packetfu 1.1.11 → 1.1.12.pre

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (193) hide show
  1. checksums.yaml +4 -4
  2. data/.gitignore +3 -1
  3. data/.rspec +2 -0
  4. data/.travis.yml +2 -3
  5. data/README.md +127 -0
  6. data/examples/100kpackets.rb +11 -10
  7. data/examples/ackscan.rb +4 -1
  8. data/examples/arp.rb +4 -5
  9. data/examples/arphood.rb +5 -4
  10. data/examples/dissect_thinger.rb +10 -7
  11. data/examples/ethernet.rb +8 -3
  12. data/examples/ids.rb +22 -4
  13. data/examples/idsv2.rb +25 -6
  14. data/examples/ifconfig.rb +6 -3
  15. data/examples/new-simple-stats.rb +5 -6
  16. data/examples/packetfu-shell.rb +11 -48
  17. data/examples/pcap2pcapng.rb +32 -0
  18. data/examples/simple-sniffer.rb +9 -4
  19. data/examples/simple-stats.rb +7 -8
  20. data/examples/slammer.rb +2 -2
  21. data/examples/uniqpcap.rb +17 -7
  22. data/lib/packetfu.rb +10 -175
  23. data/lib/packetfu/capture.rb +2 -2
  24. data/lib/packetfu/common.rb +142 -0
  25. data/lib/packetfu/config.rb +8 -8
  26. data/lib/packetfu/inject.rb +3 -3
  27. data/lib/packetfu/packet.rb +22 -18
  28. data/lib/packetfu/pcap.rb +2 -1
  29. data/lib/packetfu/pcapng.rb +37 -0
  30. data/lib/packetfu/pcapng/block.rb +25 -0
  31. data/lib/packetfu/pcapng/epb.rb +112 -0
  32. data/lib/packetfu/pcapng/file.rb +316 -0
  33. data/lib/packetfu/pcapng/idb.rb +125 -0
  34. data/lib/packetfu/pcapng/shb.rb +146 -0
  35. data/lib/packetfu/pcapng/spb.rb +83 -0
  36. data/lib/packetfu/pcapng/unknown_block.rb +60 -0
  37. data/lib/packetfu/protos.rb +3 -0
  38. data/lib/packetfu/protos/arp.rb +10 -10
  39. data/lib/packetfu/protos/icmpv6.rb +131 -0
  40. data/lib/packetfu/protos/icmpv6/header.rb +69 -0
  41. data/lib/packetfu/protos/icmpv6/mixin.rb +14 -0
  42. data/lib/packetfu/protos/ip.rb +4 -5
  43. data/lib/packetfu/protos/ipv6/header.rb +2 -0
  44. data/lib/packetfu/protos/udp.rb +24 -12
  45. data/lib/packetfu/structfu.rb +27 -0
  46. data/lib/packetfu/utils.rb +55 -9
  47. data/lib/packetfu/version.rb +1 -1
  48. data/packetfu.gemspec +13 -7
  49. data/spec/arp_spec.rb +11 -5
  50. data/spec/eth_spec.rb +20 -11
  51. data/spec/fake_packets.rb +28 -0
  52. data/spec/hsrp_spec.rb +15 -0
  53. data/spec/icmp_spec.rb +12 -5
  54. data/spec/icmpv6_spec.rb +98 -0
  55. data/spec/invalid_spec.rb +28 -0
  56. data/spec/ip_spec.rb +10 -5
  57. data/spec/ipv4_icmp.pcap +0 -0
  58. data/spec/ipv4_udp.pcap +0 -0
  59. data/spec/ipv6_icmp.pcap +0 -0
  60. data/spec/ipv6_spec.rb +4 -0
  61. data/spec/ipv6_udp.pcap +0 -0
  62. data/spec/lldp_spec.rb +36 -0
  63. data/spec/octets_spec.rb +43 -0
  64. data/spec/packet_spec.rb +24 -0
  65. data/spec/packetfu_spec.rb +6 -1
  66. data/spec/pcap_spec.rb +286 -0
  67. data/spec/pcapng/epb_spec.rb +81 -0
  68. data/spec/pcapng/file_spec.rb +295 -0
  69. data/spec/pcapng/file_spec_helper.rb +45 -0
  70. data/spec/pcapng/idb_spec.rb +53 -0
  71. data/spec/pcapng/shb_spec.rb +42 -0
  72. data/spec/pcapng/spb_spec.rb +43 -0
  73. data/spec/pcapng/unknown_block_spec.rb +36 -0
  74. data/spec/spec_helper.rb +3 -31
  75. data/spec/tcp_spec.rb +4 -1
  76. data/spec/udp_spec.rb +149 -1
  77. data/spec/utils_spec.rb +98 -15
  78. data/test/pcapng-test/output_be/advanced/test100.pcapng +0 -0
  79. data/test/pcapng-test/output_be/advanced/test100.txt +11 -0
  80. data/test/pcapng-test/output_be/advanced/test101.pcapng +0 -0
  81. data/test/pcapng-test/output_be/advanced/test101.txt +11 -0
