RubyGems - packetfu - Versions diffs - 1.1.1 → 1.1.2 - Mend

packetfu 1.1.1 → 1.1.2

Files changed (71) hide show

data/{README → README.rdoc} +2 -2
metadata +58 -94
data/INSTALL +0 -40
data/LICENSE +0 -28
data/examples/100kpackets.rb +0 -41
data/examples/ackscan.rb +0 -38
data/examples/arp.rb +0 -60
data/examples/arphood.rb +0 -59
data/examples/dissect_thinger.rb +0 -22
data/examples/ethernet.rb +0 -10
data/examples/examples.rb +0 -3
data/examples/ids.rb +0 -4
data/examples/idsv2.rb +0 -6
data/examples/new-simple-stats.rb +0 -52
data/examples/oui.txt +0 -84177
data/examples/packetfu-shell.rb +0 -113
data/examples/simple-sniffer.rb +0 -40
data/examples/simple-stats.rb +0 -50
data/examples/slammer.rb +0 -33
data/examples/uniqpcap.rb +0 -15
data/lib/packetfu.rb +0 -147
data/lib/packetfu/capture.rb +0 -169
data/lib/packetfu/config.rb +0 -58
data/lib/packetfu/inject.rb +0 -65
data/lib/packetfu/packet.rb +0 -533
data/lib/packetfu/pcap.rb +0 -594
data/lib/packetfu/protos/arp.rb +0 -268
data/lib/packetfu/protos/eth.rb +0 -296
data/lib/packetfu/protos/hsrp.rb +0 -206
data/lib/packetfu/protos/icmp.rb +0 -179
data/lib/packetfu/protos/invalid.rb +0 -55
data/lib/packetfu/protos/ip.rb +0 -378
data/lib/packetfu/protos/ipv6.rb +0 -250
data/lib/packetfu/protos/tcp.rb +0 -1127
data/lib/packetfu/protos/udp.rb +0 -240
data/lib/packetfu/structfu.rb +0 -294
data/lib/packetfu/utils.rb +0 -194
data/lib/packetfu/version.rb +0 -50
data/test/all_tests.rb +0 -41
data/test/arp_test.pcap +0 -0
data/test/eth_test.pcap +0 -0
data/test/ethpacket_spec.rb +0 -74
data/test/icmp_test.pcap +0 -0
data/test/ip_test.pcap +0 -0
data/test/packet_spec.rb +0 -73
data/test/packet_subclasses_spec.rb +0 -13
data/test/packetfu_spec.rb +0 -90
data/test/ptest.rb +0 -16
data/test/sample-ipv6.pcap +0 -0
data/test/sample.pcap +0 -0
data/test/sample2.pcap +0 -0
data/test/sample_hsrp_pcapr.cap +0 -0
data/test/structfu_spec.rb +0 -335
data/test/tcp_spec.rb +0 -101
data/test/tcp_test.pcap +0 -0
data/test/test_arp.rb +0 -135
data/test/test_eth.rb +0 -91
data/test/test_hsrp.rb +0 -20
data/test/test_icmp.rb +0 -54
data/test/test_inject.rb +0 -31
data/test/test_invalid.rb +0 -28
data/test/test_ip.rb +0 -69
data/test/test_ip6.rb +0 -68
data/test/test_octets.rb +0 -37
data/test/test_packet.rb +0 -174
data/test/test_pcap.rb +0 -209
data/test/test_structfu.rb +0 -112
data/test/test_tcp.rb +0 -327
data/test/test_udp.rb +0 -73
data/test/udp_test.pcap +0 -0
data/test/vlan-pcapr.cap +0 -0

data/test/test_structfu.rb DELETED Viewed

@@ -1,112 +0,0 @@
-#!/usr/bin/env ruby
-require 'test/unit'
-$:.unshift File.join(File.expand_path(File.dirname(__FILE__)), "..", "lib")
-require 'packetfu'
-# Whee unit testing.
