packetfu 1.1.11 → 1.1.12.pre

Sign up to get free protection for your applications and to get access to all the features.
Files changed (193) hide show
  1. checksums.yaml +4 -4
  2. data/.gitignore +3 -1
  3. data/.rspec +2 -0
  4. data/.travis.yml +2 -3
  5. data/README.md +127 -0
  6. data/examples/100kpackets.rb +11 -10
  7. data/examples/ackscan.rb +4 -1
  8. data/examples/arp.rb +4 -5
  9. data/examples/arphood.rb +5 -4
  10. data/examples/dissect_thinger.rb +10 -7
  11. data/examples/ethernet.rb +8 -3
  12. data/examples/ids.rb +22 -4
  13. data/examples/idsv2.rb +25 -6
  14. data/examples/ifconfig.rb +6 -3
  15. data/examples/new-simple-stats.rb +5 -6
  16. data/examples/packetfu-shell.rb +11 -48
  17. data/examples/pcap2pcapng.rb +32 -0
  18. data/examples/simple-sniffer.rb +9 -4
  19. data/examples/simple-stats.rb +7 -8
  20. data/examples/slammer.rb +2 -2
  21. data/examples/uniqpcap.rb +17 -7
  22. data/lib/packetfu.rb +10 -175
  23. data/lib/packetfu/capture.rb +2 -2
  24. data/lib/packetfu/common.rb +142 -0
  25. data/lib/packetfu/config.rb +8 -8
  26. data/lib/packetfu/inject.rb +3 -3
  27. data/lib/packetfu/packet.rb +22 -18
  28. data/lib/packetfu/pcap.rb +2 -1
  29. data/lib/packetfu/pcapng.rb +37 -0
  30. data/lib/packetfu/pcapng/block.rb +25 -0
  31. data/lib/packetfu/pcapng/epb.rb +112 -0
  32. data/lib/packetfu/pcapng/file.rb +316 -0
  33. data/lib/packetfu/pcapng/idb.rb +125 -0
  34. data/lib/packetfu/pcapng/shb.rb +146 -0
  35. data/lib/packetfu/pcapng/spb.rb +83 -0
  36. data/lib/packetfu/pcapng/unknown_block.rb +60 -0
  37. data/lib/packetfu/protos.rb +3 -0
  38. data/lib/packetfu/protos/arp.rb +10 -10
  39. data/lib/packetfu/protos/icmpv6.rb +131 -0
  40. data/lib/packetfu/protos/icmpv6/header.rb +69 -0
  41. data/lib/packetfu/protos/icmpv6/mixin.rb +14 -0
  42. data/lib/packetfu/protos/ip.rb +4 -5
  43. data/lib/packetfu/protos/ipv6/header.rb +2 -0
  44. data/lib/packetfu/protos/udp.rb +24 -12
  45. data/lib/packetfu/structfu.rb +27 -0
  46. data/lib/packetfu/utils.rb +55 -9
  47. data/lib/packetfu/version.rb +1 -1
  48. data/packetfu.gemspec +13 -7
  49. data/spec/arp_spec.rb +11 -5
  50. data/spec/eth_spec.rb +20 -11
  51. data/spec/fake_packets.rb +28 -0
  52. data/spec/hsrp_spec.rb +15 -0
  53. data/spec/icmp_spec.rb +12 -5
  54. data/spec/icmpv6_spec.rb +98 -0
  55. data/spec/invalid_spec.rb +28 -0
  56. data/spec/ip_spec.rb +10 -5
  57. data/spec/ipv4_icmp.pcap +0 -0
  58. data/spec/ipv4_udp.pcap +0 -0
  59. data/spec/ipv6_icmp.pcap +0 -0
  60. data/spec/ipv6_spec.rb +4 -0
  61. data/spec/ipv6_udp.pcap +0 -0
  62. data/spec/lldp_spec.rb +36 -0
  63. data/spec/octets_spec.rb +43 -0
  64. data/spec/packet_spec.rb +24 -0
  65. data/spec/packetfu_spec.rb +6 -1
  66. data/spec/pcap_spec.rb +286 -0
  67. data/spec/pcapng/epb_spec.rb +81 -0
  68. data/spec/pcapng/file_spec.rb +295 -0
  69. data/spec/pcapng/file_spec_helper.rb +45 -0
  70. data/spec/pcapng/idb_spec.rb +53 -0
  71. data/spec/pcapng/shb_spec.rb +42 -0
  72. data/spec/pcapng/spb_spec.rb +43 -0
  73. data/spec/pcapng/unknown_block_spec.rb +36 -0
  74. data/spec/spec_helper.rb +3 -31
  75. data/spec/tcp_spec.rb +4 -1
  76. data/spec/udp_spec.rb +149 -1
  77. data/spec/utils_spec.rb +98 -15
  78. data/test/pcapng-test/output_be/advanced/test100.pcapng +0 -0
  79. data/test/pcapng-test/output_be/advanced/test100.txt +11 -0
  80. data/test/pcapng-test/output_be/advanced/test101.pcapng +0 -0