  82. data/test/pcapng-test/output_be/advanced/test102.pcapng +0 -0
  83. data/test/pcapng-test/output_be/advanced/test102.txt +14 -0
  84. data/test/pcapng-test/output_be/basic/test001.pcapng +0 -0
  85. data/test/pcapng-test/output_be/basic/test001.txt +9 -0
  86. data/test/pcapng-test/output_be/basic/test002.pcapng +0 -0
  87. data/test/pcapng-test/output_be/basic/test002.txt +7 -0
  88. data/test/pcapng-test/output_be/basic/test003.pcapng +0 -0
  89. data/test/pcapng-test/output_be/basic/test003.txt +8 -0
  90. data/test/pcapng-test/output_be/basic/test004.pcapng +0 -0
  91. data/test/pcapng-test/output_be/basic/test004.txt +9 -0
  92. data/test/pcapng-test/output_be/basic/test005.pcapng +0 -0
  93. data/test/pcapng-test/output_be/basic/test005.txt +9 -0
  94. data/test/pcapng-test/output_be/basic/test006.pcapng +0 -0
  95. data/test/pcapng-test/output_be/basic/test006.txt +9 -0
  96. data/test/pcapng-test/output_be/basic/test007.pcapng +0 -0
  97. data/test/pcapng-test/output_be/basic/test007.txt +9 -0
  98. data/test/pcapng-test/output_be/basic/test008.pcapng +0 -0
  99. data/test/pcapng-test/output_be/basic/test008.txt +9 -0
  100. data/test/pcapng-test/output_be/basic/test009.pcapng +0 -0
  101. data/test/pcapng-test/output_be/basic/test009.txt +9 -0
  102. data/test/pcapng-test/output_be/basic/test010.pcapng +0 -0
  103. data/test/pcapng-test/output_be/basic/test010.txt +9 -0
  104. data/test/pcapng-test/output_be/basic/test011.pcapng +0 -0
  105. data/test/pcapng-test/output_be/basic/test011.txt +10 -0
  106. data/test/pcapng-test/output_be/basic/test012.pcapng +0 -0
  107. data/test/pcapng-test/output_be/basic/test012.txt +10 -0
  108. data/test/pcapng-test/output_be/basic/test013.pcapng +0 -0
  109. data/test/pcapng-test/output_be/basic/test013.txt +9 -0
  110. data/test/pcapng-test/output_be/basic/test014.pcapng +0 -0
  111. data/test/pcapng-test/output_be/basic/test014.txt +9 -0
  112. data/test/pcapng-test/output_be/basic/test015.pcapng +0 -0
  113. data/test/pcapng-test/output_be/basic/test015.txt +9 -0
  114. data/test/pcapng-test/output_be/basic/test016.pcapng +0 -0
  115. data/test/pcapng-test/output_be/basic/test016.txt +11 -0
  116. data/test/pcapng-test/output_be/basic/test017.pcapng +0 -0
  117. data/test/pcapng-test/output_be/basic/test017.txt +9 -0
  118. data/test/pcapng-test/output_be/basic/test018.pcapng +0 -0
  119. data/test/pcapng-test/output_be/basic/test018.txt +12 -0
  120. data/test/pcapng-test/output_be/difficult/test200.pcapng +0 -0
  121. data/test/pcapng-test/output_be/difficult/test200.txt +8 -0
  122. data/test/pcapng-test/output_be/difficult/test201.pcapng +0 -0
  123. data/test/pcapng-test/output_be/difficult/test201.txt +11 -0
  124. data/test/pcapng-test/output_be/difficult/test202.pcapng +0 -0
  125. data/test/pcapng-test/output_be/difficult/test202.txt +14 -0
  126. data/test/pcapng-test/output_le/advanced/test100.pcapng +0 -0
  127. data/test/pcapng-test/output_le/advanced/test100.txt +11 -0
  128. data/test/pcapng-test/output_le/advanced/test101.pcapng +0 -0
  129. data/test/pcapng-test/output_le/advanced/test101.txt +11 -0
  130. data/test/pcapng-test/output_le/advanced/test102.pcapng +0 -0
  131. data/test/pcapng-test/output_le/advanced/test102.txt +14 -0
  132. data/test/pcapng-test/output_le/basic/test001.pcapng +0 -0
  133. data/test/pcapng-test/output_le/basic/test001.txt +9 -0
  134. data/test/pcapng-test/output_le/basic/test002.pcapng +0 -0