-class IntStringTest < Test::Unit::TestCase
-	include StructFu
-	def test_intstring_len
-		s = IntString.new("hello!", Int32)
-		assert_equal(s.len, s.int.v)
-		assert_not_equal(s.len, s.length)
-		s.len=10
-		assert_equal(s.len, s[:int][:value])
-	end
-	def test_intstring_to_s
-		s = IntString.new("hello!", Int16)
-		assert_equal("\x00\x06hello!",s.to_s)
-		s.len=10
-		assert_equal("\x00\x0ahello!",s.to_s)
-		s = IntString.new("hello!", Int16, :parse)
-		s.len=10
-		assert_equal("\x00\x0ahello!\x00\x00\x00\x00",s.to_s)
-		s = IntString.new("hello!", Int16, :fix)
-		s.len=10
-		assert_equal("\x00\x06hello!",s.to_s)
-	end
-	def test_intstring_new
-		assert_equal("\x06Hello!",IntString.new("Hello!").to_s)
-		assert_equal("\x00\x06Hello!",IntString.new("Hello!",Int16).to_s)
-		assert_equal("\x06\x00\x00\x00Hello!",IntString.new("Hello!",Int32le).to_s)
-	end
-	def test_intstring_read
-		s = IntString.new
-		s.read("\x06Hello!")
-		assert_equal("Hello!", s.string)
-		assert_equal("Hello!", s[:string])
-		assert_equal(6, s.int.value)
-		assert_equal(6, s.len)
-	end
-	def test_intstring_parse
-		s = IntString.new
-		s[:mode] = :parse
-		s.parse("\x02Hello!")
-		assert_equal("He", s.string)
-		assert_equal(2, s.int.v)
-		s.parse("\x0aHello!")
-		assert_equal("Hello!\x00\x00\x00\x00", s.string)
-		s[:mode] = :fix
-		s.parse("\x0aHello!")
-		assert_equal("Hello!", s.string)
-	end
-	def test_intstring_nocalc
-		s = IntString.new
-		s[:string] = "Hello"
-		assert_equal(0,s.int.value)
-	end
-end
-class IntTest < Test::Unit::TestCase
-	include StructFu
-	def test_int_to_s
-		assert_equal("\x02",Int8.new(2).to_s)
-		assert_equal("\x00\x07",Int16.new(7).to_s)
-		assert_equal("\x00\x00\x00\x0a",Int32.new(10).to_s)
-	end
-	def test_int_big
-		assert_equal("\x00\x07",Int16be.new(7).to_s)
-		assert_equal("\x00\x00\x00\x0a",Int32be.new(10).to_s)
-	end
-	def test_int_little
-		assert_equal("\x07\x00",Int16le.new(7).to_s)
-		assert_equal("\x01\x04\x00\x00",Int32le.new(1025).to_s)
-	end
-	def test_read
-		assert_equal(7,Int16.new.read("\x00\x07").to_i)
-		assert_equal(Int32.new.read("\x00\x00\x00\x0a").to_i,10)
-		i = Int32.new
-		i.read("\x00\x00\x00\xff")
-		assert_equal(i.v, 255)
-		assert_equal(7, Int16le.new.read("\x07\x00").to_i)
-		assert_equal(1025,Int32le.new.read("\x01\x04\x00\x00").to_i)
-		i = Int32le.new
-		i.read("\xff\x00\x00\x00")
-		assert_equal(i.v, 255)
-	end
-	def test_int_compare
-		little = Int32le.new
-		big = Int32be.new
-		little.v = 128
-		big.v = 0x80
-		assert_not_equal(little.to_s, big.to_s)
-		assert_equal(little.v, big.v)
