packetfu 1.1.11 → 1.1.12.pre
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.gitignore +3 -1
- data/.rspec +2 -0
- data/.travis.yml +2 -3
- data/README.md +127 -0
- data/examples/100kpackets.rb +11 -10
- data/examples/ackscan.rb +4 -1
- data/examples/arp.rb +4 -5
- data/examples/arphood.rb +5 -4
- data/examples/dissect_thinger.rb +10 -7
- data/examples/ethernet.rb +8 -3
- data/examples/ids.rb +22 -4
- data/examples/idsv2.rb +25 -6
- data/examples/ifconfig.rb +6 -3
- data/examples/new-simple-stats.rb +5 -6
- data/examples/packetfu-shell.rb +11 -48
- data/examples/pcap2pcapng.rb +32 -0
- data/examples/simple-sniffer.rb +9 -4
- data/examples/simple-stats.rb +7 -8
- data/examples/slammer.rb +2 -2
- data/examples/uniqpcap.rb +17 -7
- data/lib/packetfu.rb +10 -175
- data/lib/packetfu/capture.rb +2 -2
- data/lib/packetfu/common.rb +142 -0
- data/lib/packetfu/config.rb +8 -8
- data/lib/packetfu/inject.rb +3 -3
- data/lib/packetfu/packet.rb +22 -18
- data/lib/packetfu/pcap.rb +2 -1
- data/lib/packetfu/pcapng.rb +37 -0
- data/lib/packetfu/pcapng/block.rb +25 -0
- data/lib/packetfu/pcapng/epb.rb +112 -0
- data/lib/packetfu/pcapng/file.rb +316 -0
- data/lib/packetfu/pcapng/idb.rb +125 -0
- data/lib/packetfu/pcapng/shb.rb +146 -0
- data/lib/packetfu/pcapng/spb.rb +83 -0
- data/lib/packetfu/pcapng/unknown_block.rb +60 -0
- data/lib/packetfu/protos.rb +3 -0
- data/lib/packetfu/protos/arp.rb +10 -10
- data/lib/packetfu/protos/icmpv6.rb +131 -0
- data/lib/packetfu/protos/icmpv6/header.rb +69 -0
- data/lib/packetfu/protos/icmpv6/mixin.rb +14 -0
- data/lib/packetfu/protos/ip.rb +4 -5
- data/lib/packetfu/protos/ipv6/header.rb +2 -0
- data/lib/packetfu/protos/udp.rb +24 -12
- data/lib/packetfu/structfu.rb +27 -0
- data/lib/packetfu/utils.rb +55 -9
- data/lib/packetfu/version.rb +1 -1
- data/packetfu.gemspec +13 -7
- data/spec/arp_spec.rb +11 -5
- data/spec/eth_spec.rb +20 -11
- data/spec/fake_packets.rb +28 -0
- data/spec/hsrp_spec.rb +15 -0
- data/spec/icmp_spec.rb +12 -5
- data/spec/icmpv6_spec.rb +98 -0
- data/spec/invalid_spec.rb +28 -0
- data/spec/ip_spec.rb +10 -5
- data/spec/ipv4_icmp.pcap +0 -0
- data/spec/ipv4_udp.pcap +0 -0
- data/spec/ipv6_icmp.pcap +0 -0
- data/spec/ipv6_spec.rb +4 -0
- data/spec/ipv6_udp.pcap +0 -0
- data/spec/lldp_spec.rb +36 -0
- data/spec/octets_spec.rb +43 -0
- data/spec/packet_spec.rb +24 -0
- data/spec/packetfu_spec.rb +6 -1
- data/spec/pcap_spec.rb +286 -0
- data/spec/pcapng/epb_spec.rb +81 -0
- data/spec/pcapng/file_spec.rb +295 -0
- data/spec/pcapng/file_spec_helper.rb +45 -0
- data/spec/pcapng/idb_spec.rb +53 -0
- data/spec/pcapng/shb_spec.rb +42 -0
- data/spec/pcapng/spb_spec.rb +43 -0
- data/spec/pcapng/unknown_block_spec.rb +36 -0
- data/spec/spec_helper.rb +3 -31
- data/spec/tcp_spec.rb +4 -1
- data/spec/udp_spec.rb +149 -1
- data/spec/utils_spec.rb +98 -15
- data/test/pcapng-test/output_be/advanced/test100.pcapng +0 -0
- data/test/pcapng-test/output_be/advanced/test100.txt +11 -0
- data/test/pcapng-test/output_be/advanced/test101.pcapng +0 -0
- data/test/pcapng-test/output_be/advanced/test101.txt +11 -0
- data/test/pcapng-test/output_be/advanced/test102.pcapng +0 -0
- data/test/pcapng-test/output_be/advanced/test102.txt +14 -0
- data/test/pcapng-test/output_be/basic/test001.pcapng +0 -0
- data/test/pcapng-test/output_be/basic/test001.txt +9 -0
- data/test/pcapng-test/output_be/basic/test002.pcapng +0 -0
- data/test/pcapng-test/output_be/basic/test002.txt +7 -0
- data/test/pcapng-test/output_be/basic/test003.pcapng +0 -0