  135. data/test/pcapng-test/output_le/basic/test002.txt +7 -0
  136. data/test/pcapng-test/output_le/basic/test003.pcapng +0 -0
  137. data/test/pcapng-test/output_le/basic/test003.txt +8 -0
  138. data/test/pcapng-test/output_le/basic/test004.pcapng +0 -0
  139. data/test/pcapng-test/output_le/basic/test004.txt +9 -0
  140. data/test/pcapng-test/output_le/basic/test005.pcapng +0 -0
  141. data/test/pcapng-test/output_le/basic/test005.txt +9 -0
  142. data/test/pcapng-test/output_le/basic/test006.pcapng +0 -0
  143. data/test/pcapng-test/output_le/basic/test006.txt +9 -0
  144. data/test/pcapng-test/output_le/basic/test007.pcapng +0 -0
  145. data/test/pcapng-test/output_le/basic/test007.txt +9 -0
  146. data/test/pcapng-test/output_le/basic/test008.pcapng +0 -0
  147. data/test/pcapng-test/output_le/basic/test008.txt +9 -0
  148. data/test/pcapng-test/output_le/basic/test009.pcapng +0 -0
  149. data/test/pcapng-test/output_le/basic/test009.txt +9 -0
  150. data/test/pcapng-test/output_le/basic/test010.pcapng +0 -0
  151. data/test/pcapng-test/output_le/basic/test010.txt +9 -0
  152. data/test/pcapng-test/output_le/basic/test011.pcapng +0 -0
  153. data/test/pcapng-test/output_le/basic/test011.txt +10 -0
  154. data/test/pcapng-test/output_le/basic/test012.pcapng +0 -0
  155. data/test/pcapng-test/output_le/basic/test012.txt +10 -0
  156. data/test/pcapng-test/output_le/basic/test013.pcapng +0 -0
  157. data/test/pcapng-test/output_le/basic/test013.txt +9 -0
  158. data/test/pcapng-test/output_le/basic/test014.pcapng +0 -0
  159. data/test/pcapng-test/output_le/basic/test014.txt +9 -0
  160. data/test/pcapng-test/output_le/basic/test015.pcapng +0 -0
  161. data/test/pcapng-test/output_le/basic/test015.txt +9 -0
  162. data/test/pcapng-test/output_le/basic/test016.pcapng +0 -0
  163. data/test/pcapng-test/output_le/basic/test016.txt +11 -0
  164. data/test/pcapng-test/output_le/basic/test017.pcapng +0 -0
  165. data/test/pcapng-test/output_le/basic/test017.txt +9 -0
  166. data/test/pcapng-test/output_le/basic/test018.pcapng +0 -0
  167. data/test/pcapng-test/output_le/basic/test018.txt +12 -0
  168. data/test/pcapng-test/output_le/difficult/test200.pcapng +0 -0
  169. data/test/pcapng-test/output_le/difficult/test200.txt +8 -0
  170. data/test/pcapng-test/output_le/difficult/test201.pcapng +0 -0
  171. data/test/pcapng-test/output_le/difficult/test201.txt +11 -0
  172. data/test/pcapng-test/output_le/difficult/test202.pcapng +0 -0
  173. data/test/pcapng-test/output_le/difficult/test202.txt +14 -0
  174. data/test/sample-ipv6.pcapng +0 -0
  175. data/test/sample-spb.pcapng +0 -0
  176. data/test/sample.pcapng +0 -0
  177. data/test/sample2.pcapng +0 -0
  178. metadata +190 -68
  179. checksums.yaml.gz.sig +0 -0
  180. data.tar.gz.sig +0 -2
  181. data/INSTALL.rdoc +0 -40
  182. data/README.rdoc +0 -64
  183. data/examples/examples.rb +0 -4
  184. data/setup.rb +0 -1586
  185. data/test/func_lldp.rb +0 -25
  186. data/test/ptest.rb +0 -16
  187. data/test/test_eth.rb +0 -93
  188. data/test/test_hsrp.rb +0 -20
  189. data/test/test_invalid.rb +0 -28
  190. data/test/test_octets.rb +0 -36
  191. data/test/test_pcap.rb +0 -211
  192. data/test/test_udp.rb +0 -100
  193. metadata.gz.sig +0 -2
data/test/func_lldp.rb DELETED
@@ -1,25 +0,0 @@
1
- #!/usr/bin/ruby
2
-
3
- # Functional test script contributed by @dmaciejak
4
- # Still need a real test set.
