packetfu 1.1.10 → 1.1.11
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- checksums.yaml.gz.sig +0 -0
- data.tar.gz.sig +2 -0
- data/.gitignore +3 -0
- data/.travis.yml +8 -0
- data/CONTRIBUTING.md +47 -0
- data/Gemfile +4 -0
- data/LICENSE.txt +1 -1
- data/README.rdoc +35 -30
- data/Rakefile +4 -4
- data/bench/octets.rb +9 -9
- data/examples/100kpackets.rb +12 -12
- data/examples/ackscan.rb +16 -16
- data/examples/arp.rb +35 -35
- data/examples/arphood.rb +36 -36
- data/examples/dissect_thinger.rb +6 -6
- data/examples/new-simple-stats.rb +23 -23
- data/examples/packetfu-shell.rb +25 -25
- data/examples/simple-sniffer.rb +9 -9
- data/examples/simple-stats.rb +23 -23
- data/examples/slammer.rb +3 -3
- data/gem-public_cert.pem +21 -0
- data/lib/packetfu.rb +149 -127
- data/lib/packetfu/capture.rb +169 -169
- data/lib/packetfu/config.rb +52 -52
- data/lib/packetfu/inject.rb +56 -56
- data/lib/packetfu/packet.rb +531 -528
- data/lib/packetfu/pcap.rb +579 -579
- data/lib/packetfu/protos/arp.rb +90 -90
- data/lib/packetfu/protos/arp/header.rb +158 -158
- data/lib/packetfu/protos/arp/mixin.rb +36 -36
- data/lib/packetfu/protos/eth.rb +44 -44
- data/lib/packetfu/protos/eth/header.rb +243 -243
- data/lib/packetfu/protos/eth/mixin.rb +3 -3
- data/lib/packetfu/protos/hsrp.rb +69 -69
- data/lib/packetfu/protos/hsrp/header.rb +107 -107
- data/lib/packetfu/protos/hsrp/mixin.rb +29 -29
- data/lib/packetfu/protos/icmp.rb +71 -71
- data/lib/packetfu/protos/icmp/header.rb +82 -82
- data/lib/packetfu/protos/icmp/mixin.rb +14 -14
- data/lib/packetfu/protos/invalid.rb +49 -49
- data/lib/packetfu/protos/ip.rb +69 -69
- data/lib/packetfu/protos/ip/header.rb +291 -291
- data/lib/packetfu/protos/ip/mixin.rb +40 -40
- data/lib/packetfu/protos/ipv6.rb +50 -50
- data/lib/packetfu/protos/ipv6/header.rb +188 -188
- data/lib/packetfu/protos/ipv6/mixin.rb +29 -29
- data/lib/packetfu/protos/tcp.rb +176 -176
- data/lib/packetfu/protos/tcp/ecn.rb +35 -35
- data/lib/packetfu/protos/tcp/flags.rb +74 -74
- data/lib/packetfu/protos/tcp/header.rb +268 -268
- data/lib/packetfu/protos/tcp/hlen.rb +32 -32
- data/lib/packetfu/protos/tcp/mixin.rb +46 -46
- data/lib/packetfu/protos/tcp/option.rb +321 -321
- data/lib/packetfu/protos/tcp/options.rb +95 -95
- data/lib/packetfu/protos/tcp/reserved.rb +35 -35
- data/lib/packetfu/protos/udp.rb +159 -123
- data/lib/packetfu/protos/udp/header.rb +91 -91
- data/lib/packetfu/protos/udp/mixin.rb +3 -3
- data/lib/packetfu/structfu.rb +280 -280
- data/lib/packetfu/utils.rb +292 -225
- data/lib/packetfu/version.rb +41 -41
- data/packetfu.gemspec +14 -3
