packetfu 1.1.11 → 1.1.12.pre
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.gitignore +3 -1
- data/.rspec +2 -0
- data/.travis.yml +2 -3
- data/README.md +127 -0
- data/examples/100kpackets.rb +11 -10
- data/examples/ackscan.rb +4 -1
- data/examples/arp.rb +4 -5
- data/examples/arphood.rb +5 -4
- data/examples/dissect_thinger.rb +10 -7
- data/examples/ethernet.rb +8 -3
- data/examples/ids.rb +22 -4
- data/examples/idsv2.rb +25 -6
- data/examples/ifconfig.rb +6 -3
- data/examples/new-simple-stats.rb +5 -6
- data/examples/packetfu-shell.rb +11 -48
- data/examples/pcap2pcapng.rb +32 -0
- data/examples/simple-sniffer.rb +9 -4
- data/examples/simple-stats.rb +7 -8
- data/examples/slammer.rb +2 -2
- data/examples/uniqpcap.rb +17 -7
- data/lib/packetfu.rb +10 -175
- data/lib/packetfu/capture.rb +2 -2
- data/lib/packetfu/common.rb +142 -0
- data/lib/packetfu/config.rb +8 -8
- data/lib/packetfu/inject.rb +3 -3
- data/lib/packetfu/packet.rb +22 -18
- data/lib/packetfu/pcap.rb +2 -1
- data/lib/packetfu/pcapng.rb +37 -0
- data/lib/packetfu/pcapng/block.rb +25 -0
- data/lib/packetfu/pcapng/epb.rb +112 -0
- data/lib/packetfu/pcapng/file.rb +316 -0
- data/lib/packetfu/pcapng/idb.rb +125 -0
- data/lib/packetfu/pcapng/shb.rb +146 -0
- data/lib/packetfu/pcapng/spb.rb +83 -0
- data/lib/packetfu/pcapng/unknown_block.rb +60 -0
- data/lib/packetfu/protos.rb +3 -0
- data/lib/packetfu/protos/arp.rb +10 -10
- data/lib/packetfu/protos/icmpv6.rb +131 -0
- data/lib/packetfu/protos/icmpv6/header.rb +69 -0
- data/lib/packetfu/protos/icmpv6/mixin.rb +14 -0
- data/lib/packetfu/protos/ip.rb +4 -5
- data/lib/packetfu/protos/ipv6/header.rb +2 -0
- data/lib/packetfu/protos/udp.rb +24 -12
- data/lib/packetfu/structfu.rb +27 -0
- data/lib/packetfu/utils.rb +55 -9
- data/lib/packetfu/version.rb +1 -1
- data/packetfu.gemspec +13 -7
- data/spec/arp_spec.rb +11 -5
- data/spec/eth_spec.rb +20 -11
- data/spec/fake_packets.rb +28 -0
- data/spec/hsrp_spec.rb +15 -0
- data/spec/icmp_spec.rb +12 -5
- data/spec/icmpv6_spec.rb +98 -0
- data/spec/invalid_spec.rb +28 -0
- data/spec/ip_spec.rb +10 -5
- data/spec/ipv4_icmp.pcap +0 -0
- data/spec/ipv4_udp.pcap +0 -0
- data/spec/ipv6_icmp.pcap +0 -0
- data/spec/ipv6_spec.rb +4 -0
- data/spec/ipv6_udp.pcap +0 -0
- data/spec/lldp_spec.rb +36 -0
- data/spec/octets_spec.rb +43 -0
- data/spec/packet_spec.rb +24 -0
- data/spec/packetfu_spec.rb +6 -1
- data/spec/pcap_spec.rb +286 -0
- data/spec/pcapng/epb_spec.rb +81 -0
- data/spec/pcapng/file_spec.rb +295 -0
- data/spec/pcapng/file_spec_helper.rb +45 -0
- data/spec/pcapng/idb_spec.rb +53 -0
- data/spec/pcapng/shb_spec.rb +42 -0
- data/spec/pcapng/spb_spec.rb +43 -0
- data/spec/pcapng/unknown_block_spec.rb +36 -0
- data/spec/spec_helper.rb +3 -31
- data/spec/tcp_spec.rb +4 -1
- data/spec/udp_spec.rb +149 -1
- data/spec/utils_spec.rb +98 -15
- data/test/pcapng-test/output_be/advanced/test100.pcapng +0 -0
- data/test/pcapng-test/output_be/advanced/test100.txt +11 -0
- data/test/pcapng-test/output_be/advanced/test101.pcapng +0 -0
- data/test/pcapng-test/output_be/advanced/test101.txt +11 -0
- data/test/pcapng-test/output_be/advanced/test102.pcapng +0 -0
- data/test/pcapng-test/output_be/advanced/test102.txt +14 -0
- data/test/pcapng-test/output_be/basic/test001.pcapng +0 -0
- data/test/pcapng-test/output_be/basic/test001.txt +9 -0
- data/test/pcapng-test/output_be/basic/test002.pcapng +0 -0
- data/test/pcapng-test/output_be/basic/test002.txt +7 -0
- data/test/pcapng-test/output_be/basic/test003.pcapng +0 -0
- data/test/pcapng-test/output_be/basic/test003.txt +8 -0
