packetfu 1.1.10 → 1.1.11
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- checksums.yaml.gz.sig +0 -0
- data.tar.gz.sig +2 -0
- data/.gitignore +3 -0
- data/.travis.yml +8 -0
- data/CONTRIBUTING.md +47 -0
- data/Gemfile +4 -0
- data/LICENSE.txt +1 -1
- data/README.rdoc +35 -30
- data/Rakefile +4 -4
- data/bench/octets.rb +9 -9
- data/examples/100kpackets.rb +12 -12
- data/examples/ackscan.rb +16 -16
- data/examples/arp.rb +35 -35
- data/examples/arphood.rb +36 -36
- data/examples/dissect_thinger.rb +6 -6
- data/examples/new-simple-stats.rb +23 -23
- data/examples/packetfu-shell.rb +25 -25
- data/examples/simple-sniffer.rb +9 -9
- data/examples/simple-stats.rb +23 -23
- data/examples/slammer.rb +3 -3
- data/gem-public_cert.pem +21 -0
- data/lib/packetfu.rb +149 -127
- data/lib/packetfu/capture.rb +169 -169
- data/lib/packetfu/config.rb +52 -52
- data/lib/packetfu/inject.rb +56 -56
- data/lib/packetfu/packet.rb +531 -528
- data/lib/packetfu/pcap.rb +579 -579
- data/lib/packetfu/protos/arp.rb +90 -90
- data/lib/packetfu/protos/arp/header.rb +158 -158
- data/lib/packetfu/protos/arp/mixin.rb +36 -36
- data/lib/packetfu/protos/eth.rb +44 -44
- data/lib/packetfu/protos/eth/header.rb +243 -243
- data/lib/packetfu/protos/eth/mixin.rb +3 -3
- data/lib/packetfu/protos/hsrp.rb +69 -69
- data/lib/packetfu/protos/hsrp/header.rb +107 -107
- data/lib/packetfu/protos/hsrp/mixin.rb +29 -29
- data/lib/packetfu/protos/icmp.rb +71 -71
- data/lib/packetfu/protos/icmp/header.rb +82 -82
- data/lib/packetfu/protos/icmp/mixin.rb +14 -14
- data/lib/packetfu/protos/invalid.rb +49 -49
- data/lib/packetfu/protos/ip.rb +69 -69
- data/lib/packetfu/protos/ip/header.rb +291 -291
- data/lib/packetfu/protos/ip/mixin.rb +40 -40
- data/lib/packetfu/protos/ipv6.rb +50 -50
- data/lib/packetfu/protos/ipv6/header.rb +188 -188
- data/lib/packetfu/protos/ipv6/mixin.rb +29 -29
- data/lib/packetfu/protos/tcp.rb +176 -176
- data/lib/packetfu/protos/tcp/ecn.rb +35 -35
- data/lib/packetfu/protos/tcp/flags.rb +74 -74
- data/lib/packetfu/protos/tcp/header.rb +268 -268
- data/lib/packetfu/protos/tcp/hlen.rb +32 -32
- data/lib/packetfu/protos/tcp/mixin.rb +46 -46
- data/lib/packetfu/protos/tcp/option.rb +321 -321