5
- $:.unshift File.join(File.expand_path(File.dirname(__FILE__)), "..", "lib")
6
- require 'packetfu'
7
-
8
- def lldp_pcap
9
- fname = "./sample_lldp.pcap"
10
- fname if File.readable? fname
11
- end
12
-
13
- def lldp_test()
14
- raise RuntimeError, "Need a sample_lldp.pcap to check!" unless lldp_pcap
15
- cap = PacketFu::PcapFile.new.file_to_array(:filename => lldp_pcap)
16
- cap.each do |p|
17
- pkt = PacketFu::Packet.parse p
18
- if pkt.is_lldp?
19
- packet_info = [pkt.proto.last, pkt.lldp_capabilty, pkt.lldp_address_type_readable, pkt.lldp_address, pkt.lldp_interface_type, pkt.lldp_interface]
20
- puts "%s | %15s | %15s | %15s | %15s | %15s |" % packet_info
21
- end
22
- end
23
- end
24
-
25
- lldp_test()
data/test/ptest.rb DELETED
@@ -1,16 +0,0 @@
1
- #!/usr/bin/env ruby
2
- $:.unshift File.expand_path(File.dirname(__FILE__) + "/../lib/")
3
- require 'pcaprub'
4
- require 'packetfu'
5
- include PacketFu
6
-
7
- if Process.euid.zero?
8
- puts ">> Interface: " << Pcap.lookupdev
9
- else
10
- puts ">> No interface access"
11
- end
12
- puts ">> Version: " << PacketFu.version
13
-
14
- # vim: nowrap sw=2 sts=0 ts=2 ff=unix ft=ruby
15
-
16
-
data/test/test_eth.rb DELETED
@@ -1,93 +0,0 @@
1
- #!/usr/bin/env ruby
2
- # -*- coding: binary -*-
3
-
4
- require 'test/unit'
5
- $:.unshift File.join(File.expand_path(File.dirname(__FILE__)), "..", "lib")
6
- require 'packetfu'
7
- puts "Testing #{PacketFu.version}: #{$0}"
8
-
9
- class EthTest < Test::Unit::TestCase
10
-
11
- def test_ethmac
12
- dst = "\x00\x03\x2f\x1a\x74\xde"
13
- e = PacketFu::EthMac.new
14
- e.read dst
15
- assert_equal(dst, e.to_s)
16
- assert_equal(0x32f, e.oui.oui)
17
- assert_equal("\x1a\x74\xde", e.nic.to_s)
18
- assert_equal(222, e.nic.n2)
19
- end
20
-
21
- def test_ethmac_ipad
22
- dst = "\x7c\x6d\x62\x01\x02\x03"
23
- e = PacketFu::EthMac.new
24
- e.read dst
25
- assert_equal(dst, e.to_s)
26
- assert_equal(0x6d62, e.oui.oui)
27
- end
28
-
29
- def test_ethmac_class
30
- src = "\x00\x1b\x11\x51\xb7\xce"
31
- e = PacketFu::EthMac.new
32
- e.read src
33
- assert_instance_of(PacketFu::EthMac, e)
34
- end
35
-
36
- def test_eth
37
- header = "00032f1a74de001b1151b7ce0800".scan(/../).map { |x| x.to_i(16) }.pack("C*")
38
- src = "\x00\x1b\x11\x51\xb7\xce"
39
- dst = "\x00\x03\x2f\x1a\x74\xde"
40
- e = PacketFu::EthHeader.new
41
- e.eth_dst = dst
42
- e.eth_src = src
43
- e.eth_proto = "\x08\x00"
44
- assert_equal(header, e.to_s)
45
- assert_equal(header, PacketFu::EthHeader.new.read(header).to_s)
46
- end
47
-
48
- def test_macaddr
49
- dst = "\x00\x03\x2f\x1a\x74\xde"
50
- dstmac = "00:03:2f:1a:74:de"
51
- assert_equal(dstmac,PacketFu::EthHeader.str2mac(dst))
52
- assert_equal(dst, PacketFu::EthHeader.mac2str(dstmac))
53
- end
54
-
55
- end
56
-
57
- class EthPacketTest < Test::Unit::TestCase
58
- include PacketFu
59
-
60
- def test_eth_create
61
- sample_packet = PcapFile.new.file_to_array(:f => 'sample.pcap')[0]
62
- e = EthPacket.new
63
- header = "00032f1a74de001b1151b7ce0800".scan(/../).map { |x| x.to_i(16) }.pack("C*")
64
- assert_kind_of EthPacket, e
65
- assert_kind_of EthHeader, e.headers[0]
66
- assert e.is_eth?