- data/test/pcapng-test/output_be/basic/test003.txt +8 -0
- data/test/pcapng-test/output_be/basic/test004.pcapng +0 -0
- data/test/pcapng-test/output_be/basic/test004.txt +9 -0
- data/test/pcapng-test/output_be/basic/test005.pcapng +0 -0
- data/test/pcapng-test/output_be/basic/test005.txt +9 -0
- data/test/pcapng-test/output_be/basic/test006.pcapng +0 -0
- data/test/pcapng-test/output_be/basic/test006.txt +9 -0
- data/test/pcapng-test/output_be/basic/test007.pcapng +0 -0
- data/test/pcapng-test/output_be/basic/test007.txt +9 -0
- data/test/pcapng-test/output_be/basic/test008.pcapng +0 -0
- data/test/pcapng-test/output_be/basic/test008.txt +9 -0
- data/test/pcapng-test/output_be/basic/test009.pcapng +0 -0
- data/test/pcapng-test/output_be/basic/test009.txt +9 -0
- data/test/pcapng-test/output_be/basic/test010.pcapng +0 -0
- data/test/pcapng-test/output_be/basic/test010.txt +9 -0
- data/test/pcapng-test/output_be/basic/test011.pcapng +0 -0
- data/test/pcapng-test/output_be/basic/test011.txt +10 -0
- data/test/pcapng-test/output_be/basic/test012.pcapng +0 -0
- data/test/pcapng-test/output_be/basic/test012.txt +10 -0
- data/test/pcapng-test/output_be/basic/test013.pcapng +0 -0
- data/test/pcapng-test/output_be/basic/test013.txt +9 -0
- data/test/pcapng-test/output_be/basic/test014.pcapng +0 -0
- data/test/pcapng-test/output_be/basic/test014.txt +9 -0
- data/test/pcapng-test/output_be/basic/test015.pcapng +0 -0
- data/test/pcapng-test/output_be/basic/test015.txt +9 -0
- data/test/pcapng-test/output_be/basic/test016.pcapng +0 -0
- data/test/pcapng-test/output_be/basic/test016.txt +11 -0
- data/test/pcapng-test/output_be/basic/test017.pcapng +0 -0
- data/test/pcapng-test/output_be/basic/test017.txt +9 -0
- data/test/pcapng-test/output_be/basic/test018.pcapng +0 -0
- data/test/pcapng-test/output_be/basic/test018.txt +12 -0
- data/test/pcapng-test/output_be/difficult/test200.pcapng +0 -0
- data/test/pcapng-test/output_be/difficult/test200.txt +8 -0
- data/test/pcapng-test/output_be/difficult/test201.pcapng +0 -0
- data/test/pcapng-test/output_be/difficult/test201.txt +11 -0
- data/test/pcapng-test/output_be/difficult/test202.pcapng +0 -0
- data/test/pcapng-test/output_be/difficult/test202.txt +14 -0
- data/test/pcapng-test/output_le/advanced/test100.pcapng +0 -0
- data/test/pcapng-test/output_le/advanced/test100.txt +11 -0
- data/test/pcapng-test/output_le/advanced/test101.pcapng +0 -0
- data/test/pcapng-test/output_le/advanced/test101.txt +11 -0
- data/test/pcapng-test/output_le/advanced/test102.pcapng +0 -0
- data/test/pcapng-test/output_le/advanced/test102.txt +14 -0
- data/test/pcapng-test/output_le/basic/test001.pcapng +0 -0
- data/test/pcapng-test/output_le/basic/test001.txt +9 -0
- data/test/pcapng-test/output_le/basic/test002.pcapng +0 -0
- data/test/pcapng-test/output_le/basic/test002.txt +7 -0
- data/test/pcapng-test/output_le/basic/test003.pcapng +0 -0
- data/test/pcapng-test/output_le/basic/test003.txt +8 -0
- data/test/pcapng-test/output_le/basic/test004.pcapng +0 -0
- data/test/pcapng-test/output_le/basic/test004.txt +9 -0
- data/test/pcapng-test/output_le/basic/test005.pcapng +0 -0
- data/test/pcapng-test/output_le/basic/test005.txt +9 -0
- data/test/pcapng-test/output_le/basic/test006.pcapng +0 -0
- data/test/pcapng-test/output_le/basic/test006.txt +9 -0
- data/test/pcapng-test/output_le/basic/test007.pcapng +0 -0
- data/test/pcapng-test/output_le/basic/test007.txt +9 -0
- data/test/pcapng-test/output_le/basic/test008.pcapng +0 -0