  81. data/test/pcapng-test/output_be/advanced/test101.txt +11 -0
  82. data/test/pcapng-test/output_be/advanced/test102.pcapng +0 -0
  83. data/test/pcapng-test/output_be/advanced/test102.txt +14 -0
  84. data/test/pcapng-test/output_be/basic/test001.pcapng +0 -0
  85. data/test/pcapng-test/output_be/basic/test001.txt +9 -0
  86. data/test/pcapng-test/output_be/basic/test002.pcapng +0 -0
  87. data/test/pcapng-test/output_be/basic/test002.txt +7 -0
  88. data/test/pcapng-test/output_be/basic/test003.pcapng +0 -0
  89. data/test/pcapng-test/output_be/basic/test003.txt +8 -0
  90. data/test/pcapng-test/output_be/basic/test004.pcapng +0 -0
  91. data/test/pcapng-test/output_be/basic/test004.txt +9 -0
  92. data/test/pcapng-test/output_be/basic/test005.pcapng +0 -0
  93. data/test/pcapng-test/output_be/basic/test005.txt +9 -0
  94. data/test/pcapng-test/output_be/basic/test006.pcapng +0 -0
  95. data/test/pcapng-test/output_be/basic/test006.txt +9 -0
  96. data/test/pcapng-test/output_be/basic/test007.pcapng +0 -0
  97. data/test/pcapng-test/output_be/basic/test007.txt +9 -0
  98. data/test/pcapng-test/output_be/basic/test008.pcapng +0 -0
  99. data/test/pcapng-test/output_be/basic/test008.txt +9 -0
  100. data/test/pcapng-test/output_be/basic/test009.pcapng +0 -0
  101. data/test/pcapng-test/output_be/basic/test009.txt +9 -0
  102. data/test/pcapng-test/output_be/basic/test010.pcapng +0 -0
  103. data/test/pcapng-test/output_be/basic/test010.txt +9 -0
  104. data/test/pcapng-test/output_be/basic/test011.pcapng +0 -0
  105. data/test/pcapng-test/output_be/basic/test011.txt +10 -0
  106. data/test/pcapng-test/output_be/basic/test012.pcapng +0 -0
  107. data/test/pcapng-test/output_be/basic/test012.txt +10 -0
  108. data/test/pcapng-test/output_be/basic/test013.pcapng +0 -0
  109. data/test/pcapng-test/output_be/basic/test013.txt +9 -0
  110. data/test/pcapng-test/output_be/basic/test014.pcapng +0 -0
  111. data/test/pcapng-test/output_be/basic/test014.txt +9 -0
  112. data/test/pcapng-test/output_be/basic/test015.pcapng +0 -0
  113. data/test/pcapng-test/output_be/basic/test015.txt +9 -0
  114. data/test/pcapng-test/output_be/basic/test016.pcapng +0 -0
  115. data/test/pcapng-test/output_be/basic/test016.txt +11 -0
  116. data/test/pcapng-test/output_be/basic/test017.pcapng +0 -0
  117. data/test/pcapng-test/output_be/basic/test017.txt +9 -0
  118. data/test/pcapng-test/output_be/basic/test018.pcapng +0 -0
  119. data/test/pcapng-test/output_be/basic/test018.txt +12 -0
  120. data/test/pcapng-test/output_be/difficult/test200.pcapng +0 -0
  121. data/test/pcapng-test/output_be/difficult/test200.txt +8 -0
  122. data/test/pcapng-test/output_be/difficult/test201.pcapng +0 -0
  123. data/test/pcapng-test/output_be/difficult/test201.txt +11 -0
  124. data/test/pcapng-test/output_be/difficult/test202.pcapng +0 -0
  125. data/test/pcapng-test/output_be/difficult/test202.txt +14 -0
  126. data/test/pcapng-test/output_le/advanced/test100.pcapng +0 -0
  127. data/test/pcapng-test/output_le/advanced/test100.txt +11 -0
  128. data/test/pcapng-test/output_le/advanced/test101.pcapng +0 -0
  129. data/test/pcapng-test/output_le/advanced/test101.txt +11 -0
  130. data/test/pcapng-test/output_le/advanced/test102.pcapng +0 -0
  131. data/test/pcapng-test/output_le/advanced/test102.txt +14 -0
  132. data/test/pcapng-test/output_le/basic/test001.pcapng +0 -0
  133. data/test/pcapng-test/output_le/basic/test001.txt +9 -0