- data/lib/packetfu/protos/tcp/options.rb +95 -95
- data/lib/packetfu/protos/tcp/reserved.rb +35 -35
- data/lib/packetfu/protos/udp.rb +159 -123
- data/lib/packetfu/protos/udp/header.rb +91 -91
- data/lib/packetfu/protos/udp/mixin.rb +3 -3
- data/lib/packetfu/structfu.rb +280 -280
- data/lib/packetfu/utils.rb +292 -225
- data/lib/packetfu/version.rb +41 -41
- data/packetfu.gemspec +14 -3
- data/spec/arp_spec.rb +191 -0
- data/spec/eth_spec.rb +148 -0
- data/spec/icmp_spec.rb +97 -0
- data/spec/ip_spec.rb +78 -0
- data/spec/ipv6_spec.rb +81 -0
- data/spec/packet_spec.rb +61 -59
- data/spec/packet_subclasses_spec.rb +9 -10
- data/spec/packetfu_spec.rb +55 -62
- data/spec/sample3.pcap +0 -0
- data/spec/spec_helper.rb +44 -0
- data/spec/structfu_spec.rb +270 -271
- data/spec/tcp_spec.rb +76 -77
- data/spec/udp_spec.rb +32 -0
- data/spec/utils_spec.rb +95 -0
- data/test/all_tests.rb +14 -17
- data/test/func_lldp.rb +3 -3
- data/test/ptest.rb +2 -2
- data/test/test_capture.rb +45 -45
- data/test/test_eth.rb +70 -68
- data/test/test_hsrp.rb +9 -9
- data/test/test_inject.rb +18 -18
- data/test/test_invalid.rb +16 -16
- data/test/test_octets.rb +23 -21
- data/test/test_packet.rb +156 -154
- data/test/test_pcap.rb +172 -170
- data/test/test_structfu.rb +99 -97
- data/test/test_tcp.rb +322 -320
- data/test/test_udp.rb +78 -76
- metadata +108 -44
- metadata.gz.sig +2 -0
- data/spec/ethpacket_spec.rb +0 -74
- data/test/test_arp.rb +0 -135
- data/test/test_icmp.rb +0 -62
- data/test/test_ip.rb +0 -50
- data/test/test_ip6.rb +0 -68
@@ -1,8 +1,8 @@
|
|
1
1
|
# -*- coding: binary -*-
|
2
2
|
module PacketFu
|
3
|
-
|
4
|
-
|
5
|
-
|
3
|
+
# This Mixin simplifies access to the EthHeaders. Mix this in with your
|
4
|
+
# packet interface, and it will add methods that essentially delegate to
|
5
|
+
# the 'eth_header' method (assuming that it is a EthHeader object)
|
6
6
|
module EthHeaderMixin
|
7
7
|
def eth_daddr; self.eth_header.eth_daddr ; end
|
8
8
|
def eth_daddr=(v); self.eth_header.eth_daddr= v; end
|
data/lib/packetfu/protos/hsrp.rb
CHANGED
@@ -12,85 +12,85 @@ require 'packetfu/protos/hsrp/header'
|
|
12
12
|
require 'packetfu/protos/hsrp/mixin'