-		assert_equal(little[:value], big[:value])
-		assert_equal(little.value, big.value)
-	end
-end
-# vim: nowrap sw=2 sts=0 ts=2 ff=unix ft=ruby

data/test/test_tcp.rb DELETED Viewed

@@ -1,327 +0,0 @@
-#!/usr/bin/env ruby
-require 'test/unit'
-$:.unshift File.join(File.expand_path(File.dirname(__FILE__)), "..", "lib")
-require 'packetfu'
-class String
-	def bin
-		self.scan(/../).map {|x| x.to_i(16).chr}.join
-	end
-end
-class TcpEcnTest < Test::Unit::TestCase
-	include PacketFu
-	def test_ecn_set
-		t = TcpEcn.new
-		assert_kind_of TcpEcn, t
-		assert_equal(0, t.to_i)
-		t.n = 1
-		assert_equal(4, t.to_i)
-		t.c = 1
-		assert_equal(6, t.to_i)
-		t.e = 1
-		assert_equal(7, t.to_i)
-	end
-	def test_ecn_read
-		t = TcpEcn.new
-		assert_kind_of TcpEcn, t
-		t.read("\x30\xc0")
-		assert_equal(0, t.n)
-		assert_equal(1, t.c)
-		assert_equal(1, t.e)
-		t.read("\xa3\x38")
-		assert_equal(1, t.n)
-		assert_equal(0, t.c)
-		assert_equal(0, t.e)
-	end
-	def test_hlen_set
-		t = TcpHlen.new
-		assert_kind_of TcpHlen, t
-		assert_equal(0, t.to_i)
-		t.hlen = 10
-		assert_equal(10, t.to_i)
-	end
-	def test_hlen_read
-		t = TcpHlen.new
-		t.read("\xa0")
-		assert_equal(10, t.to_i)
-	end
-	def test_reserved_set
-		t = TcpReserved.new
-		assert_kind_of TcpReserved, t
-		assert_equal(0, t.to_i)
-		t.r1 = 1
-		assert_equal(4, t.to_i)
-		t.r2 = 1
-		assert_equal(6, t.to_i)
-		t.r3 = 1
-		assert_equal(7, t.to_i)
-	end
-	def test_reserved_read
-		t = TcpReserved.new
-		t.read("\xa0")
-		assert_equal(0, t.to_i)
-	end
-end
-class TcpFlagsTest < Test::Unit::TestCase
-	include PacketFu
-	def test_tcp_flags_set
-		t = TcpFlags.new
-		assert_kind_of TcpFlags, t
-		t.fin = 1
-		t.ack = 1
-		assert_equal(0x11, t.to_i)
-		t.fin = 0
-		t.syn = 1
-		assert_equal(0x12, t.to_i)
-	end
-	def test_tcp_flags_read
-		t = TcpFlags.new
-		t.read("\x11")
-		assert_equal(1, t.fin)
-		assert_equal(1, t.ack)
-		t.read("\xa6")
-		assert_equal(1, t.urg)
-		assert_equal(1, t.rst)
-		assert_equal(1, t.syn)
-		assert_equal(0, t.psh)
-		assert_equal(0, t.ack)
-		assert_equal(0, t.fin)
-	end
-end
-class TcpOptionsTest < Test::Unit::TestCase
-	include PacketFu
-	def test_tcp_option
-		t = TcpOption.new
-		assert_equal("\x00", t.to_s)
-		t = TcpOption.new(:kind => 2, :optlen => 4, :value => 1024)
-		assert_equal("\x02\x04\x04\x00", t.to_s)
-		t = TcpOption.new(:kind => 0xf0, :optlen => 6, :value => 1024)
-		assert_equal("\xf0\x06\x00\x00\x04\x00", t.to_s)
-		t = TcpOption.new(:kind => 0xf0, :optlen => 6, :value => "1024")
-		assert_equal("\xf0\x061024", t.to_s)