  134. data/test/pcapng-test/output_le/basic/test002.pcapng +0 -0
  135. data/test/pcapng-test/output_le/basic/test002.txt +7 -0
  136. data/test/pcapng-test/output_le/basic/test003.pcapng +0 -0
  137. data/test/pcapng-test/output_le/basic/test003.txt +8 -0
  138. data/test/pcapng-test/output_le/basic/test004.pcapng +0 -0
  139. data/test/pcapng-test/output_le/basic/test004.txt +9 -0
  140. data/test/pcapng-test/output_le/basic/test005.pcapng +0 -0
  141. data/test/pcapng-test/output_le/basic/test005.txt +9 -0
  142. data/test/pcapng-test/output_le/basic/test006.pcapng +0 -0
  143. data/test/pcapng-test/output_le/basic/test006.txt +9 -0
  144. data/test/pcapng-test/output_le/basic/test007.pcapng +0 -0
  145. data/test/pcapng-test/output_le/basic/test007.txt +9 -0
  146. data/test/pcapng-test/output_le/basic/test008.pcapng +0 -0
  147. data/test/pcapng-test/output_le/basic/test008.txt +9 -0
  148. data/test/pcapng-test/output_le/basic/test009.pcapng +0 -0
  149. data/test/pcapng-test/output_le/basic/test009.txt +9 -0
  150. data/test/pcapng-test/output_le/basic/test010.pcapng +0 -0
  151. data/test/pcapng-test/output_le/basic/test010.txt +9 -0
  152. data/test/pcapng-test/output_le/basic/test011.pcapng +0 -0
  153. data/test/pcapng-test/output_le/basic/test011.txt +10 -0
  154. data/test/pcapng-test/output_le/basic/test012.pcapng +0 -0
  155. data/test/pcapng-test/output_le/basic/test012.txt +10 -0
  156. data/test/pcapng-test/output_le/basic/test013.pcapng +0 -0
  157. data/test/pcapng-test/output_le/basic/test013.txt +9 -0
  158. data/test/pcapng-test/output_le/basic/test014.pcapng +0 -0
  159. data/test/pcapng-test/output_le/basic/test014.txt +9 -0
  160. data/test/pcapng-test/output_le/basic/test015.pcapng +0 -0
  161. data/test/pcapng-test/output_le/basic/test015.txt +9 -0
  162. data/test/pcapng-test/output_le/basic/test016.pcapng +0 -0
  163. data/test/pcapng-test/output_le/basic/test016.txt +11 -0
  164. data/test/pcapng-test/output_le/basic/test017.pcapng +0 -0
  165. data/test/pcapng-test/output_le/basic/test017.txt +9 -0
  166. data/test/pcapng-test/output_le/basic/test018.pcapng +0 -0
  167. data/test/pcapng-test/output_le/basic/test018.txt +12 -0
  168. data/test/pcapng-test/output_le/difficult/test200.pcapng +0 -0
  169. data/test/pcapng-test/output_le/difficult/test200.txt +8 -0
  170. data/test/pcapng-test/output_le/difficult/test201.pcapng +0 -0
  171. data/test/pcapng-test/output_le/difficult/test201.txt +11 -0
  172. data/test/pcapng-test/output_le/difficult/test202.pcapng +0 -0
  173. data/test/pcapng-test/output_le/difficult/test202.txt +14 -0
  174. data/test/sample-ipv6.pcapng +0 -0
  175. data/test/sample-spb.pcapng +0 -0
  176. data/test/sample.pcapng +0 -0
  177. data/test/sample2.pcapng +0 -0
  178. metadata +190 -68
  179. checksums.yaml.gz.sig +0 -0
  180. data.tar.gz.sig +0 -2
  181. data/INSTALL.rdoc +0 -40
  182. data/README.rdoc +0 -64
  183. data/examples/examples.rb +0 -4
  184. data/setup.rb +0 -1586
  185. data/test/func_lldp.rb +0 -25
  186. data/test/ptest.rb +0 -16
  187. data/test/test_eth.rb +0 -93
  188. data/test/test_hsrp.rb +0 -20
  189. data/test/test_invalid.rb +0 -28
  190. data/test/test_octets.rb +0 -36
  191. data/test/test_pcap.rb +0 -211
  192. data/test/test_udp.rb +0 -100
  193. metadata.gz.sig +0 -2
data/test/func_lldp.rb DELETED
@@ -1,25 +0,0 @@
1
- #!/usr/bin/ruby
2
-
3
- # Functional test script contributed by @dmaciejak
4
- # Still need a real test set.