|
13
13
|
|
14
14
|
module PacketFu
|
15
|
-
|
16
|
-
|
17
|
-
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
|
25
|
-
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
|
31
|
-
|
32
|
-
|
33
|
-
|
34
|
-
|
35
|
-
|
36
|
-
|
37
|
-
|
38
|
-
|
39
|
-
|
40
|
-
|
15
|
+
# HSRPPacket is used to construct HSRP Packets. They contain an EthHeader, an IPHeader, and a UDPHeader.
|
16
|
+
#
|
17
|
+
# == Example
|
18
|
+
#
|
19
|
+
# hsrp_pkt.new
|
20
|
+
# hsrp_pkt.hsrp_opcode = 0
|
21
|
+
# hsrp_pkt.hsrp_state = 16
|
22
|
+
# hsrp_pkt.hsrp_priority = 254
|
23
|
+
# hsrp_pkt.hsrp_group = 1
|
24
|
+
# hsrp_pkt.hsrp_vip = 10.100.100.254
|
25
|
+
# hsrp_pkt.recalc
|
26
|
+
# hsrp_pkt.to_f('/tmp/hsrp.pcap')
|
27
|
+
#
|
28
|
+
# == Parameters
|
29
|
+
#
|
30
|
+
# :eth
|
31
|
+
# A pre-generated EthHeader object.
|
32
|
+
# :ip
|
33
|
+
# A pre-generated IPHeader object.
|
34
|
+
# :udp
|
35
|
+
# A pre-generated UDPHeader object.
|
36
|
+
# :flavor
|
37
|
+
# TODO: HSRP packets don't tend have any flavor.
|
38
|
+
# :config
|
39
|
+
# A hash of return address details, often the output of Utils.whoami?
|
40
|
+
class HSRPPacket < Packet
|
41
41
|
include ::PacketFu::EthHeaderMixin
|
42
42
|
include ::PacketFu::IPHeaderMixin
|
43
43
|
include ::PacketFu::UDPHeaderMixin
|
44
44
|
include ::PacketFu::HSRPHeaderMixin
|
45
45
|
|
46
|
-
|
46
|
+
attr_accessor :eth_header, :ip_header, :udp_header, :hsrp_header
|
47
47
|
|
48
|
-
|
49
|
-
|
50
|
-
|
51
|
-
|
52
|
-
|
53
|
-
|
54
|
-
|
55
|
-
|
56
|
-
|
57
|
-
|
58
|
-
|
59
|
-
|
60
|
-
|
48
|
+
def self.can_parse?(str)
|
49
|
+
return false unless str.size >= 54
|
50
|
+
return false unless EthPacket.can_parse? str
|
51
|
+
return false unless IPPacket.can_parse? str
|
52
|
+
return false unless UDPPacket.can_parse? str
|
53
|
+
temp_packet = UDPPacket.new
|
54
|
+
temp_packet.read(str)
|
55
|
+
if temp_packet.ip_ttl == 1 and [temp_packet.udp_sport,temp_packet.udp_dport] == [1985,1985]
|
56
|
+
return true
|
57
|
+
else
|
58
|
+
return false
|
59
|
+
end
|
60
|
+
end
|
61
61
|
|
62
|
-
|
63
|
-
|
64
|
-
|
65
|
-
|
66
|
-
|
67
|
-
|
62
|
+
def read(str=nil, args={})
|
63
|
+
raise "Cannot parse `#{str}'" unless self.class.can_parse?(str)
|
64
|
+
@eth_header.read(str)
|
65
|
+
super(args)
|
66
|
+
self
|
67
|
+
end
|
68
68
|
|
69
|
-
|
70
|
-
|
71
|
-
|
72
|
-
|
73
|
-
|
74
|
-
|
75
|
-
|
76
|
-
|
77
|
-
|
78
|
-
|
79
|
-
|
80
|
-
|
69
|
+
def initialize(args={})
|
70
|
+
@eth_header = EthHeader.new(args).read(args[:eth])
|
71
|
+
@ip_header = IPHeader.new(args).read(args[:ip])
|
72
|
+
@ip_header.ip_proto = 0x11
|
73
|
+
@udp_header = UDPHeader.new(args).read(args[:udp])
|
74
|
+
@hsrp_header = HSRPHeader.new(args).read(args[:hsrp])
|
75
|
+
@udp_header.body = @hsrp_header
|
76
|
+
@ip_header.body = @udp_header
|
77
|
+
@eth_header.body = @ip_header
|
78
|
+
@headers = [@eth_header, @ip_header, @udp_header, @hsrp_header]
|
79
|
+
super
|
80
|
+
end
|
81
81
|
|
82
|
-
|
83
|
-
|
84
|
-
|
85
|
-
|
86
|
-
|
87
|
-
|
88
|
-
|
89
|
-
|
90
|
-
|
91
|
-
|
82
|
+
# Peek provides summary data on packet contents.
|
83
|
+
def peek_format
|
84
|
+
peek_data = ["UH "]
