packetfu 1.0.0

data/lib/packetfu/udp.rb

@@ -0,0 +1,210 @@
+module PacketFu
+
+	# UDPHeader is a complete UDP struct, used in UDPPacket. Many Internet-critical protocols
+	# rely on UDP, such as DNS and World of Warcraft.
+	#
+	# For more on UDP packets, see http://www.networksorcery.com/enp/protocol/udp.htm
+	#
+	# ==== Header Definition
+	#  Int16   :udp_src
+	#  Int16   :udp_dst
+	#  Int16   :udp_len  Default: calculated
+	#  Int16   :udp_sum  Default: 0. Often calculated. 
+	#  String  :body
+	class UDPHeader < Struct.new(:udp_src, :udp_dst, :udp_len, :udp_sum, :body)
+
+		include StructFu
+
+		def initialize(args={})
+			super(
+				Int16.new(args[:udp_src]),
+				Int16.new(args[:udp_dst]),
+				Int16.new(args[:udp_len] || udp_calc_len),
+				Int16.new(args[:udp_sum]),
+				StructFu::String.new.read(args[:body])
+			)
+		end
+
+		# Returns the object in string form.
+		def to_s
+			self.to_a.map {|x| x.to_s}.join
+		end
+
+		# Reads a string to populate the object.
+		def read(str)
+			force_binary(str)
+			return self if str.nil?
+			self[:udp_src].read(str[0,2])
+			self[:udp_dst].read(str[2,2])
+			self[:udp_len].read(str[4,2])
+			self[:udp_sum].read(str[6,2])
+			self[:body].read(str[8,str.size])
+			self
+		end
+
+		# Setter for the UDP source port.
+		def udp_src=(i); typecast i; end
+		# Getter for the UDP source port.
+		def udp_src; self[:udp_src].to_i; end
+		# Setter for the UDP destination port.
+		def udp_dst=(i); typecast i; end
+		# Getter for the UDP destination port.
+		def udp_dst; self[:udp_dst].to_i; end
+		# Setter for the length field. Usually should be recalc()'ed instead.
+		def udp_len=(i); typecast i; end
+		# Getter for the length field.
+		def udp_len; self[:udp_len].to_i; end
+		# Setter for the checksum. Usually should be recalc()'ed instad.
+		def udp_sum=(i); typecast i; end
+		# Getter for the checksum.
+		def udp_sum; self[:udp_sum].to_i; end
+
+		# Returns the true length of the UDP packet.
+		def udp_calc_len
+			body.to_s.size + 8
+		end
+
+		# Recalculates calculated fields for UDP.
+		def udp_recalc(args=:all)
+			arg = arg.intern if arg.respond_to? :intern
+			case args
+			when :udp_len
+				self.udp_len = udp_calc_len
+			when :all
+				self.udp_recalc(:udp_len)
+			else
+				raise ArgumentError, "No such field `#{arg}'"
+			end
+		end
+
+		# Equivalent to udp_src.to_i
+		def udp_sport
+			self.udp_src
+		end
+
+		# Equivalent to udp_src=
+		def udp_sport=(arg)
+			self.udp_src=(arg)
+		end
+
+		# Equivalent to udp_dst
+		def udp_dport
+			self.udp_dst
+		end
+		
+		# Equivalent to udp_dst=
+		def udp_dport=(arg)
+			self.udp_dst=(arg)
+		end
+
+	end
+
+	# UDPPacket is used to construct UDP Packets. They contain an EthHeader, an IPHeader, and a UDPHeader.
+	#
+	# == Example
+	#
+	#   udp_pkt = PacketFu::UDPPacket.new
+	#   udp_pkt.udp_src=rand(0xffff-1024) + 1024
+	#   udp_pkt.udp_dst=53
+	# 
+	#   udp_pkt.ip_saddr="1.2.3.4"
+	#   udp_pkt.ip_daddr="10.20.30.40"
+	#
+	#   udp_pkt.recalc
+	#   udp_pkt.to_f('/tmp/udp.pcap')
+	#
+	# == Parameters
+	#
+	#  :eth
+	#    A pre-generated EthHeader object.
+	#  :ip
+	#    A pre-generated IPHeader object.
+	#  :flavor
+	#    TODO: Sets the "flavor" of the UDP packet. UDP packets don't tend have a lot of
+	#    flavor, but their underlying ip headers do.
+	#  :config
+	#   A hash of return address details, often the output of Utils.whoami?
