If you are not a LiveAction Maintenance Customer but would like to purchase a Maintenance contract for your LiveAction product please click here for sales information.
Submitted By : Savvius
Downloaded : 668 Times
View Comments ()
Feel the Power !!!
Powerbar is a plug-in that adds scripting capabilities to OmniPeek. With Powerbar you can create quick scripts on the fly, and enable and disable them quickly like filters. Powerbar scripts can process packets and call back into OmniPeek to do things like get and add stats, write to the log and files, beep, and much much more. The Powerbar language provides simple commands to interact with OmniPeek, and includes if, then, and while features. It even has named variables. Variables maintain state between scripts and packets, allowing for more complex and efficient scripts.
Important: Powerbar requires OmniPeek Professional or Enterprise
So what can you do with Powerbar? With Powerbar you can innovate, and do things, and solve problems we have not even thought of yet. In fact, that is the whole point. It turns OmniPeek into a host for your network applications. For example you can calculate and create new summary stats, which can be graphed and triggered. You can write to the log and to .csv files. You can write scripts that run once a second for monitoring, or on each packet for deep packet analysis, decoding, and filtering.
Powerbar scripts maintain state between runs and output data in a number of ways. There are three different types of scripts: Timer, Capture, and Filter scripts. Timer scripts are run once every second. Timer scripts are used to monitor statistics, and other resources. The result of a Timer script can be a meta event, like a stat, a notification, or a report. Capture scripts and filter scripts are both run on each packet. Filter scripts are used to accept or reject a packet into the packet buffer.
Powerbar installs with a few interesting scripts for you to try. Powerbar scripts can also be imported and exported. This allows one engineer to make a script, export it, and give it to other member of his team.
Examples of all three script types are shown below.
Timer Scripts
Here is a Timer script that gets the existing Total Bytes statistic from Summary Stats, converts it to bits, and creates a new stat out of it. In this script, we get the Total Bytes, convert it to bits, and create a new stat called Total Bits.
Here is what it looks like in Summary Stats:
And here is what it looks like when graphed:
Capture Scripts
The next script is a Capture Script, which runs on every packet. It first tests for IP, then TCP, and then uses the src and dst ports as the frequency in the Beep command. I am listening to it now. Very nice .... if you like grasshoppers.
The filter script is used for creating arbitrarily complex filters. A filter script allows the user to create filters using arbitrary logic instead of being limited by the filter types defined in OmniPeek. Below is a sample:
Filter Scripts
This simple filter accepts HTTP by using the Return command if port 80 is detected or ultimately calls the Reject command which of course filters out the packet. I have lots of other scripts too. Some scripts create Summary Stats which can be graphed and others generate notifications. There are even script commands to aggregate packets from multiple captures into a single capture window.
API. Below is a script that does stats:
And here is the result of that script whose values can then be graphed and alarmed on.
Powerbar Syntax
The Powerbar syntax is keyword based, with support for { and } for "if" blocks and "while" loops. Variables do not have to be declared, they are just used. For example, "Set nVar 0" will create a variable called nVar, and set it to 0. "Add nVar 1" will add 1 to the variable nVar".
Powerbar Best Practices
The Powerbar Scripting Language is interpreted, so it is not as fast as compiled code, like a plug-in. For this reason, Powerbar scripts should not be run in real-time on high bandwidth networks. For high bandwidth situations it is best to capture traffic and then play it as a file adapter through a Powerbar script. Powerbar is ideal for processing trace files. One way to do this is use Powerbar with PeekPlayer, and send the packets from a file window using PeekPlayer, to a capture window with the enabled Powerbar script.
Powerbar Keywords
The Powerbar Scripting Language supports the following keywords:
Note: Use a % to identify variables in strings
Use 0x to identify hex values
History
Of course the scripts can be used to do many other things. Scripts add a whole new type of control to the Omni platform and a whole new type of content you can create and make available to each other through our website and others.