-		t = TcpOption.new(:kind => 0xf0, :optlen => 6, :value => nil)
-		assert_equal("\xf0\x06", t.to_s)
-		t = TcpOption.new(:kind => 0xf1, :optlen => 10, :value => "a1b2c3d4e5")
-		assert_equal("\xf1\x0aa1b2c3d4e5", t.to_s)
-	end
-	def test_eol
-		t = TcpOption::EOL.new
-		assert_equal("\x00", t.to_s)
-		assert_equal(0, t.kind.to_i)
-		assert_equal(0, t.kind.value)
-		assert_equal(nil, t.optlen.value)
-		assert_equal("", t.value)
-		assert_equal("EOL",t.decode)
-	end
-	def test_nop
-		t = TcpOption::NOP.new
-		assert_equal("\x01", t.to_s)
-		assert_equal("NOP",t.decode)
-	end
-	def test_mss
-		t = TcpOption::MSS.new
-		t.read("\x02\x04\x05\xb4")
-		assert_equal("MSS:1460",t.decode)
-		t = TcpOption::MSS.new(:value => 1460)
-		assert_equal("\x02\x04\x05\xb4", t.to_s)
-		assert_equal("MSS:1460",t.decode)
-	end
-	def test_sack
-		t = TcpOption::SACKOK.new
-		assert_equal("\x04\x02", t.to_s)
-		assert_equal("SACKOK",t.decode)
-	end
-	def test_sackok
-		t = TcpOption::SACK.new
-		assert_equal("\x05\x02", t.to_s)
-		assert_equal("SACK:",t.decode)
-		t = TcpOption::SACK.new(:value => "ABCD")
-		assert_equal("\x05\x06\x41\x42\x43\x44", t.to_s)
-		assert_equal("SACK:ABCD",t.decode)
-		t = TcpOptions.new
-		t.encode("SACK:ABCD,NOP,NOP") # Testing the variable optlen
-		assert_equal("SACK:ABCD,NOP,NOP",t.decode)
-	end
-	def test_echo
-		t = TcpOption::ECHO.new(:value => "ABCD")
-		assert_equal("\x06\x06\x41\x42\x43\x44", t.to_s)
-		assert_equal("ECHO:ABCD",t.decode)
-		t = TcpOption::ECHO.new
-		t.read("\x06\x06\x41\x42\x43\x44")
-		assert_equal("ECHO:ABCD",t.decode)
-	end
-	def test_echoreply
-		t = TcpOption::ECHOREPLY.new(:value => "ABCD")
-		assert_equal("\x07\x06\x41\x42\x43\x44", t.to_s)
-		assert_equal("ECHOREPLY:ABCD",t.decode)
-		t = TcpOption::ECHOREPLY.new
-		t.read("\x07\x06\x41\x42\x43\x44")
-		assert_equal("ECHOREPLY:ABCD",t.decode)
-	end
-	def test_tsopt
-		t = TcpOption::TS.new
-		assert_equal("\x08\x0a\x00\x00\x00\x00\x00\x00\x00\x00", t.to_s)
-		assert_equal("TS:0;0",t.decode)
-	end
-	def test_tcpoptions
-		opt_string = "0101080a002af12c12ef0d57".bin
-		t = TcpOptions.new
-		t.read opt_string
-		assert_equal("NOP,NOP,TS:2814252;317656407", t.decode)
-		assert_equal(opt_string, t.to_s)
-		opt_string = "020405b40402080a002af1120000000001030306".bin
-		t = TcpOptions.new
-		t.read opt_string
-		assert_equal("MSS:1460,SACKOK,TS:2814226;0,NOP,WS:6", t.decode)
-	end
-	def test_tcpoptions_encode
-		opt_string = "mss:1460,sackok,ts:2814226;0,nop,ws:6"
-		t = TcpOptions.new
-		t.encode opt_string
-		assert_equal(opt_string.upcase, t.decode)