- data/test/pcapng-test/output_le/basic/test008.txt +9 -0
- data/test/pcapng-test/output_le/basic/test009.pcapng +0 -0
- data/test/pcapng-test/output_le/basic/test009.txt +9 -0
- data/test/pcapng-test/output_le/basic/test010.pcapng +0 -0
- data/test/pcapng-test/output_le/basic/test010.txt +9 -0
- data/test/pcapng-test/output_le/basic/test011.pcapng +0 -0
- data/test/pcapng-test/output_le/basic/test011.txt +10 -0
- data/test/pcapng-test/output_le/basic/test012.pcapng +0 -0
- data/test/pcapng-test/output_le/basic/test012.txt +10 -0
- data/test/pcapng-test/output_le/basic/test013.pcapng +0 -0
- data/test/pcapng-test/output_le/basic/test013.txt +9 -0
- data/test/pcapng-test/output_le/basic/test014.pcapng +0 -0
- data/test/pcapng-test/output_le/basic/test014.txt +9 -0
- data/test/pcapng-test/output_le/basic/test015.pcapng +0 -0
- data/test/pcapng-test/output_le/basic/test015.txt +9 -0
- data/test/pcapng-test/output_le/basic/test016.pcapng +0 -0
- data/test/pcapng-test/output_le/basic/test016.txt +11 -0
- data/test/pcapng-test/output_le/basic/test017.pcapng +0 -0
- data/test/pcapng-test/output_le/basic/test017.txt +9 -0
- data/test/pcapng-test/output_le/basic/test018.pcapng +0 -0
- data/test/pcapng-test/output_le/basic/test018.txt +12 -0
- data/test/pcapng-test/output_le/difficult/test200.pcapng +0 -0
- data/test/pcapng-test/output_le/difficult/test200.txt +8 -0
- data/test/pcapng-test/output_le/difficult/test201.pcapng +0 -0
- data/test/pcapng-test/output_le/difficult/test201.txt +11 -0
- data/test/pcapng-test/output_le/difficult/test202.pcapng +0 -0
- data/test/pcapng-test/output_le/difficult/test202.txt +14 -0
- data/test/sample-ipv6.pcapng +0 -0
- data/test/sample-spb.pcapng +0 -0
- data/test/sample.pcapng +0 -0
- data/test/sample2.pcapng +0 -0
- metadata +190 -68
- checksums.yaml.gz.sig +0 -0
- data.tar.gz.sig +0 -2
- data/INSTALL.rdoc +0 -40
- data/README.rdoc +0 -64
- data/examples/examples.rb +0 -4
- data/setup.rb +0 -1586
- data/test/func_lldp.rb +0 -25
- data/test/ptest.rb +0 -16
- data/test/test_eth.rb +0 -93
- data/test/test_hsrp.rb +0 -20
- data/test/test_invalid.rb +0 -28
- data/test/test_octets.rb +0 -36
- data/test/test_pcap.rb +0 -211
- data/test/test_udp.rb +0 -100
- metadata.gz.sig +0 -2
data/test/func_lldp.rb
DELETED
@@ -1,25 +0,0 @@
|
|
1
|
-
#!/usr/bin/ruby
|
2
|
-
|
3
|
-
# Functional test script contributed by @dmaciejak
|
4
|
-
# Still need a real test set.
|
5
|
-
$:.unshift File.join(File.expand_path(File.dirname(__FILE__)), "..", "lib")
|
6
|
-
require 'packetfu'
|
7
|
-
|
8
|
-
def lldp_pcap
|
9
|
-
fname = "./sample_lldp.pcap"
|
10
|
-
fname if File.readable? fname
|
11
|
-
end
|
12
|
-
|
13
|
-
def lldp_test()
|
14
|
-
raise RuntimeError, "Need a sample_lldp.pcap to check!" unless lldp_pcap
|
15
|
-
cap = PacketFu::PcapFile.new.file_to_array(:filename => lldp_pcap)
|
16
|
-
cap.each do |p|
|
17
|
-
pkt = PacketFu::Packet.parse p
|
18
|
-
if pkt.is_lldp?
|
19
|
-
packet_info = [pkt.proto.last, pkt.lldp_capabilty, pkt.lldp_address_type_readable, pkt.lldp_address, pkt.lldp_interface_type, pkt.lldp_interface]
|
20
|
-
puts "%s | %15s | %15s | %15s | %15s | %15s |" % packet_info
|
21
|
-
end
|
22
|
-
end
|
23
|
-
end
|
24
|
-
|
25
|
-
lldp_test()
|
data/test/ptest.rb
DELETED
@@ -1,16 +0,0 @@
|
|
1
|
-
#!/usr/bin/env ruby
|
2
|
-
$:.unshift File.expand_path(File.dirname(__FILE__) + "/../lib/")
|
3
|
-
require 'pcaprub'
|
4
|
-
require 'packetfu'
|
5
|
-
include PacketFu
|
6
|
-
|
7
|
-
if Process.euid.zero?