Another way to run Powerbar script on traces files, is to enable the scripts you want to run, and select reprocess packets from the Edit menu.
* -comment Add -[VARIABLE_NAME VALUE] add a value to a variable Beep -[FREQUENCY] every language needs a beep Decr -[COUNT] decrement the packet index COUNT number of bytes DecrBit -[COUNT] decrement the packet bit index COUNT number of bits Div -[VARIABLE_NAME VALUE] Divide a variable with a value Expert -Specifies that a script is used to produce an expert summary string EndIf -end a conditional block EndLoop -end the loop EndWhile -end a While loop File -[text to output to a file] output text to a file (default file is powerbar.log) Filename -[filename] change the filename of the File command Filter -Specifies that a script is a filter script Find [STRING START VAR] Find a string in the packet from START. Return VAR FindHex - [STRING START VAR] Find a hex pattern in the packet from START. Return VAR GetActualLength -[VAR] get the actual length of the packet GetBit -[VAR BIT [INDEX]] put bit BIT at INDEX into VAR GetByte -[VAR [INDEX]] put a byte at INDEX into VAR GetLong -[VAR [INDEX]] put a long (4 bytes) at INDEX into VAR GetPacketLength -[VAR] get the length of the packet GetPacketNumber -[VAR] get the packet number GetSliceLength -[VAR] get the slice length of the packet GetStat -[GROUP LABEL VARIABLE_NAME] put a summary stat into a variable GetStatEx -[GROUP LABEL VARIABLE_NAME TITLE] put a summary stat from a capture window called TITLE into a variable GetGStat -[GROUP LABEL VARIABLE_NAME] put a global summary stat into a variable GetTCPDataOffset -[VAR] get the offset of the TCP data layer. Returns 0 if not found. GetTicks -[VAR] tenths of a second since start into VAR GetWord -[VAR [INDEX]] put a word (2 bytes) at INDEX into VAR If -conditional statement (eg If a == b) Incr -[COUNT] increment the packet index COUNT number of bytes IncrBit -[COUNT] increment the packet bit index COUNT number of bytes InsertPacket -[window title] insert the current packet into window Log -[text to log] output text to the log LogOn -turn on outlogging so every script command is output to the log before it is run LogOff -turn off autologging Loop -[number of loops] - loop the script Mask -[VARIABLE_NAME VALUE] logical and a value and a variable Mul -[VARIABLE_NAME VALUE] multiply a value with a variable Pop -[VARIABLE_NAME] pop a value from the stack into a variable Push -[VALUE] push a variable or value onto the stack Reject -Reject a packet in a Filter script Return -return from a script Run -[PROGRAM [ARG1 ARG2 ... ] run a program with arguments Script -[script name] run a script by name Set -[VARIABLE_NAME VALUE] set a variable to a value SetGStat -[GROUP LABEL VALUE] set a global summary stat to a value SetName -[NAME VALUE] Set a name in the name table to a value SetStat -[GROUP LABEL VALUE] set a summary stat to a value SetStatEx -[GROUP LABEL VALUE TITLE] set a summary stat in a capture window called TITLE to a value SetString -[FORMATTED_STRING] set the summary/expert string Sleep -[Milliseconds] sleep for some number of milliseconds Sub -[VARIABLE_NAME VALUE] subtract a value to a variable SummaryString -Specifies that a script is used to produce a summary string While -[EXPRESSION] loop while EXPRESSION is true (eg While i < 10)
PowerBar 2.0.0.6 8/2/10
- Added Find and FindHex
- Added support for { } to bracket if and when blocks
PowerBar 2.0.0.5 11/20/09
- Changed installer to .msi
- Added sample scripts to installer
- Added support for trace files
- Added GetPacketNumber command
- Added GetTCPDataOffset command
PowerBar 2.0.0.4 5/7/08
- Added Timer scripts
PowerBar 2.0.0.2
- Added GetName command
- Added Mask command
- added suport for hex values