- data/spec/arp_spec.rb +191 -0
- data/spec/eth_spec.rb +148 -0
- data/spec/icmp_spec.rb +97 -0
- data/spec/ip_spec.rb +78 -0
- data/spec/ipv6_spec.rb +81 -0
- data/spec/packet_spec.rb +61 -59
- data/spec/packet_subclasses_spec.rb +9 -10
- data/spec/packetfu_spec.rb +55 -62
- data/spec/sample3.pcap +0 -0
- data/spec/spec_helper.rb +44 -0
- data/spec/structfu_spec.rb +270 -271
- data/spec/tcp_spec.rb +76 -77
- data/spec/udp_spec.rb +32 -0
- data/spec/utils_spec.rb +95 -0
- data/test/all_tests.rb +14 -17
- data/test/func_lldp.rb +3 -3
- data/test/ptest.rb +2 -2
- data/test/test_capture.rb +45 -45
- data/test/test_eth.rb +70 -68
- data/test/test_hsrp.rb +9 -9
- data/test/test_inject.rb +18 -18
- data/test/test_invalid.rb +16 -16
- data/test/test_octets.rb +23 -21
- data/test/test_packet.rb +156 -154
- data/test/test_pcap.rb +172 -170
- data/test/test_structfu.rb +99 -97
- data/test/test_tcp.rb +322 -320
- data/test/test_udp.rb +78 -76
- metadata +108 -44
- metadata.gz.sig +2 -0
- data/spec/ethpacket_spec.rb +0 -74
- data/test/test_arp.rb +0 -135
- data/test/test_icmp.rb +0 -62
- data/test/test_ip.rb +0 -50
- data/test/test_ip6.rb +0 -68
data/test/test_arp.rb
DELETED
@@ -1,135 +0,0 @@
|
|
1
|
-
#!/usr/bin/env ruby
|
2
|
-
require 'test/unit'
|
3
|
-
$:.unshift File.join(File.expand_path(File.dirname(__FILE__)), "..", "lib")
|
4
|
-
require 'packetfu'
|
5
|
-
class ArpTest < Test::Unit::TestCase
|
6
|
-
include PacketFu
|
7
|
-
|
8
|
-
def test_arp_header
|
9
|
-
a = ARPHeader.new
|
10
|
-
assert_kind_of ARPHeader, a
|
11
|
-
assert_kind_of StructFu::Int16, a[:arp_hw]
|
12
|
-
assert_kind_of Fixnum, a.arp_hw
|
13
|
-
assert_kind_of Octets, a[:arp_src_ip]
|
14
|
-
assert_kind_of String, a.arp_src_ip
|
15
|
-
assert_kind_of EthMac, a[:arp_dst_mac]
|
16
|
-
assert_kind_of String, a.arp_dst_mac
|
17
|
-
assert_kind_of StructFu::String, a.body
|
18
|
-
end
|
19
|
-
|
20
|
-
def test_read_header
|
21
|
-
a = ARPHeader.new
|
22
|
-
sample_arp = "000108000604000200032f1a74dec0a80102001b1151b7cec0a80169"
|
23
|
-
sample_arp = sample_arp.scan(/../).map {|x| x.to_i(16)}.pack("C*")
|
24
|
-
a.read(sample_arp)
|
25
|
-
assert_equal(sample_arp, a.to_s)
|
26
|
-
assert_equal("192.168.1.105", a.arp_daddr_ip)
|
27
|
-
assert_equal("192.168.1.2", a.arp_saddr_ip)
|
28
|
-
assert_equal("00:1b:11:51:b7:ce", a.arp_daddr_mac)
|
29
|
-
assert_equal("00:03:2f:1a:74:de", a.arp_saddr_mac)
|
30
|
-
end
|
31
|
-
|
32
|
-
def test_arp_read
|
33
|
-
a = ARPPacket.new
|
34
|
-
sample_arp = "001b1151b7ce00032f1a74de0806000108000604000200032f1a74dec0a80102001b1151b7cec0a80169c0a80169"