+	class UDPPacket < Packet
+
+		attr_accessor :eth_header, :ip_header, :udp_header
+		
+		def initialize(args={})
+			@eth_header = EthHeader.new(args).read(args[:eth])
+			@ip_header = IPHeader.new(args).read(args[:ip])
+			@ip_header.ip_proto=0x11
+			@udp_header = UDPHeader.new(args).read(args[:icmp])
+			@ip_header.body = @udp_header
+			@eth_header.body = @ip_header
+			@headers = [@eth_header, @ip_header, @udp_header]
+			super
+			udp_calc_sum
+		end
+
+		# udp_calc_sum() computes the UDP checksum, and is called upon intialization. 
+		# It usually should be called just prior to dropping packets to a file or on the wire. 
+		def udp_calc_sum
+			# This is /not/ delegated down to @udp_header since we need info
+			# from the IP header, too.
+			checksum = (ip_src.to_i >> 16)
+			checksum += (ip_src.to_i & 0xffff)
+			checksum += (ip_dst.to_i >> 16)
+			checksum += (ip_dst.to_i & 0xffff)
+			checksum += 0x11
+			checksum += udp_len.to_i
+			checksum += udp_src.to_i
+			checksum += udp_dst.to_i
+			checksum += udp_len.to_i
+			if udp_len.to_i >= 8
+				# For IP trailers. This isn't very reliable. :/
+				real_udp_payload = payload.to_s[0,(udp_len.to_i-8)] 
+			else
+				# I'm not going to mess with this right now.
+				real_udp_payload = payload 
+			end
+			chk_payload = (real_udp_payload.size % 2 == 0 ? real_udp_payload : real_udp_payload + "\x00")
+			chk_payload.unpack("n*").each {|x| checksum = checksum+x}
+			checksum = checksum % 0xffff
+			checksum = 0xffff - checksum
+			checksum == 0 ? 0xffff : checksum
+			@udp_header.udp_sum = checksum
+		end
+
+		# udp_recalc() recalculates various fields of the UDP packet. Valid arguments are:
+		#
+		#   :all
+		#     Recomputes all calculated fields.
+		#   :udp_sum
+		#     Recomputes the UDP checksum.
+		#   :udp_len
+		#     Recomputes the UDP length.
+		def udp_recalc(args=:all)
+			case args
+			when :udp_len
+				@udp_header.udp_recalc
+			when :udp_sum
+				udp_calc_sum
+			when :all
+				@udp_header.udp_recalc
+				udp_calc_sum
+			else
+				raise ArgumentError, "No such field `#{arg}'"
+			end
+		end
+
+		# Peek provides summary data on packet contents.
+		def peek(args={})
+			peek_data = ["U "]
+			peek_data << "%-5d" % self.to_s.size
+			peek_data << "%-21s" % "#{self.ip_saddr}:#{self.udp_sport}"
+			peek_data << "->"
+			peek_data << "%21s" % "#{self.ip_daddr}:#{self.udp_dport}"
+			peek_data << "%23s" % "I:"
+			peek_data << "%04x" % self.ip_id
+			peek_data.join
+		end
+
+	end
+
+end
+
+# vim: nowrap sw=2 sts=0 ts=2 ff=unix ft=ruby

data/lib/packetfu/utils.rb

@@ -0,0 +1,182 @@
+require 'singleton'
+module PacketFu
+
+	# Utils is a collection of various and sundry network utilities that are useful for packet
+	# manipulation.
+	class Utils
+
+		# Returns the MAC address of an IP address, or nil if it's not responsive to arp. Takes
+		# a dotted-octect notation of the target IP address, as well as a number of parameters:
+		#
+		# === Parameters
+		#   :eth_saddr
+		#    Source MAC address. Defaults to "00:00:00:00:00:00".
+		#   :ip_saddr
+		#    Source IP address. Defaults to "0.0.0.0"
+		#   :flavor
+		#    The flavor of the ARP request. Defaults to :none.
+		#   :timeout
+		#    Timeout in seconds. Defaults to 3.
+		#
+		#  === Example
+		#    PacketFu::Utils::arp("192.168.1.1") #=> "00:18:39:01:33:70"
+		#    PacketFu::Utils::arp("192.168.1.1", :timeout => 5, :flavor => :hp_deskjet)
+		#  
+		#  === Warning
+		#  
+		#  It goes without saying, spewing forged ARP packets on your network is a great way to really
+		#  irritate your co-workers.