67
- assert !e.is_tcp?
68
- e.eth_dst = "\x00\x03\x2f\x1a\x74\xde"
69
- e.eth_src = "\x00\x1b\x11\x51\xb7\xce"
70
- e.eth_proto = 0x0800
71
- assert_equal header, e.to_s[0,14]
72
- end
73
-
74
- def test_eth_new
75
- p = EthPacket.new(
76
- :eth_dst => "\x00\x03\x2f\x1a\x74\xde",
77
- :eth_src => "\x00\x1b\x11\x51\xb7\xce",
78
- :eth_proto => 0x0800)
79
- header = "00032f1a74de001b1151b7ce0800".scan(/../).map { |x| x.to_i(16) }.pack("C*")
80
- assert_equal header, p.to_s[0,14]
81
- end
82
-
83
- def test_eth_write
84
- p = EthPacket.new(
85
- :eth_dst => "\x00\x03\x2f\x1a\x74\xde",
86
- :eth_src => "\x00\x1b\x11\x51\xb7\xce",
87
- :eth_proto => 0x0800)
88
- p.to_f('eth_test.pcap')
89
- end
90
-
91
- end
92
-
93
- # vim: nowrap sw=2 sts=0 ts=2 ff=unix ft=ruby
data/test/test_hsrp.rb DELETED
@@ -1,20 +0,0 @@
1
- #!/usr/bin/env ruby
2
- require 'test/unit'
3
- $:.unshift File.join(File.expand_path(File.dirname(__FILE__)), "..", "lib")
4
- require 'packetfu'
5
-
6
- class HSRPTest < Test::Unit::TestCase
7
- include PacketFu
8
-
9
- def test_hsrp_read
10
- sample_packet = PcapFile.new.file_to_array(:f => 'sample_hsrp_pcapr.cap')[0]
11
- pkt = Packet.parse(sample_packet)
12
- assert pkt.is_hsrp?
13
- assert pkt.is_udp?
14
- assert_equal(0x2d8d, pkt.udp_sum.to_i)
15
- # pkt.to_f('udp_test.pcap','a')
16
- end
17
-
18
- end
19
-
20
- # vim: nowrap sw=2 sts=0 ts=2 ff=unix ft=ruby
data/test/test_invalid.rb DELETED
@@ -1,28 +0,0 @@
1
- #!/usr/bin/env ruby
2
- require 'test/unit'
3
- $:.unshift File.join(File.expand_path(File.dirname(__FILE__)), "..", "lib")
4
- require 'packetfu'
5
-
6
- class InvalidTest < Test::Unit::TestCase
7
- include PacketFu
8
-
9
- def test_create_invalid
10
- p = InvalidPacket.new
11
- assert_kind_of InvalidPacket, p
12
- assert_kind_of Packet, p
13
- assert p.is_invalid?
14
- assert_equal false, p.is_eth?
15
- assert_not_equal EthPacket, p.class
16
- end
17
-
18
- # Sadly, the only way to generate an "InvalidPacket" is
19
- # to read a packet that's less than 14 bytes. Otherwise,
20
- # it's presumed to be an EthPacket. TODO: Fix this assumption!