|
35
|
-
sample_arp = sample_arp.scan(/../).map {|x| x.to_i(16)}.pack("C*")
|
36
|
-
a.read(sample_arp)
|
37
|
-
assert_equal(sample_arp, a.to_s)
|
38
|
-
end
|
39
|
-
|
40
|
-
def test_write_ip
|
41
|
-
a = ARPPacket.new
|
42
|
-
a.arp_saddr_ip="1.2.3.4"
|
43
|
-
a.arp_daddr_ip="5.6.7.8"
|
44
|
-
assert_equal("1.2.3.4",a.arp_saddr_ip)
|
45
|
-
assert_equal("5.6.7.8",a.arp_daddr_ip)
|
46
|
-
assert_equal("\x01\x02\x03\x04",a.arp_src_ip)
|
47
|
-
assert_equal("\x05\x06\x07\x08",a.arp_dst_ip)
|
48
|
-
end
|
49
|
-
|
50
|
-
def test_write_mac
|
51
|
-
a = ARPPacket.new
|
52
|
-
a.arp_saddr_mac = "00:01:02:03:04:05"
|
53
|
-
a.arp_daddr_mac = "00:06:07:08:09:0a"
|
54
|
-
assert_equal("00:01:02:03:04:05",a.arp_saddr_mac)
|
55
|
-
assert_equal("00:06:07:08:09:0a",a.arp_daddr_mac)
|
56
|
-
assert_equal("\x00\x01\x02\x03\x04\x05",a.arp_src_mac)
|
57
|
-
assert_equal("\x00\x06\x07\x08\x09\x0a",a.arp_dst_mac)
|
58
|
-
end
|
59
|
-
|
60
|
-
def test_arp_flavors
|
61
|
-
a = ARPPacket.new(:flavor => "Windows")
|
62
|
-
assert_equal("\x00" * 64, a.payload)
|
63
|
-
a = ARPPacket.new(:flavor => "Linux")
|
64
|
-
assert_equal(32, a.payload.size)
|
65
|
-
a = ARPPacket.new(:flavor => :hp_deskjet)
|
66
|
-
assert_equal(18, a.payload.size)
|
67
|
-
a = ARPPacket.new
|
68
|
-
assert_equal("\x00" * 18, a.payload)
|
69
|
-
end
|
70
|
-
|
71
|
-
def test_arp_create
|
72
|
-
sample_arp = "000108000604000200032f1a74dec0a80102001b1151b7cec0a80169"
|
73
|
-
sample_arp = sample_arp.scan(/../).map {|x| x.to_i(16)}.pack("C*")
|
74
|
-
a = ARPPacket.new
|
75
|
-
assert_kind_of ARPPacket, a
|
76
|
-
a.arp_hw = 1
|
77
|
-
a.arp_proto = 0x0800
|
78
|
-
a.arp_hw_len = 6
|
79
|
-
a.arp_proto_len = 4
|
80
|
-
a.arp_opcode = 2
|
81
|
-
a.arp_src_mac = "\x00\x03\x2f\x1a\x74\xde"
|
82
|
-
a.arp_src_ip = "\xc0\xa8\x01\x02"
|
83
|
-
a.arp_dst_mac = "\x00\x1b\x11\x51\xb7\xce"
|
84
|
-
a.arp_dst_ip = "\xc0\xa8\x01\x69"
|
85
|
-
a.payload = ""
|
86
|
-
assert_equal(sample_arp,a.to_s[14,0xffff])
|
87
|
-
end
|
88
|
-
|
89
|
-
def test_arp_new
|
90
|
-
sample_arp = "000108000604000200032f1a74dec0a80102001b1151b7cec0a80169c0a80169"
|
91
|
-
sample_arp = sample_arp.scan(/../).map {|x| x.to_i(16)}.pack("C*")
|
92
|
-
arp = ARPPacket.new(:arp_hw => 1, :arp_proto => 0x0800,
|
93
|
-
:arp_opcode => 2, :arp_src_ip => "\xc0\xa8\x01\x02")
|
94
|
-
assert_kind_of ARPPacket, arp
|
95
|
-
arp.arp_hw_len = 6
|
96
|
-
arp.arp_proto_len = 4
|
97
|
-
arp.arp_src_mac = "\x00\x03\x2f\x1a\x74\xde"
|
98
|
-
arp.arp_dst_mac = "\x00\x1b\x11\x51\xb7\xce"
|
99
|
-
arp.arp_dst_ip = "\xc0\xa8\x01\x69"