-		assert_kind_of(StructFu::Int8,t[0].kind)
-		assert_kind_of(StructFu::Int8,t[0].optlen)
-		assert_kind_of(StructFu::Int16,t[0].value)
-		assert_equal("\x02\x04\x05\xb4", t[0].to_s)
-		assert_equal("\x08\x0a\x00\x2a\xf1\x12\x00\x00\x00\x00", t[2].to_s)
-	end
-end
-class TcpHeaderTest < Test::Unit::TestCase
-	include PacketFu
-	def test_header_new
-		t = TCPHeader.new
-		assert_kind_of TCPHeader, t
-		assert_equal 20, t.sz
-		assert_equal 13, t.size
-	end
-	def test_header_read
-		t = TCPHeader.new
-		str = "da920050c9fd6d2b2f54cc2f8018005c74de00000101080a002af11e12ef0d4a".bin
-		str << "474554202f20485454502f312e310d0a557365722d4167656e743a206375726c2f372e31382e322028693438362d70632d6c696e75782d676e7529206c69626375726c2f372e31382e32204f70656e53534c2f302e392e3867207a6c69622f312e322e332e33206c696269646e2f312e31300d0a486f73743a207777772e706c616e622d73656375726974792e6e65740d0a4163636570743a202a2f2a0d0a0d0a".bin
-		t.read str
-		assert_equal 55954, t.tcp_sport
-		assert_equal 80, t.tcp_dport
-		assert_equal 3388828971, t.tcp_seq
-		assert_equal 794086447, t.tcp_ack
-		assert_equal 8, t.tcp_hlen
-		assert_equal 0, t.tcp_reserved
-		assert_equal 0, t.tcp_ecn
-		assert_equal 1, t.tcp_flags.psh
-		assert_equal 1, t.tcp_flags.ack
-		assert_equal 0, t.tcp_flags.syn
-		assert_equal 92, t.tcp_win
-		assert_equal 0x74de, t.tcp_sum
-		assert_equal "NOP,NOP,TS:2814238;317656394", t.tcp_options
-		assert_equal "GET /", t.body[0,5]
-		assert_equal "*\x0d\x0a\x0d\x0a", t.body[-5,5]
-	end
-end
-class TCPPacketTest < Test::Unit::TestCase
-	include PacketFu
-	def test_tcp_peek
-		t = TCPPacket.new
-		t.ip_saddr = "10.20.30.40"
-		t.ip_daddr = "50.60.70.80"
-		t.tcp_src = 55954
-		t.tcp_dport = 80
-		t.tcp_flags.syn = 1
-		t.tcp_flags.ack = true
-		t.payload = "GET / HTTP/1.1\x0d\x0aHost: 50.60.70.80\x0d\x0a\x0d\x0a"
-		t.recalc
-		puts "\n"
-		puts "TCP Peek format: "
-		puts t.peek
-		assert (t.peek.size <= 80)
-	end
-	def test_tcp_pcap
-		t = TCPPacket.new
-		assert_kind_of TCPPacket, t
-		t.recalc
-		t.to_f('tcp_test.pcap','a')
-		t.recalc
-		#t.to_f('tcp_test.pcap','a')
-		t.ip_saddr = "10.20.30.40"
-		t.ip_daddr = "50.60.70.80"
-		t.payload = "+some fakey-fake tcp packet"
-		t.tcp_sport = 1206
-		t.tcp_dst = 13013
-		t.tcp_flags.syn = 1
-		t.tcp_flags.ack = true
-		t.tcp_flags.psh = false
-		t.recalc
-		#t.to_f('tcp_test.pcap','a')
-	end
-	def test_tcp_read
-		sample_packet = PcapFile.new.file_to_array(:f => 'sample.pcap')[7]
-		pkt = Packet.parse(sample_packet)
-		assert_kind_of TCPPacket, pkt
-		assert_equal(0x5a73, pkt.tcp_sum)
-		pkt.to_f('tcp_test.pcap','a')