5
- $:.unshift File.join(File.expand_path(File.dirname(__FILE__)), "..", "lib")
6
- require 'packetfu'
7
-
8
- def lldp_pcap
9
- fname = "./sample_lldp.pcap"
10
- fname if File.readable? fname
11
- end
12
-
13
- def lldp_test()
14
- raise RuntimeError, "Need a sample_lldp.pcap to check!" unless lldp_pcap
15
- cap = PacketFu::PcapFile.new.file_to_array(:filename => lldp_pcap)
16
- cap.each do |p|
17
- pkt = PacketFu::Packet.parse p
18
- if pkt.is_lldp?
19
- packet_info = [pkt.proto.last, pkt.lldp_capabilty, pkt.lldp_address_type_readable, pkt.lldp_address, pkt.lldp_interface_type, pkt.lldp_interface]
20
- puts "%s | %15s | %15s | %15s | %15s | %15s |" % packet_info
21
- end
22
- end
23
- end
24
-
25
- lldp_test()
data/test/ptest.rb DELETED
@@ -1,16 +0,0 @@
1
- #!/usr/bin/env ruby
2
- $:.unshift File.expand_path(File.dirname(__FILE__) + "/../lib/")
3
- require 'pcaprub'
4
- require 'packetfu'
5
- include PacketFu
6
-
7
- if Process.euid.zero?
8
- puts ">> Interface: " << Pcap.lookupdev
9
- else
10
- puts ">> No interface access"
11
- end
12
- puts ">> Version: " << PacketFu.version
13
-
14
- # vim: nowrap sw=2 sts=0 ts=2 ff=unix ft=ruby
15
-
16
-
data/test/test_eth.rb DELETED
@@ -1,93 +0,0 @@
1
- #!/usr/bin/env ruby
2
- # -*- coding: binary -*-
3
-
4
- require 'test/unit'
5
- $:.unshift File.join(File.expand_path(File.dirname(__FILE__)), "..", "lib")
6
- require 'packetfu'
7
- puts "Testing #{PacketFu.version}: #{$0}"
8
-
9
- class EthTest < Test::Unit::TestCase
10
-
11
- def test_ethmac
12
- dst = "\x00\x03\x2f\x1a\x74\xde"
13
- e = PacketFu::EthMac.new
14
- e.read dst
15
- assert_equal(dst, e.to_s)
16
- assert_equal(0x32f, e.oui.oui)
17
- assert_equal("\x1a\x74\xde", e.nic.to_s)
18
- assert_equal(222, e.nic.n2)
19
- end
20
-
21
- def test_ethmac_ipad
22
- dst = "\x7c\x6d\x62\x01\x02\x03"
23
- e = PacketFu::EthMac.new
24
- e.read dst
25
- assert_equal(dst, e.to_s)
26
- assert_equal(0x6d62, e.oui.oui)
27
- end
28
-
29
- def test_ethmac_class
30
- src = "\x00\x1b\x11\x51\xb7\xce"
31
- e = PacketFu::EthMac.new
32
- e.read src
33
- assert_instance_of(PacketFu::EthMac, e)
34
- end
35
-
36
- def test_eth
37
- header = "00032f1a74de001b1151b7ce0800".scan(/../).map { |x| x.to_i(16) }.pack("C*")
38
- src = "\x00\x1b\x11\x51\xb7\xce"
39
- dst = "\x00\x03\x2f\x1a\x74\xde"
40
- e = PacketFu::EthHeader.new
41
- e.eth_dst = dst
42
- e.eth_src = src
43
- e.eth_proto = "\x08\x00"
44
- assert_equal(header, e.to_s)
45
- assert_equal(header, PacketFu::EthHeader.new.read(header).to_s)
46
- end
47
-
48
- def test_macaddr
49
- dst = "\x00\x03\x2f\x1a\x74\xde"
50
- dstmac = "00:03:2f:1a:74:de"
51
- assert_equal(dstmac,PacketFu::EthHeader.str2mac(dst))
52
- assert_equal(dst, PacketFu::EthHeader.mac2str(dstmac))
53
- end
54
-
55
- end
56
-
57
- class EthPacketTest < Test::Unit::TestCase
58
- include PacketFu
59
-
60
- def test_eth_create
61
- sample_packet = PcapFile.new.file_to_array(:f => 'sample.pcap')[0]
62
- e = EthPacket.new
63
- header = "00032f1a74de001b1151b7ce0800".scan(/../).map { |x| x.to_i(16) }.pack("C*")
64
- assert_kind_of EthPacket, e
65
- assert_kind_of EthHeader, e.headers[0]
66
- assert e.is_eth?