|
100
|
-
arp.payload = "\xc0\xa8\x01\x69"
|
101
|
-
assert_equal(sample_arp,arp.to_s[14,0xffff])
|
102
|
-
end
|
103
|
-
|
104
|
-
def test_arp_peek
|
105
|
-
a = ARPPacket.new
|
106
|
-
puts "\n"
|
107
|
-
puts "ARP Peek format: "
|
108
|
-
puts a.peek
|
109
|
-
puts "\n"
|
110
|
-
assert(a.peek.size <= 80)
|
111
|
-
end
|
112
|
-
|
113
|
-
def test_arp_pcap
|
114
|
-
a = ARPPacket.new
|
115
|
-
assert_kind_of ARPPacket, a
|
116
|
-
a.to_f('arp_test.pcap','w')
|
117
|
-
a.arp_hw = 1
|
118
|
-
a.arp_proto = 0x0800
|
119
|
-
a.arp_hw_len = 6
|
120
|
-
a.arp_proto_len = 4
|
121
|
-
a.arp_opcode = 2
|
122
|
-
a.arp_src_mac = "\x00\x03\x2f\x1a\x74\xde"
|
123
|
-
a.arp_src_ip = "\xc0\xa8\x01\x02"
|
124
|
-
a.arp_dst_mac = "\x00\x1b\x11\x51\xb7\xce"
|
125
|
-
a.arp_dst_ip = "\xc0\xa8\x01\x69"
|
126
|
-
a.payload = ""
|
127
|
-
a.eth_daddr = "00:1b:11:51:b7:ce"
|
128
|
-
a.eth_saddr = "00:03:2f:1a:74:de"
|
129
|
-
a.to_f('arp_test.pcap','a')
|
130
|
-
end
|
131
|
-
|
132
|
-
end
|
133
|
-
|
134
|
-
|
135
|
-
# vim: nowrap sw=2 sts=0 ts=2 ff=unix ft=ruby
|
data/test/test_icmp.rb
DELETED
@@ -1,62 +0,0 @@
|
|
1
|
-
#!/usr/bin/env ruby
|
2
|
-
require 'test/unit'
|
3
|
-
$:.unshift File.join(File.expand_path(File.dirname(__FILE__)), "..", "lib")
|
4
|
-
require 'packetfu'
|
5
|
-
|
6
|
-
class ICMPTest < Test::Unit::TestCase
|
7
|
-
include PacketFu
|
8
|
-
|
9
|
-
def test_icmp_header_new
|
10
|
-
i = ICMPHeader.new
|
11
|
-
assert_kind_of ICMPHeader, i
|
12
|
-
assert_equal("\x00\x00\xff\xff", i.to_s)
|
13
|
-
i.icmp_type = 1
|
14
|
-
i.icmp_recalc :icmp_sum
|
15
|
-
assert_equal("\x01\x00\xfe\xff", i.to_s)
|
16
|
-
end
|
17
|
-
|
18
|
-
def test_icmp_peek
|
19
|
-
i = ICMPPacket.new
|
20
|
-
i.ip_saddr = "10.20.30.40"
|
21
|
-
i.ip_daddr = "50.60.70.80"
|
22
|
-
i.payload = "abcdefghijklmnopqrstuvwxyz"
|
23
|
-
i.recalc
|
24
|
-
puts "\n"
|
25
|
-
puts "ICMP Peek format: "
|
26
|
-
puts i.peek
|
27
|
-
assert (i.peek.size <= 80)
|
28
|
-
end
|
29
|
-
|
30
|
-
def test_icmp_pcap
|
31
|
-
i = ICMPPacket.new
|
32
|
-
assert_kind_of ICMPPacket, i
|
33
|
-
i.recalc
|
34
|
-
i.to_f('icmp_test.pcap')
|
35
|
-
i.ip_saddr = "10.20.30.40"
|
36
|
-
i.ip_daddr = "50.60.70.80"
|
37
|
-
i.payload = "\x00\x01\x00\01abcdefghijklmnopqrstuvwxyz"
|
38
|
-
i.icmp_code = 8
|
39
|
-
i.recalc
|
40
|
-
i.to_f('icmp_test.pcap','a')
|
41
|
-
assert File.exists?('icmp_test.pcap')
|
42
|
-
end
|
43
|
-
|
44
|
-
def test_icmp_read
|
45
|
-
sample_packet = PcapFile.new.file_to_array(:f => 'sample.pcap')[2]
|
46
|
-
pkt = Packet.parse(sample_packet)
|
47
|
-
assert pkt.is_icmp?