|
85
|
+
peek_data << "%-5d" % self.to_s.size
|
86
|
+
peek_data << "%-16s" % self.hsrp_addr
|
87
|
+
peek_data << "%-4d" % self.hsrp_group
|
88
|
+
peek_data << "%-35s" % self.hsrp_password_readable
|
89
|
+
peek_data << "%-15s" % self.ip_saddr
|
90
|
+
peek_data.join
|
91
|
+
end
|
92
92
|
|
93
|
-
|
93
|
+
end
|
94
94
|
|
95
95
|
end
|
96
96
|
|
@@ -1,121 +1,121 @@
|
|
1
1
|
# -*- coding: binary -*-
|
2
2
|
module PacketFu
|
3
|
-
|
4
|
-
|
5
|
-
|
6
|
-
|
7
|
-
|
8
|
-
|
9
|
-
|
10
|
-
|
11
|
-
|
12
|
-
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
|
25
|
-
|
26
|
-
|
27
|
-
|
3
|
+
# HSRPHeader is a complete HSRP struct, used in HSRPPacket. HSRP is typically used for
|
4
|
+
# fault-tolerant default gateway in IP routing environment.
|
5
|
+
#
|
6
|
+
# For more on HSRP packets, see http://www.networksorcery.com/enp/protocol/hsrp.htm
|
7
|
+
#
|
8
|
+
# Submitted by fropert@packetfault.org. Thanks, Francois!
|
9
|
+
#
|
10
|
+
# ==== Header Definition
|
11
|
+
#
|
12
|
+
# Int8 :hsrp_version Default: 0 # Version
|
13
|
+
# Int8 :hsrp_opcode # Opcode
|
14
|
+
# Int8 :hsrp_state # State
|
15
|
+
# Int8 :hsrp_hellotime Default: 3 # Hello Time
|
16
|
+
# Int8 :hsrp_holdtime Default: 10 # Hold Time
|
17
|
+
# Int8 :hsrp_priority # Priority
|
18
|
+
# Int8 :hsrp_group # Group
|
19
|
+
# Int8 :hsrp_reserved Default: 0 # Reserved
|
20
|
+
# String :hsrp_password # Authentication Data
|
21
|
+
# Octets :hsrp_vip # Virtual IP Address
|
22
|
+
# String :body
|
23
|
+
class HSRPHeader < Struct.new(:hsrp_version, :hsrp_opcode, :hsrp_state,
|
24
|
+
:hsrp_hellotime, :hsrp_holdtime,
|
25
|
+
:hsrp_priority, :hsrp_group,
|
26
|
+
:hsrp_reserved, :hsrp_password,
|
27
|
+
:hsrp_vip, :body)
|
28
28
|
|
29
|
-
|
29
|
+
include StructFu
|
30
30
|
|
31
|
-
|
32
|
-
|
33
|
-
|
34
|
-
|
35
|
-
|
36
|
-
|
37
|
-
|
38
|
-
|
39
|
-
|
40
|
-
|
41
|
-
|
42
|
-
|
43
|
-
|
44
|
-
|
45
|
-
|
31
|
+
def initialize(args={})
|
32
|
+
super(
|
33
|
+
Int8.new(args[:hsrp_version] || 0),
|
34
|
+
Int8.new(args[:hsrp_opcode]),
|
35
|
+
Int8.new(args[:hsrp_state]),
|
36
|
+
Int8.new(args[:hsrp_hellotime] || 3),
|
37
|
+
Int8.new(args[:hsrp_holdtime] || 10),
|
38
|
+
Int8.new(args[:hsrp_priority]),
|
39
|
+
Int8.new(args[:hsrp_group]),
|
40
|
+
Int8.new(args[:hsrp_reserved] || 0),
|
41
|
+
StructFu::String.new.read(args[:hsrp_password] || "cisco\x00\x00\x00"),
|
42
|
+
Octets.new.read(args[:hsrp_vip] || ("\x00" * 4)),
|
43
|
+
StructFu::String.new.read(args[:body])
|
44
|
+
)
|
45
|
+
end
|
46
46
|
|
47
|
-
|
48
|
-
|
49
|
-
|
50
|
-
|
47
|
+
# Returns the object in string form.
|
48
|
+
def to_s
|
49
|
+
self.to_a.map {|x| x.to_s}.join
|
50
|
+
end
|
51
51
|
|
52
|
-
|
53
|
-
|
54
|
-
|
55
|
-
|
56
|
-
|
57
|
-
|
58
|
-
|
59
|
-
|
60
|
-
|
61
|
-
|
62
|
-
|
63
|
-
|
64
|
-
|
65
|
-
|
66
|
-
|
67
|
-
|
68
|
-
|
52
|
+
# Reads a string to populate the object.
|
53
|
+
def read(str)
|
54
|
+
force_binary(str)
|
55
|
+
return self if str.nil?