|
8
|
-
puts ">> Interface: " << Pcap.lookupdev
|
9
|
-
else
|
10
|
-
puts ">> No interface access"
|
11
|
-
end
|
12
|
-
puts ">> Version: " << PacketFu.version
|
13
|
-
|
14
|
-
# vim: nowrap sw=2 sts=0 ts=2 ff=unix ft=ruby
|
15
|
-
|
16
|
-
|
data/test/test_eth.rb
DELETED
@@ -1,93 +0,0 @@
|
|
1
|
-
#!/usr/bin/env ruby
|
2
|
-
# -*- coding: binary -*-
|
3
|
-
|
4
|
-
require 'test/unit'
|
5
|
-
$:.unshift File.join(File.expand_path(File.dirname(__FILE__)), "..", "lib")
|
6
|
-
require 'packetfu'
|
7
|
-
puts "Testing #{PacketFu.version}: #{$0}"
|
8
|
-
|
9
|
-
class EthTest < Test::Unit::TestCase
|
10
|
-
|
11
|
-
def test_ethmac
|
12
|
-
dst = "\x00\x03\x2f\x1a\x74\xde"
|
13
|
-
e = PacketFu::EthMac.new
|
14
|
-
e.read dst
|
15
|
-
assert_equal(dst, e.to_s)
|
16
|
-
assert_equal(0x32f, e.oui.oui)
|
17
|
-
assert_equal("\x1a\x74\xde", e.nic.to_s)
|
18
|
-
assert_equal(222, e.nic.n2)
|
19
|
-
end
|
20
|
-
|
21
|
-
def test_ethmac_ipad
|
22
|
-
dst = "\x7c\x6d\x62\x01\x02\x03"
|
23
|
-
e = PacketFu::EthMac.new
|
24
|
-
e.read dst
|
25
|
-
assert_equal(dst, e.to_s)
|
26
|
-
assert_equal(0x6d62, e.oui.oui)
|
27
|
-
end
|
28
|
-
|
29
|
-
def test_ethmac_class
|
30
|
-
src = "\x00\x1b\x11\x51\xb7\xce"
|
31
|
-
e = PacketFu::EthMac.new
|
32
|
-
e.read src
|
33
|
-
assert_instance_of(PacketFu::EthMac, e)
|
34
|
-
end
|
35
|
-
|
36
|
-
def test_eth
|
37
|
-
header = "00032f1a74de001b1151b7ce0800".scan(/../).map { |x| x.to_i(16) }.pack("C*")
|
38
|
-
src = "\x00\x1b\x11\x51\xb7\xce"
|
39
|
-
dst = "\x00\x03\x2f\x1a\x74\xde"
|
40
|
-
e = PacketFu::EthHeader.new
|
41
|
-
e.eth_dst = dst
|
42
|
-
e.eth_src = src
|
43
|
-
e.eth_proto = "\x08\x00"
|
44
|
-
assert_equal(header, e.to_s)
|
45
|
-
assert_equal(header, PacketFu::EthHeader.new.read(header).to_s)
|
46
|
-
end
|
47
|
-
|
48
|
-
def test_macaddr
|
49
|
-
dst = "\x00\x03\x2f\x1a\x74\xde"
|
50
|
-
dstmac = "00:03:2f:1a:74:de"
|
51
|
-
assert_equal(dstmac,PacketFu::EthHeader.str2mac(dst))
|
52
|
-
assert_equal(dst, PacketFu::EthHeader.mac2str(dstmac))
|
53
|
-
end
|
54
|
-
|
55
|
-
end
|
56
|
-
|
57
|
-
class EthPacketTest < Test::Unit::TestCase
|
58
|
-
include PacketFu
|
59
|
-
|
60
|
-
def test_eth_create
|
61
|
-
sample_packet = PcapFile.new.file_to_array(:f => 'sample.pcap')[0]
|
62
|
-
e = EthPacket.new
|
63
|
-
header = "00032f1a74de001b1151b7ce0800".scan(/../).map { |x| x.to_i(16) }.pack("C*")
|
64
|
-
assert_kind_of EthPacket, e
|
65
|
-
assert_kind_of EthHeader, e.headers[0]
|
66
|
-
assert e.is_eth?
|
67
|
-
assert !e.is_tcp?
|
68
|
-
e.eth_dst = "\x00\x03\x2f\x1a\x74\xde"
|
69
|
-
e.eth_src = "\x00\x1b\x11\x51\xb7\xce"
|
70
|
-
e.eth_proto = 0x0800
|
71
|
-
assert_equal header, e.to_s[0,14]
|
72
|
-
end
|
73
|
-
|
74
|
-
def test_eth_new
|
75
|
-
p = EthPacket.new(
|
76
|
-
:eth_dst => "\x00\x03\x2f\x1a\x74\xde",
|
77
|
-
:eth_src => "\x00\x1b\x11\x51\xb7\xce",
|
78
|
-
:eth_proto => 0x0800)
|
79
|
-
header = "00032f1a74de001b1151b7ce0800".scan(/../).map { |x| x.to_i(16) }.pack("C*")
|
80
|
-
assert_equal header, p.to_s[0,14]
|
81
|
-
end
|
82
|
-
|
83
|
-
def test_eth_write
|
84
|
-
p = EthPacket.new(
|
85
|
-
:eth_dst => "\x00\x03\x2f\x1a\x74\xde",
|
86
|
-
:eth_src => "\x00\x1b\x11\x51\xb7\xce",
|
87
|
-
:eth_proto => 0x0800)
|
88
|
-
p.to_f('eth_test.pcap')
|
89
|
-
end
|
90
|
-
|
91
|
-
end
|
92
|
-
|
93
|
-
# vim: nowrap sw=2 sts=0 ts=2 ff=unix ft=ruby
|
data/test/test_hsrp.rb
DELETED
@@ -1,20 +0,0 @@
|
|
1
|
-
#!/usr/bin/env ruby
|
2
|
-
require 'test/unit'
|
3
|
-
$:.unshift File.join(File.expand_path(File.dirname(__FILE__)), "..", "lib")
|
4
|
-
require 'packetfu'
|
5
|
-
|
6
|
-
class HSRPTest < Test::Unit::TestCase
|
7
|
-
include PacketFu
|
8
|
-
|
9
|
-
def test_hsrp_read
|
10
|
-
sample_packet = PcapFile.new.file_to_array(:f => 'sample_hsrp_pcapr.cap')[0]
|
11
|
-
pkt = Packet.parse(sample_packet)
|
12
|
-
assert pkt.is_hsrp?