21
- def test_parse_invalid
22
- p = Packet.parse("A" * 13)
23
- assert_kind_of InvalidPacket, p
24
- end
25
-
26
- end
27
-
28
- # vim: nowrap sw=2 sts=0 ts=2 ff=unix ft=ruby
data/test/test_octets.rb DELETED
@@ -1,36 +0,0 @@
1
- #!/usr/bin/env ruby
2
- # -*- coding: binary -*-
3
-
4
- require 'test/unit'
5
- $:.unshift File.join(File.expand_path(File.dirname(__FILE__)), "..", "lib")
6
- require 'packetfu'
7
-
8
- class OctetsTest < Test::Unit::TestCase
9
- include PacketFu
10
-
11
- def test_octets_read
12
- o = Octets.new
13
- o.read("\x04\x03\x02\x01")
14
- assert_equal("4.3.2.1", o.to_x)
15
- end
16
-
17
- def test_octets_read_quad
18
- o = Octets.new
19
- o.read_quad("1.2.3.4")
20
- assert_equal("1.2.3.4", o.to_x)
21
- assert_equal("\x01\x02\x03\x04", o.to_s)
22
- assert_equal(0x01020304, o.to_i)
23
- end
24
-
25
- def test_octets_single_octet
26
- o = Octets.new
27
- o.read("ABCD")
28
- assert_equal(o.o1, 0x41)
29
- assert_equal(o.o2, 0x42)
30
- assert_equal(o.o3, 0x43)
31
- assert_equal(o.o4, 0x44)
32
- end
33
-
34
- end
35
-
36
- # vim: nowrap sw=2 sts=0 ts=2 ff=unix ft=ruby
data/test/test_pcap.rb DELETED
@@ -1,211 +0,0 @@
1
- #!/usr/bin/env ruby
2
- # -*- coding: binary -*-
3
-
4
- require 'test/unit'
5
- $:.unshift File.join(File.expand_path(File.dirname(__FILE__)), "..", "lib")
6
- require 'packetfu'
7
-
8
- class PcapHeaderTest < Test::Unit::TestCase
9
- include PacketFu
10
- def setup
11
- @file = File.open('sample.pcap') {|f| f.read}
12
- @file.force_encoding "binary" if @file.respond_to? :force_encoding
13
- @file_magic = @file[0,4]
14
- @file_header = @file[0,24]
15
- end
16
-
17
- def test_header_size
18
- assert_equal(24, PcapHeader.new.sz)
19
- assert_equal(24, PcapHeader.new.sz)
20
- end
21
-
22
- # If this fails, the rest is pretty much for naught.
23
- def test_read_file
24
- assert_equal("\xd4\xc3\xb2\xa1", @file_magic) # yep, it's libpcap.
25
- end
26
-
27
- def test_endian_magic
28
- p = PcapHeader.new # usual case
29
- assert_equal(@file_magic, p.to_s[0,4])
30
- p = PcapHeader.new(:endian => :big)
31
- assert_equal("\xa1\xb2\xc3\xd4", p.to_s[0,4])
32
- end
33
-
34
- def test_header
35
- p = PcapHeader.new
36
- assert_equal(@file_header, p.to_s[0,24])
37
- p = PcapHeader.new(:endian => :big)
38
- assert_not_equal(@file_header, p.to_s[0,24])
39
- # We want to ensure our endianness is little or big.
40
- assert_raise(ArgumentError) {PcapHeader.new(:endian => :just_right)}
41
- end
42
-
43
- def test_header_read
44
- p = PcapHeader.new
45
- p.read @file
46
- assert_equal(@file_header,p.to_s)
47
- end
48
-
49
- end
50
-
51
- class TimestampTest < Test::Unit::TestCase
52
- include PacketFu
53
- def setup
54
- @file = File.open('sample.pcap') {|f| f.read}
55
- @ts = @file[24,8]
56
- end
57
-
58
- def test_timestamp_size
59
- assert_equal(3, Timestamp.new.size) # Number of elements
60
- assert_equal(8, Timestamp.new.sz) # Length of the string (in PacketFu)
61
- end
62
-
63
- def test_timestamp_read
64
- t = Timestamp.new
65
- t.read(@ts)
66
- assert_equal(@ts, t.to_s)
67
- end
68
- end
69
-
70
- class PcapPacketTest < Test::Unit::TestCase
71
- include PacketFu
72
- def setup
73
- @file = File.open('sample.pcap') {|f| f.read}
