http://www.motobit.com/util/base64-decoder-encoder.asp
Decode this to your local storage as test.zip (don't change the character set)
The MD5 of the decoded binary file must be:
7357193E8F27FE1FB5AF2B8B6AF1F24C
Reference: The structure of a PKZip file
by Florian Buchholz.
Your ZIP file is stored using the ZIP64 extended variant of the format. The Delphi ZIP code does not support ZIP64.
I deduced that the file was ZIP64 by looking at the local file header. The compressed and uncompressed size fields are both 0xffffffff. From the reference above:
Compressed size: if archive is in ZIP64 format, this filed is 0xffffffff and the length is stored in the extra field
Uncompressed size: if archive is in ZIP64 format, this filed is 0xffffffff and the length is stored in the extra field
For the library to support ZIP64 it needs to detect these conditions and read the 64 bit values out of the additional headers. The Delphi code does not and attempts to read 0xffffffff bytes that are not there.
You will need to find a different ZIP file library, one that supports ZIP64, in order to operate on such a ZIP file. Alternatively, you could side-step the problem if you could arrange that whatever creates the ZIP files uses the plain ZIP format.
I am printing an EPS File generated with following credentials.
%-12345X#PJL JOB
#PJL ENTER LANGUAGE = POSTSCRIPT
%!PS-Adobe-3.0
%%Title: InvoiceDetail_combine
%%Creator: PScript5.dll Version 5.2.2
%%CreationDate: 10/7/2011 4:46:59
%%For: Administrator
%%BoundingBox: (atend)
%%Pages: (atend)
%%Orientation: Portrait
%%PageOrder: Special
%%DocumentNeededResources: (atend)
%%DocumentSuppliedResources: (atend)
%%DocumentData: Clean7Bit
%%TargetDevice: (HP Color LaserJet 4500) (2014.200) 0
%%LanguageLevel: 2
%%EndComments
While doing Selection Printing on Ricoh Afficio 2090 or any other drivers/printers get the following error printed on the sheets
ERROR: undefined
OFFENDING COMMAND: F4S47
Stack:
.
Kindly Review and suggest a turn around for the same as i am already stuck in this hell. I have tried to convert/extract in PS but all in vain. I am using gsview to Print and view these files.
This is the problem:
%%PageOrder: Special
A ps document with "Special" page order can NOT be re-ordered. You cannot do a selection or range with this file because it is broken for this use. You must reprocess the file using Distiller or ghostscript (ps2ps or ps2pdf) in order to print selected or re-ordered pages from the document.
You can avoid this by generating your postscript files with a real Postscript™ driver (one not created by Microsoft).
The GSView Documentation has more about this.
Previously:
This line ...
%%TargetDevice: (HP Color LaserJet 4500) (2014.200) 0
... tells us that the file was generated with HP printers as a target. So this really is not an EPS file. Because it's not Encapsulatable. To generate output on a printer the file has to execute the showpage operator, which is a no-no for EPS files.
So uncheck the EPS box (it's a big fat lie, anyway), and select (install) a Generic Postscript driver. If you need to send it to multiple makes of printer, the file needs to make as few assumptions about the printer as possible.
The first thing is that this is not a valid EPS file, as it has PJL attached at the front. Many PostScript printers will strip this off, but by no means all.
This probably is not the source of the problem.
There is no way to 'review' the problem as you have not supplied the complete PostScript program. Without that there is no way to tell what is actually wrong, the error message tells you that the interpreter encountered 'F4547' while trying to parse a token, and that this has not been defined as a routine.
Most likely the file is corrupt, either damaged in some way, or possibly it is a biinary file and has been transmitted by some process which does has done some kind of conversion (CR/LF is common). The offending command looks like its ASCIIHex encoded, so that may be a red herring.
If you want additional help, you are going to have to make the whole program available somewhere.