|
13
|
-
assert pkt.is_udp?
|
14
|
-
assert_equal(0x2d8d, pkt.udp_sum.to_i)
|
15
|
-
# pkt.to_f('udp_test.pcap','a')
|
16
|
-
end
|
17
|
-
|
18
|
-
end
|
19
|
-
|
20
|
-
# vim: nowrap sw=2 sts=0 ts=2 ff=unix ft=ruby
|
data/test/test_invalid.rb
DELETED
@@ -1,28 +0,0 @@
|
|
1
|
-
#!/usr/bin/env ruby
|
2
|
-
require 'test/unit'
|
3
|
-
$:.unshift File.join(File.expand_path(File.dirname(__FILE__)), "..", "lib")
|
4
|
-
require 'packetfu'
|
5
|
-
|
6
|
-
class InvalidTest < Test::Unit::TestCase
|
7
|
-
include PacketFu
|
8
|
-
|
9
|
-
def test_create_invalid
|
10
|
-
p = InvalidPacket.new
|
11
|
-
assert_kind_of InvalidPacket, p
|
12
|
-
assert_kind_of Packet, p
|
13
|
-
assert p.is_invalid?
|
14
|
-
assert_equal false, p.is_eth?
|
15
|
-
assert_not_equal EthPacket, p.class
|
16
|
-
end
|
17
|
-
|
18
|
-
# Sadly, the only way to generate an "InvalidPacket" is
|
19
|
-
# to read a packet that's less than 14 bytes. Otherwise,
|
20
|
-
# it's presumed to be an EthPacket. TODO: Fix this assumption!
|
21
|
-
def test_parse_invalid
|
22
|
-
p = Packet.parse("A" * 13)
|
23
|
-
assert_kind_of InvalidPacket, p
|
24
|
-
end
|
25
|
-
|
26
|
-
end
|
27
|
-
|
28
|
-
# vim: nowrap sw=2 sts=0 ts=2 ff=unix ft=ruby
|
data/test/test_octets.rb
DELETED
@@ -1,36 +0,0 @@
|
|
1
|
-
#!/usr/bin/env ruby
|
2
|
-
# -*- coding: binary -*-
|
3
|
-
|
4
|
-
require 'test/unit'
|
5
|
-
$:.unshift File.join(File.expand_path(File.dirname(__FILE__)), "..", "lib")
|
6
|
-
require 'packetfu'
|
7
|
-
|
8
|
-
class OctetsTest < Test::Unit::TestCase
|
9
|
-
include PacketFu
|
10
|
-
|
11
|
-
def test_octets_read
|
12
|
-
o = Octets.new
|
13
|
-
o.read("\x04\x03\x02\x01")
|
14
|
-
assert_equal("4.3.2.1", o.to_x)
|
15
|
-
end
|
16
|
-
|
17
|
-
def test_octets_read_quad
|
18
|
-
o = Octets.new
|
19
|
-
o.read_quad("1.2.3.4")
|
20
|
-
assert_equal("1.2.3.4", o.to_x)
|
21
|
-
assert_equal("\x01\x02\x03\x04", o.to_s)
|
22
|
-
assert_equal(0x01020304, o.to_i)
|
23
|
-
end
|
24
|
-
|
25
|
-
def test_octets_single_octet
|
26
|
-
o = Octets.new
|
27
|
-
o.read("ABCD")
|
28
|
-
assert_equal(o.o1, 0x41)
|
29
|
-
assert_equal(o.o2, 0x42)
|
30
|
-
assert_equal(o.o3, 0x43)
|
31
|
-
assert_equal(o.o4, 0x44)
|
32
|
-
end
|
33
|
-
|
34
|
-
end
|
35
|
-
|
36
|
-
# vim: nowrap sw=2 sts=0 ts=2 ff=unix ft=ruby
|
data/test/test_pcap.rb
DELETED
@@ -1,211 +0,0 @@
|
|
1
|
-
#!/usr/bin/env ruby
|
2
|
-
# -*- coding: binary -*-
|
3
|
-
|
4
|
-
require 'test/unit'
|
5
|
-
$:.unshift File.join(File.expand_path(File.dirname(__FILE__)), "..", "lib")
|
6
|
-
require 'packetfu'
|
7
|
-
|
8
|
-
class PcapHeaderTest < Test::Unit::TestCase
|
9
|
-
include PacketFu
|
10
|
-
def setup
|
11
|
-
@file = File.open('sample.pcap') {|f| f.read}
|
12
|
-
@file.force_encoding "binary" if @file.respond_to? :force_encoding
|
13
|
-
@file_magic = @file[0,4]
|
14
|
-
@file_header = @file[0,24]
|
15
|
-
end
|
16
|
-
|
17
|
-
def test_header_size
|
18
|
-
assert_equal(24, PcapHeader.new.sz)
|
19
|
-
assert_equal(24, PcapHeader.new.sz)
|
20
|
-
end
|
21
|
-
|
22
|
-
# If this fails, the rest is pretty much for naught.
|
23
|
-
def test_read_file
|
24
|
-
assert_equal("\xd4\xc3\xb2\xa1", @file_magic) # yep, it's libpcap.