74
- @file.force_encoding "binary" if @file.respond_to? :force_encoding
75
- @header = @file[0,24]
76
- @packet = @file[24,100] # pkt is 78 bytes + 16 bytes pcap hdr == 94
77
- end
78
-
79
- def test_pcappacket_read
80
- p = PcapPacket.new :endian => :little
81
- p.read(@packet)
82
- assert_equal(78,@packet[8,4].unpack("V").first)
83
- assert_equal(@packet[8,4].unpack("V").first,p[:incl_len].to_i)
84
- assert_equal(@packet[0,94],p.to_s)
85
- end
86
-
87
- end
88
-
89
- class PcapPacketsTest < Test::Unit::TestCase
90
-
91
- include PacketFu
92
- def setup
93
- @file = File.open('sample.pcap') {|f| f.read}
94
- end
95
-
96
- def test_pcappackets_read
97
- p = PcapPackets.new
98
- p.read @file
99
- assert_equal(11,p.size)
100
- assert_equal(@file[24,@file.size],p.to_s)
101
- end
102
-
103
- end
104
-
105
- class PcapFileTest < Test::Unit::TestCase
106
- require 'digest/md5'
107
-
108
- include PacketFu
109
- def setup
110
- @file = File.open('sample.pcap') {|f| f.read}
111
- @md5 = '1be3b5082bb135c6f22de8801feb3495'
112
- end
113
-
114
- def test_pcapfile_read
115
- p = PcapFile.new
116
- p.read @file
117
- assert_equal(3,p.size)
118
- assert_equal(@file.size, p.sz)
119
- assert_equal(@file, p.to_s)
120
- end
121
-
122
- def test_pcapfile_file_to_array
123
- p = PcapFile.new.file_to_array(:filename => 'sample.pcap')
124
- assert_equal(@md5.downcase, Digest::MD5.hexdigest(@file).downcase)
125
- assert_instance_of(Array, p)
126
- assert_instance_of(String, p[0])
127
- assert_equal(11,p.size)
128
- assert_equal(78,p[0].size)
129
- assert_equal(94,p[1].size)
130
- assert_equal(74,p[10].size)
131
- end
132
-
133
- def test_pcapfile_read_and_write
134
- File.unlink('out.pcap') if File.exists? 'out.pcap'
135
- p = PcapFile.new
136
- p.read @file
137
- p.to_file(:filename => 'out.pcap')
138
- @newfile = File.open('out.pcap') {|f| f.read(f.stat.size)}
139
- @newfile.force_encoding "binary" if @newfile.respond_to? :force_encoding
140
- assert_equal(@file, @newfile)
141
- p.to_file(:filename => 'out.pcap', :append => true)
142
- packet_array = PcapFile.new.f2a(:filename => 'out.pcap')
143
- assert_equal(22, packet_array.size)
144
- end
145
-
146
- def test_pcapfile_write_after_recalc
147
- File.unlink('out.pcap') if File.exists? 'out.pcap'
148
- pcaps = PcapFile.new.file_to_array(:filename => 'sample.pcap')
149
- pcaps.each {|pkt|
150
- p = Packet.parse pkt
151
- p.recalc
152
- p.to_f('out.pcap','a')
153
- }
154
- packet_array = PcapFile.new.f2a(:filename => 'out.pcap')
155
- assert_equal(11, packet_array.size)
156
- File.unlink('out.pcap')
157
- end
158
-
159
- def test_pcapfile_read_and_write_timestamps
160
- File.unlink('out.pcap') if File.exists? 'out.pcap'
161
- pf = PcapFile.new
162
- arr = pf.file_to_array(:filename => 'sample.pcap')
163
- assert_equal(11, arr.size)
164
- pf = PcapFile.new
165
- pf.a2f(:array => arr, :f => 'out.pcap', :ts_inc => 4,
166
- :timestamp => Time.now.to_i - 1_000_000)
167
- diff_time = pf.body[0].timestamp.sec.to_i - pf.body[1].timestamp.sec.to_i
168
- assert_equal(-4, diff_time)
169
- File.unlink('out.pcap')
170
- end
171
-
172
- end
173
-
174
- # Test the legacy Read objects.