|
56
|
+
self[:hsrp_version].read(str[0,1])
|
57
|
+
self[:hsrp_opcode].read(str[1,1])
|
58
|
+
self[:hsrp_state].read(str[2,1])
|
59
|
+
self[:hsrp_hellotime].read(str[3,1])
|
60
|
+
self[:hsrp_holdtime].read(str[4,1])
|
61
|
+
self[:hsrp_priority].read(str[5,1])
|
62
|
+
self[:hsrp_group].read(str[6,1])
|
63
|
+
self[:hsrp_reserved].read(str[7,1])
|
64
|
+
self[:hsrp_password].read(str[8,8])
|
65
|
+
self[:hsrp_vip].read(str[16,4])
|
66
|
+
self[:body].read(str[20,str.size]) if str.size > 20
|
67
|
+
self
|
68
|
+
end
|
69
69
|
|
70
|
-
|
71
|
-
|
72
|
-
|
73
|
-
|
74
|
-
|
75
|
-
|
76
|
-
|
77
|
-
|
78
|
-
|
79
|
-
|
80
|
-
|
81
|
-
|
82
|
-
|
83
|
-
|
84
|
-
|
85
|
-
|
86
|
-
|
87
|
-
|
88
|
-
|
89
|
-
|
90
|
-
|
91
|
-
|
92
|
-
|
93
|
-
|
94
|
-
|
95
|
-
|
96
|
-
|
97
|
-
|
98
|
-
|
99
|
-
|
100
|
-
|
101
|
-
|
70
|
+
# Setter for the type.
|
71
|
+
def hsrp_version=(i); typecast i; end
|
72
|
+
# Getter for the type.
|
73
|
+
def hsrp_version; self[:hsrp_version].to_i; end
|
74
|
+
# Setter for the type.
|
75
|
+
def hsrp_opcode=(i); typecast i; end
|
76
|
+
# Getter for the type.
|
77
|
+
def hsrp_opcode; self[:hsrp_opcode].to_i; end
|
78
|
+
# Setter for the type.
|
79
|
+
def hsrp_state=(i); typecast i; end
|
80
|
+
# Getter for the type.
|
81
|
+
def hsrp_state; self[:hsrp_state].to_i; end
|
82
|
+
# Setter for the type.
|
83
|
+
def hsrp_hellotime=(i); typecast i; end
|
84
|
+
# Getter for the type.
|
85
|
+
def hsrp_hellotime; self[:hsrp_hellotime].to_i; end
|
86
|
+
# Setter for the type.
|
87
|
+
def hsrp_holdtime=(i); typecast i; end
|
88
|
+
# Getter for the type.
|
89
|
+
def hsrp_holdtime; self[:hsrp_holdtime].to_i; end
|
90
|
+
# Setter for the type.
|
91
|
+
def hsrp_priority=(i); typecast i; end
|
92
|
+
# Getter for the type.
|
93
|
+
def hsrp_priority; self[:hsrp_priority].to_i; end
|
94
|
+
# Setter for the type.
|
95
|
+
def hsrp_group=(i); typecast i; end
|
96
|
+
# Getter for the type.
|
97
|
+
def hsrp_group; self[:hsrp_group].to_i; end
|
98
|
+
# Setter for the type.
|
99
|
+
def hsrp_reserved=(i); typecast i; end
|
100
|
+
# Getter for the type.
|
101
|
+
def hsrp_reserved; self[:hsrp_reserved].to_i; end
|
102
102
|
|
103
|
-
|
104
|
-
|
105
|
-
|
103
|
+
def hsrp_addr=(addr)
|
104
|
+
self[:hsrp_vip].read_quad(addr)