|
25
|
-
end
|
26
|
-
|
27
|
-
def test_endian_magic
|
28
|
-
p = PcapHeader.new # usual case
|
29
|
-
assert_equal(@file_magic, p.to_s[0,4])
|
30
|
-
p = PcapHeader.new(:endian => :big)
|
31
|
-
assert_equal("\xa1\xb2\xc3\xd4", p.to_s[0,4])
|
32
|
-
end
|
33
|
-
|
34
|
-
def test_header
|
35
|
-
p = PcapHeader.new
|
36
|
-
assert_equal(@file_header, p.to_s[0,24])
|
37
|
-
p = PcapHeader.new(:endian => :big)
|
38
|
-
assert_not_equal(@file_header, p.to_s[0,24])
|
39
|
-
# We want to ensure our endianness is little or big.
|
40
|
-
assert_raise(ArgumentError) {PcapHeader.new(:endian => :just_right)}
|
41
|
-
end
|
42
|
-
|
43
|
-
def test_header_read
|
44
|
-
p = PcapHeader.new
|
45
|
-
p.read @file
|
46
|
-
assert_equal(@file_header,p.to_s)
|
47
|
-
end
|
48
|
-
|
49
|
-
end
|
50
|
-
|
51
|
-
class TimestampTest < Test::Unit::TestCase
|
52
|
-
include PacketFu
|
53
|
-
def setup
|
54
|
-
@file = File.open('sample.pcap') {|f| f.read}
|
55
|
-
@ts = @file[24,8]
|
56
|
-
end
|
57
|
-
|
58
|
-
def test_timestamp_size
|
59
|
-
assert_equal(3, Timestamp.new.size) # Number of elements
|
60
|
-
assert_equal(8, Timestamp.new.sz) # Length of the string (in PacketFu)
|
61
|
-
end
|
62
|
-
|
63
|
-
def test_timestamp_read
|
64
|
-
t = Timestamp.new
|
65
|
-
t.read(@ts)
|
66
|
-
assert_equal(@ts, t.to_s)
|
67
|
-
end
|
68
|
-
end
|
69
|
-
|
70
|
-
class PcapPacketTest < Test::Unit::TestCase
|
71
|
-
include PacketFu
|
72
|
-
def setup
|
73
|
-
@file = File.open('sample.pcap') {|f| f.read}
|
74
|
-
@file.force_encoding "binary" if @file.respond_to? :force_encoding
|
75
|
-
@header = @file[0,24]
|
76
|
-
@packet = @file[24,100] # pkt is 78 bytes + 16 bytes pcap hdr == 94
|
77
|
-
end
|
78
|
-
|
79
|
-
def test_pcappacket_read
|
80
|
-
p = PcapPacket.new :endian => :little
|
81
|
-
p.read(@packet)
|
82
|
-
assert_equal(78,@packet[8,4].unpack("V").first)
|
83
|
-
assert_equal(@packet[8,4].unpack("V").first,p[:incl_len].to_i)
|
84
|
-
assert_equal(@packet[0,94],p.to_s)
|
85
|
-
end
|
86
|
-
|
87
|
-
end
|
88
|
-
|
89
|
-
class PcapPacketsTest < Test::Unit::TestCase
|
90
|
-
|
91
|
-
include PacketFu
|
92
|
-
def setup
|
93
|
-
@file = File.open('sample.pcap') {|f| f.read}
|
94
|
-
end
|
95
|
-
|
96
|
-
def test_pcappackets_read
|
97
|
-
p = PcapPackets.new
|
98
|
-
p.read @file
|
99
|
-
assert_equal(11,p.size)
|
100
|
-
assert_equal(@file[24,@file.size],p.to_s)
|
101
|
-
end
|
102
|
-
|
103
|
-
end
|
104
|
-
|
105
|
-
class PcapFileTest < Test::Unit::TestCase
|
106
|
-
require 'digest/md5'
|
107
|
-
|
108
|
-
include PacketFu
|
109
|
-
def setup
|
110
|
-
@file = File.open('sample.pcap') {|f| f.read}
|
111
|
-
@md5 = '1be3b5082bb135c6f22de8801feb3495'
|
112
|
-
end
|
113
|
-
|
114
|
-
def test_pcapfile_read
|
115
|
-
p = PcapFile.new
|
116
|
-
p.read @file
|
117
|
-
assert_equal(3,p.size)
|
118
|
-
assert_equal(@file.size, p.sz)
|
119
|
-
assert_equal(@file, p.to_s)
|
120
|
-
end
|
121
|
-
|
122
|
-
def test_pcapfile_file_to_array
|
123
|
-
p = PcapFile.new.file_to_array(:filename => 'sample.pcap')
|
124
|
-
assert_equal(@md5.downcase, Digest::MD5.hexdigest(@file).downcase)
|
125
|
-
assert_instance_of(Array, p)
|
126
|
-
assert_instance_of(String, p[0])
|
127
|
-
assert_equal(11,p.size)
|
128
|
-