67
- assert !e.is_tcp?
68
- e.eth_dst = "\x00\x03\x2f\x1a\x74\xde"
69
- e.eth_src = "\x00\x1b\x11\x51\xb7\xce"
70
- e.eth_proto = 0x0800
71
- assert_equal header, e.to_s[0,14]
72
- end
73
-
74
- def test_eth_new
75
- p = EthPacket.new(
76
- :eth_dst => "\x00\x03\x2f\x1a\x74\xde",
77
- :eth_src => "\x00\x1b\x11\x51\xb7\xce",
78
- :eth_proto => 0x0800)
79
- header = "00032f1a74de001b1151b7ce0800".scan(/../).map { |x| x.to_i(16) }.pack("C*")
80
- assert_equal header, p.to_s[0,14]
81
- end
82
-
83
- def test_eth_write
84
- p = EthPacket.new(
85
- :eth_dst => "\x00\x03\x2f\x1a\x74\xde",
86
- :eth_src => "\x00\x1b\x11\x51\xb7\xce",
87
- :eth_proto => 0x0800)
88
- p.to_f('eth_test.pcap')
89
- end
90
-
91
- end
92
-
93
- # vim: nowrap sw=2 sts=0 ts=2 ff=unix ft=ruby
data/test/test_hsrp.rb DELETED
@@ -1,20 +0,0 @@
1
- #!/usr/bin/env ruby
2
- require 'test/unit'
3
- $:.unshift File.join(File.expand_path(File.dirname(__FILE__)), "..", "lib")
4
- require 'packetfu'
5
-
6
- class HSRPTest < Test::Unit::TestCase
7
- include PacketFu
8
-
9
- def test_hsrp_read
10
- sample_packet = PcapFile.new.file_to_array(:f => 'sample_hsrp_pcapr.cap')[0]
11
- pkt = Packet.parse(sample_packet)
12
- assert pkt.is_hsrp?
13
- assert pkt.is_udp?
14
- assert_equal(0x2d8d, pkt.udp_sum.to_i)
15
- # pkt.to_f('udp_test.pcap','a')
16
- end
17
-
18
- end
19
-
20
- # vim: nowrap sw=2 sts=0 ts=2 ff=unix ft=ruby
data/test/test_invalid.rb DELETED
@@ -1,28 +0,0 @@
1
- #!/usr/bin/env ruby
2
- require 'test/unit'
3
- $:.unshift File.join(File.expand_path(File.dirname(__FILE__)), "..", "lib")
4
- require 'packetfu'
5
-
6
- class InvalidTest < Test::Unit::TestCase
7
- include PacketFu
8
-
9
- def test_create_invalid
10
- p = InvalidPacket.new
11
- assert_kind_of InvalidPacket, p
12
- assert_kind_of Packet, p
13
- assert p.is_invalid?
14
- assert_equal false, p.is_eth?
15
- assert_not_equal EthPacket, p.class
16
- end
17
-
18
- # Sadly, the only way to generate an "InvalidPacket" is
19
- # to read a packet that's less than 14 bytes. Otherwise,
20
- # it's presumed to be an EthPacket. TODO: Fix this assumption!