-	end
-	def test_tcp_alter
-		sample_packet = PcapFile.new.file_to_array(:f => 'sample2.pcap')[3]
-		pkt = Packet.parse(sample_packet)
-		assert_kind_of TCPPacket, pkt
-		pkt.tcp_sport = 13013
-		pkt.payload = pkt.payload.gsub(/planb/,"brandx")
-		pkt.recalc
-		pkt.to_f('tcp_test.pcap','a')
-	end
-end
-class TCPPacketTest < Test::Unit::TestCase
-	include PacketFu
-	def test_tcp_edit_opts
-		t = TCPPacket.new
-		assert_equal(0, t.tcp_options.size)
-		assert_equal(0, t.tcp_opts_len)
-		assert_equal(5, t.tcp_hlen)
-		t.tcp_options = "NOP,NOP,NOP,NOP"
-		assert_equal(4, t.tcp_opts_len)
-		t.recalc
-		assert_equal(6, t.tcp_hlen)
-	end
-end
-# vim: nowrap sw=2 sts=0 ts=2 ff=unix ft=ruby

data/test/test_udp.rb DELETED Viewed

@@ -1,73 +0,0 @@
-#!/usr/bin/env ruby
-require 'test/unit'
-$:.unshift File.join(File.expand_path(File.dirname(__FILE__)), "..", "lib")
-require 'packetfu'
-class UDPTest < Test::Unit::TestCase
-	include PacketFu
-	def test_udp_header_new
-		u = UDPHeader.new
-		assert_kind_of UDPHeader, u
-		assert_equal(8, u.to_s.size)
-		assert_equal("\x00\x00\x00\x00\x00\x08\x00\x00", u.to_s)
-	end
-	def test_udp_peek
-		u = UDPPacket.new
-		u.ip_saddr = "10.20.30.40"
-		u.ip_daddr = "50.60.70.80"
-		u.udp_src = 53
-		u.udp_dport = 1305
-		u.payload = "abcdefghijklmnopqrstuvwxyz"
-		u.recalc
-		puts "\n"
-		puts "UDP Peek format: "
-		puts u.peek
-		assert (u.peek.size <= 80)
-	end
-	def test_udp_pcap
-		u = UDPPacket.new
-		assert_kind_of UDPPacket, u
-		u.recalc
-		u.to_f('udp_test.pcap','a')
-		u.ip_saddr = "10.20.30.40"
-		u.ip_daddr = "50.60.70.80"
-		u.payload = "+some fakey-fake udp packet"
-		u.udp_src = 1205
-		u.udp_dst = 13013
-		u.recalc
-		u.to_f('udp_test.pcap','a')
-	end
-	def test_udp_read
-		sample_packet = PcapFile.new.file_to_array(:f => 'sample.pcap')[0]
-		pkt = Packet.parse(sample_packet)
-		assert_kind_of UDPPacket, pkt
-		assert_equal(0x8bf8, pkt.udp_sum.to_i)
-		pkt.to_f('udp_test.pcap','a')
-	end
-	def test_udp_checksum
-		sample_packet = PcapFile.new.file_to_array(:f => 'sample.pcap')[0]
-		pkt = Packet.parse(sample_packet)
-		assert_kind_of UDPPacket, pkt
-		pkt.recalc
-		assert_equal(0x8bf8, pkt.udp_sum.to_i)
-		pkt.to_f('udp_test.pcap','a')
-	end
-	def test_udp_alter
-		sample_packet = PcapFile.new.file_to_array(:f => 'sample.pcap')[0]
-		pkt = Packet.parse(sample_packet)
-		assert_kind_of UDPPacket, pkt
-		pkt.payload = pkt.payload.gsub(/metasploit/,"MeatPistol")
-		pkt.recalc
-		assert_equal(0x8341, pkt.udp_sum)
-		pkt.to_f('udp_test.pcap','a')
-	end
-end
-# vim: nowrap sw=2 sts=0 ts=2 ff=unix ft=ruby