+		def self.arp(target_ip,args={})
+			arp_pkt = PacketFu::ARPPacket.new(:flavor => (args[:flavor] || :none))
+			arp_pkt.eth_saddr = arp_pkt.arp_saddr_mac = (args[:eth_saddr] || ($packetfu_default.config[:eth_saddr] if $packetfu_default) || "00:00:00:00:00:00" )
+			arp_pkt.eth_daddr = "ff:ff:ff:ff:ff:ff"
+			arp_pkt.arp_daddr_mac = "00:00:00:00:00:00"
+			arp_pkt.arp_saddr_ip = (args[:ip_saddr] || ($packetfu_default.config[:ip_saddr] if $packetfu_default) || "0.0.0.0")
+			arp_pkt.arp_daddr_ip = target_ip 
+			iface = (args[:iface] || ($packetfu_default.iface if $packetfu_default) || "eth0")
+			# Stick the Capture object in its own thread.
+			cap_thread = Thread.new do
+				target_mac = nil
+				cap = PacketFu::Capture.new(:iface => iface, :start => true, 
+				:filter => "arp src #{target_ip} and ether dst #{arp_pkt.eth_saddr}")
+				arp_pkt.to_w(iface) # Shorthand for sending single packets to the default interface.
+				timeout = 0
+				while target_mac.nil? && timeout <= (args[:timeout] || 3)
+					if cap.save > 0
+						arp_response = PacketFu::Packet.parse(cap.array[0])
+						target_mac = arp_response.arp_saddr_mac if arp_response.arp_saddr_ip = target_ip
+					end
+					timeout += 0.1
+					sleep 0.1 # Check for a response ten times per second.
+				end
+				target_mac
+			end # cap_thread
+			cap_thread.value
+		end
+
+		# Discovers the local IP and Ethernet address, which is useful for writing
+		# packets you expect to get a response to. Note, this is a noisy
+		# operation; a UDP packet is generated and dropped on to the default (or named)
+		# interface, and then captured (which means you need to be root to do this).
+		#
+		# whoami? returns a hash of :eth_saddr, :eth_src, :ip_saddr, :ip_src,
+		# :eth_dst, and :eth_daddr (the last two are usually suitable for a
+		# gateway mac address). It's most useful as an argument to PacketFu::Config.new.
+		#
+		# === Parameters
+		#   :iface => "eth0"
+		#    An interface to listen for packets on. Note that since we rely on the OS to send the probe packet,
+		#    you will need to specify a target which will use this interface.
+		#   :target => "1.2.3.4"
+		#    A target IP address. By default, a packet will be sent to a random address in the 177/8 network.
+		#    Since this network is IANA reserved (for now), this network should be handled by your default gateway
+		#    and default interface.
+		def self.whoami?(args={})
+			if args[:iface] =~ /^lo/ # Linux loopback more or less. Need a switch for windows loopback, too.
+				dst_host = "127.0.0.1"
+			else
+				dst_host = (args[:target] || IPAddr.new((rand(16777216) + 2969567232), Socket::AF_INET).to_s)
+			end
+
+			dst_port = rand(0xffff-1024)+1024
+			msg = "PacketFu whoami? packet #{(Time.now.to_i + rand(0xffffff)+1)}"
+			cap = PacketFu::Capture.new(:iface => (args[:iface] || ENV['IFACE'] || Pcap.lookupdev || "lo" ), :start => true, :filter => "udp and dst host #{dst_host} and dst port #{dst_port}")
+			UDPSocket.open.send(msg,0,dst_host,dst_port)
+			cap.save
+			pkt = Packet.parse(cap.array[0]) unless cap.save.zero?
+			timeout = 0
+			while timeout < 1 # Sometimes packet generation can be a little pokey.
+				if pkt
+					timeout = 1.1 # Cancel the timeout
+					if pkt.payload == msg
+					my_data =	{
+						:iface => args[:iface] || ENV['IFACE'] || Pcap.lookupdev || "lo",
+						:pcapfile => args[:pcapfile] || "/tmp/out.pcap",
+						:eth_saddr => pkt.eth_saddr,
+						:eth_src => pkt.eth_src.to_s,
+						:ip_saddr => pkt.ip_saddr,
+						:ip_src => pkt.ip_src.to_s,
+						:eth_dst => pkt.eth_dst.to_s,
+						:eth_daddr => pkt.eth_daddr
+					}
+					else raise SecurityError, 
+						"whoami() packet doesn't match sent data. Something fishy's going on."