21
- def test_parse_invalid
22
- p = Packet.parse("A" * 13)
23
- assert_kind_of InvalidPacket, p
24
- end
25
-
26
- end
27
-
28
- # vim: nowrap sw=2 sts=0 ts=2 ff=unix ft=ruby
data/test/test_octets.rb DELETED
@@ -1,36 +0,0 @@
1
- #!/usr/bin/env ruby
2
- # -*- coding: binary -*-
3
-
4
- require 'test/unit'
5
- $:.unshift File.join(File.expand_path(File.dirname(__FILE__)), "..", "lib")
6
- require 'packetfu'
7
-
8
- class OctetsTest < Test::Unit::TestCase
9
- include PacketFu
10
-
11
- def test_octets_read
12
- o = Octets.new
13
- o.read("\x04\x03\x02\x01")
14
- assert_equal("4.3.2.1", o.to_x)
15
- end
16
-
17
- def test_octets_read_quad
18
- o = Octets.new
19
- o.read_quad("1.2.3.4")
20
- assert_equal("1.2.3.4", o.to_x)
21
- assert_equal("\x01\x02\x03\x04", o.to_s)
22
- assert_equal(0x01020304, o.to_i)
23
- end
24
-
25
- def test_octets_single_octet
26
- o = Octets.new
27
- o.read("ABCD")
28
- assert_equal(o.o1, 0x41)
29
- assert_equal(o.o2, 0x42)
30
- assert_equal(o.o3, 0x43)
31
- assert_equal(o.o4, 0x44)
32
- end
33
-
34
- end
35
-
36
- # vim: nowrap sw=2 sts=0 ts=2 ff=unix ft=ruby
data/test/test_pcap.rb DELETED
@@ -1,211 +0,0 @@
1
- #!/usr/bin/env ruby
2
- # -*- coding: binary -*-
3
-
4
- require 'test/unit'
5
- $:.unshift File.join(File.expand_path(File.dirname(__FILE__)), "..", "lib")
6
- require 'packetfu'
7
-
8
- class PcapHeaderTest < Test::Unit::TestCase
9
- include PacketFu
10
- def setup
11
- @file = File.open('sample.pcap') {|f| f.read}
12
- @file.force_encoding "binary" if @file.respond_to? :force_encoding
13
- @file_magic = @file[0,4]
14
- @file_header = @file[0,24]
15
- end
16
-
17
- def test_header_size
18
- assert_equal(24, PcapHeader.new.sz)
19
- assert_equal(24, PcapHeader.new.sz)
20
- end
21
-
22
- # If this fails, the rest is pretty much for naught.
23
- def test_read_file
24
- assert_equal("\xd4\xc3\xb2\xa1", @file_magic) # yep, it's libpcap.
25
- end
26
-
27
- def test_endian_magic
28
- p = PcapHeader.new # usual case
29
- assert_equal(@file_magic, p.to_s[0,4])
30
- p = PcapHeader.new(:endian => :big)
31
- assert_equal("\xa1\xb2\xc3\xd4", p.to_s[0,4])
32
- end
33
-
34
- def test_header
35
- p = PcapHeader.new
36
- assert_equal(@file_header, p.to_s[0,24])
37
- p = PcapHeader.new(:endian => :big)
38
- assert_not_equal(@file_header, p.to_s[0,24])
39
- # We want to ensure our endianness is little or big.
40
- assert_raise(ArgumentError) {PcapHeader.new(:endian => :just_right)}
41
- end
42
-
43
- def test_header_read
44
- p = PcapHeader.new
45
- p.read @file
46
- assert_equal(@file_header,p.to_s)
47
- end
48
-
49
- end
50
-
51
- class TimestampTest < Test::Unit::TestCase
52
- include PacketFu
53
- def setup
54
- @file = File.open('sample.pcap') {|f| f.read}
55
- @ts = @file[24,8]
56
- end
57
-
58
- def test_timestamp_size
59
- assert_equal(3, Timestamp.new.size) # Number of elements
60
- assert_equal(8, Timestamp.new.sz) # Length of the string (in PacketFu)
61
- end
62
-
63
- def test_timestamp_read
64
- t = Timestamp.new
65
- t.read(@ts)
66
- assert_equal(@ts, t.to_s)
67
- end
68
- end
69
-
70
- class PcapPacketTest < Test::Unit::TestCase
71
- include PacketFu
72
- def setup
73
- @file = File.open('sample.pcap') {|f| f.read}