assert_equal(78,p[0].size)
|
129
|
-
assert_equal(94,p[1].size)
|
130
|
-
assert_equal(74,p[10].size)
|
131
|
-
end
|
132
|
-
|
133
|
-
def test_pcapfile_read_and_write
|
134
|
-
File.unlink('out.pcap') if File.exists? 'out.pcap'
|
135
|
-
p = PcapFile.new
|
136
|
-
p.read @file
|
137
|
-
p.to_file(:filename => 'out.pcap')
|
138
|
-
@newfile = File.open('out.pcap') {|f| f.read(f.stat.size)}
|
139
|
-
@newfile.force_encoding "binary" if @newfile.respond_to? :force_encoding
|
140
|
-
assert_equal(@file, @newfile)
|
141
|
-
p.to_file(:filename => 'out.pcap', :append => true)
|
142
|
-
packet_array = PcapFile.new.f2a(:filename => 'out.pcap')
|
143
|
-
assert_equal(22, packet_array.size)
|
144
|
-
end
|
145
|
-
|
146
|
-
def test_pcapfile_write_after_recalc
|
147
|
-
File.unlink('out.pcap') if File.exists? 'out.pcap'
|
148
|
-
pcaps = PcapFile.new.file_to_array(:filename => 'sample.pcap')
|
149
|
-
pcaps.each {|pkt|
|
150
|
-
p = Packet.parse pkt
|
151
|
-
p.recalc
|
152
|
-
p.to_f('out.pcap','a')
|
153
|
-
}
|
154
|
-
packet_array = PcapFile.new.f2a(:filename => 'out.pcap')
|
155
|
-
assert_equal(11, packet_array.size)
|
156
|
-
File.unlink('out.pcap')
|
157
|
-
end
|
158
|
-
|
159
|
-
def test_pcapfile_read_and_write_timestamps
|
160
|
-
File.unlink('out.pcap') if File.exists? 'out.pcap'
|
161
|
-
pf = PcapFile.new
|
162
|
-
arr = pf.file_to_array(:filename => 'sample.pcap')
|
163
|
-
assert_equal(11, arr.size)
|
164
|
-
pf = PcapFile.new
|
165
|
-
pf.a2f(:array => arr, :f => 'out.pcap', :ts_inc => 4,
|
166
|
-
:timestamp => Time.now.to_i - 1_000_000)
|
167
|
-
diff_time = pf.body[0].timestamp.sec.to_i - pf.body[1].timestamp.sec.to_i
|
168
|
-
assert_equal(-4, diff_time)
|
169
|
-
File.unlink('out.pcap')
|
170
|
-
end
|
171
|
-
|
172
|
-
end
|
173
|
-
|
174
|
-
# Test the legacy Read objects.
|
175
|
-
class ReadTest < Test::Unit::TestCase
|
176
|
-
|
177
|
-
include PacketFu
|
178
|
-
|
179
|
-
def test_read_string
|
180
|
-
pkts = Read.file_to_array(:file => 'sample.pcap')
|
181
|
-
assert_kind_of Array, pkts
|
182
|
-
assert_equal 11, pkts.size
|
183
|
-
this_packet = Packet.parse pkts[0]
|
184
|
-
assert_kind_of UDPPacket, this_packet
|
185
|
-
that_packet = Packet.parse pkts[3]
|
186
|
-
assert_kind_of ICMPPacket, that_packet
|
187
|
-
end
|
188
|
-
|
189
|
-
def test_read_hash
|
190
|
-
pkts = Read.file_to_array(:file => 'sample.pcap', :ts => true)
|
191
|
-
assert_kind_of Array, pkts
|
192
|
-
assert_equal 11, pkts.size
|
193
|
-
this_packet = Packet.parse pkts[0].values.first
|
194
|
-
assert_kind_of UDPPacket, this_packet
|
195
|
-
that_packet = Packet.parse pkts[3].values.first
|
196
|
-
assert_kind_of ICMPPacket, that_packet
|
197
|
-
end
|
198
|
-
|
199
|
-
end
|
200
|
-
|
201
|
-
class WriteTest < Test::Unit::TestCase
|
202
|
-
|
203
|
-
include PacketFu
|
204
|
-
|
205
|
-
def test_write
|
206
|
-
|
207
|
-
end
|
208
|
-
|
209
|
-
end
|
210
|
-
|
211
|
-
# vim: nowrap sw=2 sts=0 ts=2 ff=unix ft=ruby
|
data/test/test_udp.rb
DELETED
@@ -1,100 +0,0 @@
|
|
1
|
-
#!/usr/bin/env ruby
|
2
|
-
# -*- coding: binary -*-
|
3
|
-
|
4
|
-
require 'test/unit'
|
5
|
-
$:.unshift File.join(File.expand_path(File.dirname(__FILE__)), "..", "lib")
|
6
|
-
require 'packetfu'
|
7
|
-
|
8
|
-
class String
|
9
|
-