|
48
|
-
assert_kind_of ICMPPacket, pkt
|
49
|
-
assert_equal(0x4d58, pkt.icmp_sum.to_i)
|
50
|
-
assert_equal(8, pkt.icmp_type.to_i)
|
51
|
-
end
|
52
|
-
|
53
|
-
def test_icmp_reread
|
54
|
-
sample_packet = PacketFu::ICMPPacket.new
|
55
|
-
pkt = Packet.parse(sample_packet.to_s)
|
56
|
-
assert sample_packet.is_icmp?
|
57
|
-
assert pkt.is_icmp?
|
58
|
-
end
|
59
|
-
|
60
|
-
end
|
61
|
-
|
62
|
-
# vim: nowrap sw=2 sts=0 ts=2 ff=unix ft=ruby
|
data/test/test_ip.rb
DELETED
@@ -1,50 +0,0 @@
|
|
1
|
-
#!/usr/bin/env ruby
|
2
|
-
require 'test/unit'
|
3
|
-
$:.unshift File.join(File.expand_path(File.dirname(__FILE__)), "..", "lib")
|
4
|
-
require 'packetfu'
|
5
|
-
|
6
|
-
class IPTest < Test::Unit::TestCase
|
7
|
-
include PacketFu
|
8
|
-
|
9
|
-
def test_ip_header_new
|
10
|
-
i = IPHeader.new
|
11
|
-
assert_kind_of IPHeader, i
|
12
|
-
i.ip_id = 0x1234
|
13
|
-
i.ip_recalc :ip_sum
|
14
|
-
assert_equal("E\000\000\024\0224\000\000 \000\210\267\000\000\000\000\000\000\000\000", i.to_s)
|
15
|
-
end
|
16
|
-
|
17
|
-
def test_ip_packet_new
|
18
|
-
i = IPPacket.new
|
19
|
-
assert i.is_ip?