74
- @file.force_encoding "binary" if @file.respond_to? :force_encoding
75
- @header = @file[0,24]
76
- @packet = @file[24,100] # pkt is 78 bytes + 16 bytes pcap hdr == 94
77
- end
78
-
79
- def test_pcappacket_read
80
- p = PcapPacket.new :endian => :little
81
- p.read(@packet)
82
- assert_equal(78,@packet[8,4].unpack("V").first)
83
- assert_equal(@packet[8,4].unpack("V").first,p[:incl_len].to_i)
84
- assert_equal(@packet[0,94],p.to_s)
85
- end
86
-
87
- end
88
-
89
- class PcapPacketsTest < Test::Unit::TestCase
90
-
91
- include PacketFu
92
- def setup
93
- @file = File.open('sample.pcap') {|f| f.read}
94
- end
95
-
96
- def test_pcappackets_read
97
- p = PcapPackets.new
98
- p.read @file
99
- assert_equal(11,p.size)
100
- assert_equal(@file[24,@file.size],p.to_s)
101
- end
102
-
103
- end
104
-
105
- class PcapFileTest < Test::Unit::TestCase
106
- require 'digest/md5'
107
-
108
- include PacketFu
109
- def setup
110
- @file = File.open('sample.pcap') {|f| f.read}
111
- @md5 = '1be3b5082bb135c6f22de8801feb3495'
112
- end
113
-
114
- def test_pcapfile_read
115
- p = PcapFile.new
116
- p.read @file
117
- assert_equal(3,p.size)
118
- assert_equal(@file.size, p.sz)
119
- assert_equal(@file, p.to_s)
120
- end
121
-
122
- def test_pcapfile_file_to_array
123
- p = PcapFile.new.file_to_array(:filename => 'sample.pcap')
124
- assert_equal(@md5.downcase, Digest::MD5.hexdigest(@file).downcase)
125
- assert_instance_of(Array, p)
126
- assert_instance_of(String, p[0])
127
- assert_equal(11,p.size)
128
- assert_equal(78,p[0].size)
129
- assert_equal(94,p[1].size)
130
- assert_equal(74,p[10].size)
131
- end
132
-
133
- def test_pcapfile_read_and_write
134
- File.unlink('out.pcap') if File.exists? 'out.pcap'
135
- p = PcapFile.new
136
- p.read @file
137
- p.to_file(:filename => 'out.pcap')
138
- @newfile = File.open('out.pcap') {|f| f.read(f.stat.size)}
139
- @newfile.force_encoding "binary" if @newfile.respond_to? :force_encoding
140
- assert_equal(@file, @newfile)
141
- p.to_file(:filename => 'out.pcap', :append => true)
142
- packet_array = PcapFile.new.f2a(:filename => 'out.pcap')
143
- assert_equal(22, packet_array.size)
144
- end
145
-
146
- def test_pcapfile_write_after_recalc
147
- File.unlink('out.pcap') if File.exists? 'out.pcap'
148
- pcaps = PcapFile.new.file_to_array(:filename => 'sample.pcap')
149
- pcaps.each {|pkt|
150
- p = Packet.parse pkt
151
- p.recalc
152
- p.to_f('out.pcap','a')
153
- }
154
- packet_array = PcapFile.new.f2a(:filename => 'out.pcap')
155
- assert_equal(11, packet_array.size)
156
- File.unlink('out.pcap')
157
- end
158
-
159
- def test_pcapfile_read_and_write_timestamps
160
- File.unlink('out.pcap') if File.exists? 'out.pcap'
161
- pf = PcapFile.new
162
- arr = pf.file_to_array(:filename => 'sample.pcap')
163
- assert_equal(11, arr.size)
164
- pf = PcapFile.new
165
- pf.a2f(:array => arr, :f => 'out.pcap', :ts_inc => 4,
166
- :timestamp => Time.now.to_i - 1_000_000)
167
- diff_time = pf.body[0].timestamp.sec.to_i - pf.body[1].timestamp.sec.to_i
168
- assert_equal(-4, diff_time)
169
- File.unlink('out.pcap')
170
- end
171
-
172
- end
173
-
174
- # Test the legacy Read objects.