|
105
|
+
end
|
106
106
|
|
107
|
-
|
108
|
-
|
109
|
-
|
110
|
-
|
107
|
+
# Returns a more readable IP source address.
|
108
|
+
def hsrp_addr
|
109
|
+
self[:hsrp_vip].to_x
|
110
|
+
end
|
111
111
|
|
112
|
-
|
112
|
+
# Readability aliases
|
113
113
|
|
114
|
-
|
114
|
+
alias :hsrp_vip_readable :hsrp_addr
|
115
115
|
|
116
|
-
|
117
|
-
|
118
|
-
|
116
|
+
def hsrp_password_readable
|
117
|
+
hsrp_password.to_s.inspect
|
118
|
+
end
|
119
119
|
|
120
|
-
|
120
|
+
end
|
121
121
|
end
|
@@ -1,32 +1,32 @@
|
|
1
1
|
# -*- coding: binary -*-
|
2
2
|
module PacketFu
|
3
|
-
|
4
|
-
|
5
|
-
|
6
|
-
|
7
|
-
|
8
|
-
|
9
|
-
|
10
|
-
|
11
|
-
|
12
|
-
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
|
25
|
-
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
|
31
|
-
|
3
|
+
# This Mixin simplifies access to the HSRPHeaders. Mix this in with your
|
4
|
+
# packet interface, and it will add methods that essentially delegate to
|
5
|
+
# the 'hsrp_header' method (assuming that it is a HSRPHeader object)
|
6
|
+
module HSRPHeaderMixin
|
7
|
+
def hsrp_version=(v); self.hsrp_header.hsrp_version= v; end
|
8
|
+
def hsrp_version; self.hsrp_header.hsrp_version; end
|
9
|
+
def hsrp_opcode=(v); self.hsrp_header.hsrp_opcode= v; end
|
10
|
+
def hsrp_opcode; self.hsrp_header.hsrp_opcode; end
|
11
|
+
def hsrp_state=(v); self.hsrp_header.hsrp_state= v; end
|
12
|
+
def hsrp_state; self.hsrp_header.hsrp_state; end
|
13
|
+
def hsrp_hellotime=(v); self.hsrp_header.hsrp_hellotime= v; end
|
14
|
+
def hsrp_hellotime; self.hsrp_header.hsrp_hellotime; end
|
15
|
+
def hsrp_holdtime=(v); self.hsrp_header.hsrp_holdtime= v; end
|
16
|
+
def hsrp_holdtime; self.hsrp_header.hsrp_holdtime; end
|
17
|
+
def hsrp_priority=(v); self.hsrp_header.hsrp_priority= v; end
|
18
|
+
def hsrp_priority; self.hsrp_header.hsrp_priority; end
|
19
|
+
def hsrp_group=(v); self.hsrp_header.hsrp_group= v; end
|
20
|
+
def hsrp_group; self.hsrp_header.hsrp_group; end
|
21
|
+
def hsrp_reserved=(v); self.hsrp_header.hsrp_reserved= v; end
|
22
|
+
def hsrp_reserved; self.hsrp_header.hsrp_reserved; end
|
23
|
+
def hsrp_addr=(v); self.hsrp_header.hsrp_addr= v; end
|
24
|
+
def hsrp_addr; self.hsrp_header.hsrp_addr; end
|
25
|
+
def hsrp_vip_readable; self.hsrp_header.hsrp_vip_readable; end
|
26
|
+
def hsrp_password_readable; self.hsrp_header.hsrp_password_readable; end
|
27
|
+
def hsrp_password; self.hsrp_header.hsrp_password; end
|
28
|
+
def hsrp_password=(v); self.hsrp_header.hsrp_password= v; end
|
29
|
+
def hsrp_vip; self.hsrp_header.hsrp_vip; end
|
30
|
+
def hsrp_vip=(v); self.hsrp_header.hsrp_vip= v; end
|
31
|
+
end
|
32
32
|
end
|