|
20
|
-
end
|
21
|
-
|
22
|
-
def test_ip_peek
|
23
|
-
i = IPPacket.new
|
24
|
-
i.ip_saddr = "1.2.3.4"
|
25
|
-
i.ip_daddr = "5.6.7.8"
|
26
|
-
i.ip_proto = 94
|
27
|
-
i.payload = '\x00' * 30
|
28
|
-
i.recalc
|
29
|
-
puts "\n"
|
30
|
-
puts "IP Peek format: "
|
31
|
-
puts i.peek
|
32
|
-
assert (i.peek.size <= 80)
|
33
|
-
end
|
34
|
-
|
35
|
-
def test_ip_pcap
|
36
|
-
i = IPPacket.new
|
37
|
-
assert_kind_of IPPacket, i
|
38
|
-
i.recalc
|
39
|
-
i.to_f('ip_test.pcap')
|
40
|
-
i.ip_saddr = "1.2.3.4"
|
41
|
-
i.ip_daddr = "5.6.7.8"
|
42
|
-
i.ip_proto = 94
|
43
|
-
i.payload = "\x23" * 10
|
44
|
-
i.recalc
|
45
|
-
i.to_f('ip_test.pcap','a')
|
46
|
-
end
|
47
|
-
|
48
|
-
end
|
49
|
-
|
50
|
-
# vim: nowrap sw=2 sts=0 ts=2 ff=unix ft=ruby
|
data/test/test_ip6.rb
DELETED
@@ -1,68 +0,0 @@
|
|
1
|
-
#!/usr/bin/env ruby
|
2
|
-
require 'test/unit'
|
3
|
-
$:.unshift File.join(File.expand_path(File.dirname(__FILE__)), "..", "lib")
|
4
|
-
require 'packetfu'
|
5
|
-
|
6
|
-
class IPv6AddrTest < Test::Unit::TestCase
|
7
|
-
include PacketFu
|
8
|
-
|
9
|
-
def test_addr_read
|
10
|
-
a = AddrIpv6.new
|
11
|
-
addr = "\xfe\x80\x00\x00\x00\x00\x00\x00\x02\x1a\xc5\xff\xfe\x00\x01\x52"
|
12
|
-
a.read(addr)
|
13
|
-
assert_equal(338288524927261089654170548082086773074, a.to_i)
|
14
|
-
assert_equal("fe80::21a:c5ff:fe00:152",a.to_x)
|
15
|
-
end
|
16
|
-
|
17
|
-
def test_octets_read_quad
|
18
|
-
a = AddrIpv6.new
|
19
|
-
addr = "fe80::21a:c5ff:fe00:152"
|
20
|
-
a.read_x(addr)
|
21
|
-
assert_equal(addr,a.to_x)
|
22
|
-
end
|
23
|
-
|
24
|
-
end
|
25
|
-
|
26
|
-
class IPv6Test < Test::Unit::TestCase
|
27
|
-
include PacketFu
|
28
|
-
|
29
|
-
def test_ipv6_header_new
|
30
|
-
i = IPv6Header.new
|
31
|
-
assert_kind_of IPv6Header, i
|
32
|
-
assert_equal("`\000\000\000\000\000\000\377\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000", i.to_s)
|
33
|
-
end
|
34
|
-
|
35
|
-
def test_ipv6_packet_new
|
36
|
-
i = IPv6Packet.new
|
37
|
-
assert i.is_ipv6?
|
38
|
-
end
|
39
|
-
|
40
|
-
def test_ipv6_peek
|
41
|
-
i = IPv6Packet.new
|
42
|
-
i.ipv6_saddr = "fe80::1"
|
43
|
-
i.ipv6_daddr = "fe80::2"
|
44
|
-
i.ipv6_next = 0x11
|
45
|
-
i.payload = '\x00' * 30
|
46
|
-
i.recalc
|
47
|
-
puts "\n"
|
48
|
-
puts "IPv6 Peek format: "
|
49
|
-
puts i.peek
|
50
|
-
assert (i.peek.size <= 80)
|
51
|
-
end
|
52
|
-
|
53
|
-
=begin
|
54
|
-
def test_ipv6_pcap
|
55
|
-
i = IPPacket.new
|
56
|
-
assert_kind_of IPPacket, i
|
57
|
-
i.recalc
|
58
|
-
i.to_f('ip_test.pcap')
|
59
|
-
i.ip_saddr = "1.2.3.4"
|
60
|
-
i.ip_daddr = "5.6.7.8"
|
61
|
-
i.ip_proto = 94
|
62
|
-
i.payload = "\x23" * 10
|
63
|
-
i.recalc
|
64
|
-
i.to_f('ip_test.pcap','a')
|
65
|
-
end
|
66
|
-
=end
|
67
|
-
end
|
68
|
-
# vim: nowrap sw=2 sts=0 ts=2 ff=unix ft=ruby
|