175
- class ReadTest < Test::Unit::TestCase
176
-
177
- include PacketFu
178
-
179
- def test_read_string
180
- pkts = Read.file_to_array(:file => 'sample.pcap')
181
- assert_kind_of Array, pkts
182
- assert_equal 11, pkts.size
183
- this_packet = Packet.parse pkts[0]
184
- assert_kind_of UDPPacket, this_packet
185
- that_packet = Packet.parse pkts[3]
186
- assert_kind_of ICMPPacket, that_packet
187
- end
188
-
189
- def test_read_hash
190
- pkts = Read.file_to_array(:file => 'sample.pcap', :ts => true)
191
- assert_kind_of Array, pkts
192
- assert_equal 11, pkts.size
193
- this_packet = Packet.parse pkts[0].values.first
194
- assert_kind_of UDPPacket, this_packet
195
- that_packet = Packet.parse pkts[3].values.first
196
- assert_kind_of ICMPPacket, that_packet
197
- end
198
-
199
- end
200
-
201
- class WriteTest < Test::Unit::TestCase
202
-
203
- include PacketFu
204
-
205
- def test_write
206
-
207
- end
208
-
209
- end
210
-
211
- # vim: nowrap sw=2 sts=0 ts=2 ff=unix ft=ruby
data/test/test_udp.rb DELETED
@@ -1,100 +0,0 @@
1
- #!/usr/bin/env ruby
2
- # -*- coding: binary -*-
3
-
4
- require 'test/unit'
5
- $:.unshift File.join(File.expand_path(File.dirname(__FILE__)), "..", "lib")
6
- require 'packetfu'
7
-
8
- class String
9
- def bin
10
- self.scan(/../).map {|x| x.to_i(16).chr}.join
11
- end
12
- end
13
-
14
- class UDPTest < Test::Unit::TestCase
15
- include PacketFu
16
-
17
- def test_udp_header_new
18
- u = UDPHeader.new
19
- assert_kind_of UDPHeader, u
20
- assert_equal(8, u.to_s.size)
21
- assert_equal("\x00\x00\x00\x00\x00\x08\x00\x00", u.to_s)
22
- end
23
-
24
- def test_udp_peek
25
- u = UDPPacket.new
26
- u.ip_saddr = "10.20.30.40"
27
- u.ip_daddr = "50.60.70.80"
28
- u.udp_src = 53
29
- u.udp_dport = 1305
30
- u.payload = "abcdefghijklmnopqrstuvwxyz"
31
- u.recalc
32
- puts "\n"
33
- puts "UDP Peek format: "
34
- puts u.peek
35
- assert (u.peek.size <= 80)
36
- end
37
-
38
- def test_udp_pcap
39
- u = UDPPacket.new
40
- assert_kind_of UDPPacket, u
41
- u.recalc
42
- u.to_f('udp_test.pcap','a')
43
- u.ip_saddr = "10.20.30.40"
44
- u.ip_daddr = "50.60.70.80"
45
- u.payload = "+some fakey-fake udp packet"
46
- u.udp_src = 1205
47
- u.udp_dst = 13013
48
- u.recalc
49
- u.to_f('udp_test.pcap','a')
50
- end
51
-
52
- def test_udp_read
53
- sample_packet = PcapFile.new.file_to_array(:f => 'sample.pcap')[0]
54
- pkt = Packet.parse(sample_packet)
55
- assert_kind_of UDPPacket, pkt
56
- assert_equal(0x8bf8, pkt.udp_sum.to_i)
57
- pkt.to_f('udp_test.pcap','a')
58
- end
59
-
60
- def test_udp_checksum
61
- sample_packet = PcapFile.new.file_to_array(:f => 'sample.pcap')[0]
62
- pkt = Packet.parse(sample_packet)
63
- assert_kind_of UDPPacket, pkt
64
- pkt.recalc
65
- assert_equal(0x8bf8, pkt.udp_sum.to_i)
66
- pkt.to_f('udp_test.pcap','a')
67
- end
68
-
69
- def test_udp_read_strip
70
- str = "01005e7ffffa100ba9eb63400800450000a12d7c0000011159b446a5fb7ceffffffacdf3076c008d516e4d2d534541524348202a20485454502f312e310d0a486f73743a3233392e3235352e3235352e3235303a313930300d0a53543a75726e3a736368656d61732d75706e702d6f72673a6465766963653a496e7465726e6574476174657761794465766963653a310d0a4d616e3a22737364703a646973636f766572220d0a4d583a330d0a0d0a".bin
71
- str << "0102".bin # Tacking on a couple extra bites tht we'll strip off.
72
- not_stripped = UDPPacket.new
73
- not_stripped.read(str)
74
- assert_equal 135, not_stripped.udp_header.body.length
75
- stripped = UDPPacket.new
76
- stripped.read(str, :strip => true)
77
- assert_equal 133, stripped.udp_header.body.length
78
- end
79
-
80
- def test_udp_alter
81
- sample_packet = PcapFile.new.file_to_array(:f => 'sample.pcap')[0]
82
- pkt = Packet.parse(sample_packet)
83
- assert_kind_of UDPPacket, pkt
84
- pkt.payload = pkt.payload.gsub(/metasploit/,"MeatPistol")
85
- pkt.recalc
86
- assert_equal(0x8341, pkt.udp_sum)
87
- pkt.to_f('udp_test.pcap','a')
88
- end
89
-
90
- def test_udp_reread
91
- sample_packet = PacketFu::UDPPacket.new
92
- pkt = Packet.parse(sample_packet.to_s)
93
- assert sample_packet.is_udp?
94
- assert pkt.is_udp?
95
- end
96
-
97
-
98
- end
99
-
100
- # vim: nowrap sw=2 sts=0 ts=2 ff=unix ft=ruby