def bin
|
10
|
-
self.scan(/../).map {|x| x.to_i(16).chr}.join
|
11
|
-
end
|
12
|
-
end
|
13
|
-
|
14
|
-
class UDPTest < Test::Unit::TestCase
|
15
|
-
include PacketFu
|
16
|
-
|
17
|
-
def test_udp_header_new
|
18
|
-
u = UDPHeader.new
|
19
|
-
assert_kind_of UDPHeader, u
|
20
|
-
assert_equal(8, u.to_s.size)
|
21
|
-
assert_equal("\x00\x00\x00\x00\x00\x08\x00\x00", u.to_s)
|
22
|
-
end
|
23
|
-
|
24
|
-
def test_udp_peek
|
25
|
-
u = UDPPacket.new
|
26
|
-
u.ip_saddr = "10.20.30.40"
|
27
|
-
u.ip_daddr = "50.60.70.80"
|
28
|
-
u.udp_src = 53
|
29
|
-
u.udp_dport = 1305
|
30
|
-
u.payload = "abcdefghijklmnopqrstuvwxyz"
|
31
|
-
u.recalc
|
32
|
-
puts "\n"
|
33
|
-
puts "UDP Peek format: "
|
34
|
-
puts u.peek
|
35
|
-
assert (u.peek.size <= 80)
|
36
|
-
end
|
37
|
-
|
38
|
-
def test_udp_pcap
|
39
|
-
u = UDPPacket.new
|
40
|
-
assert_kind_of UDPPacket, u
|
41
|
-
u.recalc
|
42
|
-
u.to_f('udp_test.pcap','a')
|
43
|
-
u.ip_saddr = "10.20.30.40"
|
44
|
-
u.ip_daddr = "50.60.70.80"
|
45
|
-
u.payload = "+some fakey-fake udp packet"
|
46
|
-
u.udp_src = 1205
|
47
|
-
u.udp_dst = 13013
|
48
|
-
u.recalc
|
49
|
-
u.to_f('udp_test.pcap','a')
|
50
|
-
end
|
51
|
-
|
52
|
-
def test_udp_read
|
53
|
-
sample_packet = PcapFile.new.file_to_array(:f => 'sample.pcap')[0]
|
54
|
-
pkt = Packet.parse(sample_packet)
|
55
|
-
assert_kind_of UDPPacket, pkt
|
56
|
-
assert_equal(0x8bf8, pkt.udp_sum.to_i)
|
57
|
-
pkt.to_f('udp_test.pcap','a')
|
58
|
-
end
|
59
|
-
|
60
|
-
def test_udp_checksum
|
61
|
-
sample_packet = PcapFile.new.file_to_array(:f => 'sample.pcap')[0]
|
62
|
-
pkt = Packet.parse(sample_packet)
|
63
|
-
assert_kind_of UDPPacket, pkt
|
64
|
-
pkt.recalc
|
65
|
-
assert_equal(0x8bf8, pkt.udp_sum.to_i)
|
66
|
-
pkt.to_f('udp_test.pcap','a')
|
67
|
-
end
|
68
|
-
|
69
|
-
def test_udp_read_strip
|
70
|
-
str = "01005e7ffffa100ba9eb63400800450000a12d7c0000011159b446a5fb7ceffffffacdf3076c008d516e4d2d534541524348202a20485454502f312e310d0a486f73743a3233392e3235352e3235352e3235303a313930300d0a53543a75726e3a736368656d61732d75706e702d6f72673a6465766963653a496e7465726e6574476174657761794465766963653a310d0a4d616e3a22737364703a646973636f766572220d0a4d583a330d0a0d0a".bin
|
71
|
-
str << "0102".bin # Tacking on a couple extra bites tht we'll strip off.
|
72
|
-
not_stripped = UDPPacket.new
|
73
|
-
not_stripped.read(str)
|
74
|
-
assert_equal 135, not_stripped.udp_header.body.length
|
75
|
-
stripped = UDPPacket.new
|
76
|
-
stripped.read(str, :strip => true)
|
77
|
-
assert_equal 133, stripped.udp_header.body.length
|
78
|
-
end
|
79
|
-
|
80
|
-
def test_udp_alter
|
81
|
-
sample_packet = PcapFile.new.file_to_array(:f => 'sample.pcap')[0]
|
82
|
-
pkt = Packet.parse(sample_packet)
|
83
|
-
assert_kind_of UDPPacket, pkt
|
84
|
-
pkt.payload = pkt.payload.gsub(/metasploit/,"MeatPistol")
|
85
|
-
pkt.recalc
|
86
|
-
assert_equal(0x8341, pkt.udp_sum)
|
87
|
-
pkt.to_f('udp_test.pcap','a')
|
88
|
-
end
|
89
|
-
|
90
|
-
def test_udp_reread
|
91
|
-
sample_packet = PacketFu::UDPPacket.new
|
92
|
-
pkt = Packet.parse(sample_packet.to_s)
|
93
|
-
assert sample_packet.is_udp?
|
94
|
-
assert pkt.is_udp?
|
95
|
-
end
|
96
|
-
|
97
|
-
|
98
|
-
end
|
99
|
-
|
100
|
-
# vim: nowrap sw=2 sts=0 ts=2 ff=unix ft=ruby
|