175
- class ReadTest < Test::Unit::TestCase
176
-
177
- include PacketFu
178
-
179
- def test_read_string
180
- pkts = Read.file_to_array(:file => 'sample.pcap')
181
- assert_kind_of Array, pkts
182
- assert_equal 11, pkts.size
183
- this_packet = Packet.parse pkts[0]
184
- assert_kind_of UDPPacket, this_packet
185
- that_packet = Packet.parse pkts[3]
186
- assert_kind_of ICMPPacket, that_packet
187
- end
188
-
189
- def test_read_hash
190
- pkts = Read.file_to_array(:file => 'sample.pcap', :ts => true)
191
- assert_kind_of Array, pkts
192
- assert_equal 11, pkts.size
193
- this_packet = Packet.parse pkts[0].values.first
194
- assert_kind_of UDPPacket, this_packet
195
- that_packet = Packet.parse pkts[3].values.first
196
- assert_kind_of ICMPPacket, that_packet
197
- end
198
-
199
- end
200
-
201
- class WriteTest < Test::Unit::TestCase
202
-
203
- include PacketFu
204
-
205
- def test_write
206
-
207
- end
208
-
209
- end
210
-
211
- # vim: nowrap sw=2 sts=0 ts=2 ff=unix ft=ruby
data/test/test_udp.rb DELETED
@@ -1,100 +0,0 @@
1
- #!/usr/bin/env ruby
2
- # -*- coding: binary -*-
3
-
4
- require 'test/unit'
5
- $:.unshift File.join(File.expand_path(File.dirname(__FILE__)), "..", "lib")
6
- require 'packetfu'
7
-
8
- class String
9
- def bin
10
- self.scan(/../).map {|x| x.to_i(16).chr}.join
11
- end
12
- end
13
-
14
- class UDPTest < Test::Unit::TestCase
15
- include PacketFu
16
-
17
- def test_udp_header_new
18
- u = UDPHeader.new
19
- assert_kind_of UDPHeader, u
20
- assert_equal(8, u.to_s.size)
21
- assert_equal("\x00\x00\x00\x00\x00\x08\x00\x00", u.to_s)
22
- end
23
-
24
- def test_udp_peek
25
- u = UDPPacket.new
26
- u.ip_saddr = "10.20.30.40"
27
- u.ip_daddr = "50.60.70.80"
28
- u.udp_src = 53
29
- u.udp_dport = 1305
30
- u.payload = "abcdefghijklmnopqrstuvwxyz"
31
- u.recalc
32
- puts "\n"
33
- puts "UDP Peek format: "
34
- puts u.peek
35
- assert (u.peek.size <= 80)
36
- end
37
-
38
- def test_udp_pcap
39
- u = UDPPacket.new
40
- assert_kind_of UDPPacket, u
41
- u.recalc
42
- u.to_f('udp_test.pcap','a')
43
- u.ip_saddr = "10.20.30.40"
44
- u.ip_daddr = "50.60.70.80"
45
- u.payload = "+some fakey-fake udp packet"
46
- u.udp_src = 1205
47
- u.udp_dst = 13013
48
- u.recalc
49
- u.to_f('udp_test.pcap','a')
50
- end
51
-
52
- def test_udp_read
53
- sample_packet = PcapFile.new.file_to_array(:f => 'sample.pcap')[0]
54
- pkt = Packet.parse(sample_packet)
55
- assert_kind_of UDPPacket, pkt
56
- assert_equal(0x8bf8, pkt.udp_sum.to_i)
57
- pkt.to_f('udp_test.pcap','a')
58
- end
59
-
60
- def test_udp_checksum
61
- sample_packet = PcapFile.new.file_to_array(:f => 'sample.pcap')[0]
62
- pkt = Packet.parse(sample_packet)
63
- assert_kind_of UDPPacket, pkt
64
- pkt.recalc
65
- assert_equal(0x8bf8, pkt.udp_sum.to_i)
66
- pkt.to_f('udp_test.pcap','a')
67
- end
68
-
69
- def test_udp_read_strip
70
- str = "01005e7ffffa100ba9eb63400800450000a12d7c0000011159b446a5fb7ceffffffacdf3076c008d516e4d2d534541524348202a20485454502f312e310d0a486f73743a3233392e3235352e3235352e3235303a313930300d0a53543a75726e3a736368656d61732d75706e702d6f72673a6465766963653a496e7465726e6574476174657761794465766963653a310d0a4d616e3a22737364703a646973636f766572220d0a4d583a330d0a0d0a".bin
71
- str << "0102".bin # Tacking on a couple extra bites tht we'll strip off.
72
- not_stripped = UDPPacket.new
73
- not_stripped.read(str)
74
- assert_equal 135, not_stripped.udp_header.body.length
75
- stripped = UDPPacket.new
76
- stripped.read(str, :strip => true)
77
- assert_equal 133, stripped.udp_header.body.length
78
- end
79
-
80
- def test_udp_alter
81
- sample_packet = PcapFile.new.file_to_array(:f => 'sample.pcap')[0]
82
- pkt = Packet.parse(sample_packet)
83
- assert_kind_of UDPPacket, pkt
84
- pkt.payload = pkt.payload.gsub(/metasploit/,"MeatPistol")
85
- pkt.recalc
86
- assert_equal(0x8341, pkt.udp_sum)
87
- pkt.to_f('udp_test.pcap','a')
88
- end
89
-
90
- def test_udp_reread
91
- sample_packet = PacketFu::UDPPacket.new
92
- pkt = Packet.parse(sample_packet.to_s)
93
- assert sample_packet.is_udp?
94
- assert pkt.is_udp?
95
- end
96
-
97
-
98
- end
99
-
100
- # vim: nowrap sw=2 sts=0 ts=2 ff=unix ft=ruby