+					end
+				else
+					sleep 0.1; timeout += 0.1
+					cap.save
+					pkt = Packet.parse(cap.array[0]) unless cap.save.zero?
+				end
+				raise SocketError, "Didn't receive the whomi() packet." if !pkt
+				cap = nil
+			end
+			my_data
+		end
+
+		# This is a brute-force approach at trying to find a suitable interface with an IP address.
+		def self.lookupdev
+			# XXX cycle through eth0-9 and wlan0-9, and if a cap start throws a RuntimeErorr (and we're
+			# root), it's not a good interface. Boy, really ought to fix lookupdev directly with another
+			# method that returns an array rather than just the first candidate.
+		end
+
+		# Handles ifconfig for various (okay, one) platforms. Mac guys, fix this and submit a patch! 
+		# Will have Windows done shortly.
+		#
+		# Takes an argument (either string or symbol) of the interface to look up, and 
+		# returns a hash which contains at least the :iface element, and if configured, 
+		# these additional elements:
+		#
+		#   :eth_saddr  # A human readable MAC address
+		#   :eth_src    # A packed MAC address
+		#   :ip_saddr   # A dotted-quad string IPv4 address
+		#   :ip_src     # A packed IPv4 address
+		#   :ip4_obj    # An IPAddr object with bitmask
+		#   :ip6_saddr  # A colon-delimited hex IPv6 address, with bitmask
+		#   :ip6_obj    # An IPAddr object with bitmask
+		#
+		# === Example
+		#   PacketFu::Utils.ifconfig :wlan0 # Not associated yet
+		#   #=> {:eth_saddr=>"00:1d:e0:73:9d:ff", :eth_src=>"\000\035\340s\235\377", :iface=>"wlan0"}
+		#   PacketFu::Utils.ifconfig("eth0") # Takes 'eth0' as default
+		#   #=> {:eth_saddr=>"00:1c:23:35:70:3b", :eth_src=>"\000\034#5p;", :ip_saddr=>"10.10.10.9", :ip4_obj=>#<IPAddr: IPv4:10.10.10.0/255.255.254.0>, :ip_src=>"\n\n\n\t", :iface=>"eth0", :ip6_saddr=>"fe80::21c:23ff:fe35:703b/64", :ip6_obj=>#<IPAddr: IPv6:fe80:0000:0000:0000:0000:0000:0000:0000/ffff:ffff:ffff:ffff:0000:0000:0000:0000>}  
+		#   PacketFu::Utils.ifconfig :lo
+		#   #=> {:ip_saddr=>"127.0.0.1", :ip4_obj=>#<IPAddr: IPv4:127.0.0.0/255.0.0.0>, :ip_src=>"\177\000\000\001", :iface=>"lo", :ip6_saddr=>"::1/128", :ip6_obj=>#<IPAddr: IPv6:0000:0000:0000:0000:0000:0000:0000:0001/ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff>}
+		def self.ifconfig(iface='eth0')
+			ret = {}
+			iface = iface.to_s.scan(/[0-9A-Za-z]/).join # Sanitizing input, no spaces, semicolons, etc.
+			case RUBY_PLATFORM
+			when /linux/i
+				ifconfig_data = %x[ifconfig #{iface}]
+				if ifconfig_data =~ /#{iface}/i
+					ifconfig_data = ifconfig_data.split(/[\s]*\n[\s]*/)
+				else
+					raise ArgumentError, "Cannot ifconfig #{iface}"
+				end
+				real_iface = ifconfig_data.first
+				ret[:iface] = real_iface.split.first.downcase
+				if real_iface =~ /[\s]HWaddr[\s]+([0-9a-fA-F:]{17})/i
+					ret[:eth_saddr] = $1.downcase
+					ret[:eth_src] = EthHeader.mac2str(ret[:eth_saddr])
+				end
+				ifconfig_data.each do |s|
+					case s
+					when /inet addr:[\s]*([0-9]+\.[0-9]+\.[0-9]+\.[0-9])(.*Mask:([0-9]+\.[0-9]+\.[0-9]+\.[0-9]))?/i
+						ret[:ip_saddr] = $1
+						ret[:ip_src] = [IPAddr.new($1).to_i].pack("N")
+						ret[:ip4_obj] = IPAddr.new($1)
+						ret[:ip4_obj] = ret[:ip4_obj].mask($3) if $3
+					when /inet6 addr:[\s]*([0-9a-fA-F:\x2f]+)/
+						ret[:ip6_saddr] = $1
+						ret[:ip6_obj] = IPAddr.new($1)
+					end
+				end
+			end # linux 
+			ret
+		end
+
+	end
+
+end
+
+# vim: nowrap sw=2 sts=0 ts=2 ff=unix ft=ruby

data/test/all_tests.rb

@@ -0,0 +1,37 @@
+#!/usr/bin/env ruby
+#
+# This test suite passes on:
+#   ruby-1.8.6-p399 [ x86_64 ]
+#   ruby-1.8.7-p174 [ x86_64 ]
+#   ruby-1.8.7-p249 [ x86_64 ]
+#   ruby-1.9.1-p378 [ x86_64 ]
+# PacketFu (but not pcaprub) passes on:
+#   ruby-1.9.2-head [ x86_64 ]
+
+require 'test/unit'
+$: << File.expand_path(File.dirname(__FILE__) + "/../lib/")
+require 'packetfu'
+
+#Note that the Ruby stock unit tester runs this all out
+#of order, does funny things with class variables, etc.
+
+require 'test_structfu'
+require 'test_pcap'
+require 'test_invalid'
+require 'test_eth' # Creates eth_test.pcap
+require 'test_octets'
+require 'test_packet'
+require 'test_arp' # Creates arp_test.pcap
+require 'test_ip' # Creates ip_test.pcap
+require 'test_icmp' # Creates icmp_test.pcap
+require 'test_udp' # Creates udp_test.pcap
+require 'test_tcp'
+require 'test_ip6'
+
+if Process.euid.zero? 
+	require 'test_inject'
+else
+	$stderr.puts "** WARNING ** test_inject not tested, needs root access."
+end
+
+# vim: nowrap sw=2 sts=0 ts=2 ff=unix ft=ruby

data/test/ptest.rb

@@ -0,0 +1,10 @@
+#!/usr/bin/env ruby
+$:.unshift File.expand_path(File.dirname(__FILE__) + "/../lib/")
+require 'pcaprub'
+require 'packetfu'
+include PacketFu
+
+puts Pcap.lookupdev
+# vim: nowrap sw=2 sts=0 ts=2 ff=unix ft=ruby
+
+

data/test/test_arp.rb

@@ -0,0 +1,135 @@
+#!/usr/bin/env ruby
+require 'test/unit'
+$: << File.expand_path(File.dirname(__FILE__) + "/../lib/")
+require 'packetfu'
+class ArpTest < Test::Unit::TestCase
+	include PacketFu
+
+	def test_arp_header
+		a = ARPHeader.new
+		assert_kind_of ARPHeader, a 
+		assert_kind_of StructFu::Int16, a[:arp_hw]
+		assert_kind_of Fixnum, a.arp_hw
+		assert_kind_of Octets, a[:arp_src_ip]
+		assert_kind_of String, a.arp_src_ip
+		assert_kind_of EthMac, a[:arp_dst_mac]
+		assert_kind_of String, a.arp_dst_mac
+		assert_kind_of StructFu::String, a.body 
+	end
+
+	def test_read_header
+		a = ARPHeader.new
+		sample_arp = "000108000604000200032f1a74dec0a80102001b1151b7cec0a80169"
+		sample_arp = sample_arp.scan(/../).map {|x| x.to_i(16)}.pack("C*")
+		a.read(sample_arp)
+		assert_equal(sample_arp, a.to_s)
+		assert_equal("192.168.1.105", a.arp_daddr_ip)
+		assert_equal("192.168.1.2", a.arp_saddr_ip)
+		assert_equal("00:1b:11:51:b7:ce", a.arp_daddr_mac)
+		assert_equal("00:03:2f:1a:74:de", a.arp_saddr_mac)
+	end
+
+	def test_arp_read
+		a = ARPPacket.new
+		sample_arp = "001b1151b7ce00032f1a74de0806000108000604000200032f1a74dec0a80102001b1151b7cec0a80169c0a80169"
+		sample_arp = sample_arp.scan(/../).map {|x| x.to_i(16)}.pack("C*")
+		a.read(sample_arp)
+		assert_equal(sample_arp, a.to_s)
+	end
+
+	def test_write_ip
+		a = ARPPacket.new
+		a.arp_saddr_ip="1.2.3.4"
+		a.arp_daddr_ip="5.6.7.8"
+		assert_equal("1.2.3.4",a.arp_saddr_ip)
+		assert_equal("5.6.7.8",a.arp_daddr_ip)
+		assert_equal("\x01\x02\x03\x04",a.arp_src_ip)
+		assert_equal("\x05\x06\x07\x08",a.arp_dst_ip)
+	end
+
+	def test_write_mac
+		a = ARPPacket.new
+		a.arp_saddr_mac = "00:01:02:03:04:05"
+		a.arp_daddr_mac = "00:06:07:08:09:0a"
+		assert_equal("00:01:02:03:04:05",a.arp_saddr_mac)
+		assert_equal("00:06:07:08:09:0a",a.arp_daddr_mac)
+		assert_equal("\x00\x01\x02\x03\x04\x05",a.arp_src_mac)
+		assert_equal("\x00\x06\x07\x08\x09\x0a",a.arp_dst_mac)
+	end
+
+	def test_arp_flavors
+		a = ARPPacket.new(:flavor => "Windows")
+		assert_equal("\x00" * 64, a.payload)
+		a = ARPPacket.new(:flavor => "Linux")
+		assert_equal(32, a.payload.size)
+		a = ARPPacket.new(:flavor => :hp_deskjet)
+		assert_equal(18, a.payload.size)
+		a = ARPPacket.new
+		assert_equal("\x00" * 18, a.payload)
+	end
+
+	def test_arp_create
+		sample_arp = "000108000604000200032f1a74dec0a80102001b1151b7cec0a80169"
+		sample_arp = sample_arp.scan(/../).map {|x| x.to_i(16)}.pack("C*")
+		a = ARPPacket.new
+		assert_kind_of ARPPacket, a
+		a.arp_hw = 1
+		a.arp_proto = 0x0800
+		a.arp_hw_len = 6
+		a.arp_proto_len = 4 
+		a.arp_opcode = 2
+		a.arp_src_mac = "\x00\x03\x2f\x1a\x74\xde"
+		a.arp_src_ip = "\xc0\xa8\x01\x02"
+		a.arp_dst_mac = "\x00\x1b\x11\x51\xb7\xce"
+		a.arp_dst_ip = "\xc0\xa8\x01\x69"
+		a.payload = ""
+		assert_equal(sample_arp,a.to_s[14,0xffff])
+	end
+
+	def test_arp_new
+		sample_arp = "000108000604000200032f1a74dec0a80102001b1151b7cec0a80169c0a80169"
+		sample_arp = sample_arp.scan(/../).map {|x| x.to_i(16)}.pack("C*")
+		arp = ARPPacket.new(:arp_hw => 1, :arp_proto => 0x0800,
+											 :arp_opcode => 2, :arp_src_ip => "\xc0\xa8\x01\x02")
+		assert_kind_of ARPPacket, arp
+		arp.arp_hw_len = 6
+		arp.arp_proto_len = 4 
+		arp.arp_src_mac = "\x00\x03\x2f\x1a\x74\xde"
+		arp.arp_dst_mac = "\x00\x1b\x11\x51\xb7\xce"
+		arp.arp_dst_ip = "\xc0\xa8\x01\x69"
+		arp.payload = "\xc0\xa8\x01\x69"
+		assert_equal(sample_arp,arp.to_s[14,0xffff])
+	end
+
+	def test_arp_peek
+		a = ARPPacket.new
+		puts "\n"
+		puts "ARP Peek format: "
+		puts a.peek
+		puts "\n"
+		assert_equal(66,a.peek.size)
+	end
+
+	def test_arp_pcap
+		a = ARPPacket.new
+		assert_kind_of ARPPacket, a
+		a.to_f('arp_test.pcap','w')
+		a.arp_hw = 1
+		a.arp_proto = 0x0800
+		a.arp_hw_len = 6
+		a.arp_proto_len = 4 
+		a.arp_opcode = 2
+		a.arp_src_mac = "\x00\x03\x2f\x1a\x74\xde"
+		a.arp_src_ip = "\xc0\xa8\x01\x02"
+		a.arp_dst_mac = "\x00\x1b\x11\x51\xb7\xce"
+		a.arp_dst_ip = "\xc0\xa8\x01\x69"
+		a.payload = ""
+		a.eth_daddr = "00:1b:11:51:b7:ce"
+		a.eth_saddr = "00:03:2f:1a:74:de"
+		a.to_f('arp_test.pcap','a')
+	end
+	
+end
+
+
+# vim: nowrap sw=2 sts=0 ts=2 ff=unix ft=ruby