- data/test/pcapng-test/output_be/basic/test004.pcapng +0 -0
- data/test/pcapng-test/output_be/basic/test004.txt +9 -0
- data/test/pcapng-test/output_be/basic/test005.pcapng +0 -0
- data/test/pcapng-test/output_be/basic/test005.txt +9 -0
- data/test/pcapng-test/output_be/basic/test006.pcapng +0 -0
- data/test/pcapng-test/output_be/basic/test006.txt +9 -0
- data/test/pcapng-test/output_be/basic/test007.pcapng +0 -0
- data/test/pcapng-test/output_be/basic/test007.txt +9 -0
- data/test/pcapng-test/output_be/basic/test008.pcapng +0 -0
- data/test/pcapng-test/output_be/basic/test008.txt +9 -0
- data/test/pcapng-test/output_be/basic/test009.pcapng +0 -0
- data/test/pcapng-test/output_be/basic/test009.txt +9 -0
- data/test/pcapng-test/output_be/basic/test010.pcapng +0 -0
- data/test/pcapng-test/output_be/basic/test010.txt +9 -0
- data/test/pcapng-test/output_be/basic/test011.pcapng +0 -0
- data/test/pcapng-test/output_be/basic/test011.txt +10 -0
- data/test/pcapng-test/output_be/basic/test012.pcapng +0 -0
- data/test/pcapng-test/output_be/basic/test012.txt +10 -0
- data/test/pcapng-test/output_be/basic/test013.pcapng +0 -0
- data/test/pcapng-test/output_be/basic/test013.txt +9 -0
- data/test/pcapng-test/output_be/basic/test014.pcapng +0 -0
- data/test/pcapng-test/output_be/basic/test014.txt +9 -0
- data/test/pcapng-test/output_be/basic/test015.pcapng +0 -0
- data/test/pcapng-test/output_be/basic/test015.txt +9 -0
- data/test/pcapng-test/output_be/basic/test016.pcapng +0 -0
- data/test/pcapng-test/output_be/basic/test016.txt +11 -0
- data/test/pcapng-test/output_be/basic/test017.pcapng +0 -0
- data/test/pcapng-test/output_be/basic/test017.txt +9 -0
- data/test/pcapng-test/output_be/basic/test018.pcapng +0 -0
- data/test/pcapng-test/output_be/basic/test018.txt +12 -0
- data/test/pcapng-test/output_be/difficult/test200.pcapng +0 -0
- data/test/pcapng-test/output_be/difficult/test200.txt +8 -0
- data/test/pcapng-test/output_be/difficult/test201.pcapng +0 -0
- data/test/pcapng-test/output_be/difficult/test201.txt +11 -0
- data/test/pcapng-test/output_be/difficult/test202.pcapng +0 -0
- data/test/pcapng-test/output_be/difficult/test202.txt +14 -0
- data/test/pcapng-test/output_le/advanced/test100.pcapng +0 -0
- data/test/pcapng-test/output_le/advanced/test100.txt +11 -0
- data/test/pcapng-test/output_le/advanced/test101.pcapng +0 -0
- data/test/pcapng-test/output_le/advanced/test101.txt +11 -0
- data/test/pcapng-test/output_le/advanced/test102.pcapng +0 -0
- data/test/pcapng-test/output_le/advanced/test102.txt +14 -0
- data/test/pcapng-test/output_le/basic/test001.pcapng +0 -0
- data/test/pcapng-test/output_le/basic/test001.txt +9 -0
- data/test/pcapng-test/output_le/basic/test002.pcapng +0 -0
- data/test/pcapng-test/output_le/basic/test002.txt +7 -0
- data/test/pcapng-test/output_le/basic/test003.pcapng +0 -0
- data/test/pcapng-test/output_le/basic/test003.txt +8 -0
- data/test/pcapng-test/output_le/basic/test004.pcapng +0 -0
- data/test/pcapng-test/output_le/basic/test004.txt +9 -0
- data/test/pcapng-test/output_le/basic/test005.pcapng +0 -0
- data/test/pcapng-test/output_le/basic/test005.txt +9 -0
- data/test/pcapng-test/output_le/basic/test006.pcapng +0 -0
- data/test/pcapng-test/output_le/basic/test006.txt +9 -0
- data/test/pcapng-test/output_le/basic/test007.pcapng +0 -0
- data/test/pcapng-test/output_le/basic/test007.txt +9 -0
- data/test/pcapng-test/output_le/basic/test008.pcapng +0 -0
- data/test/pcapng-test/output_le/basic/test008.txt +9 -0
- data/test/pcapng-test/output_le/basic/test009.pcapng +0 -0
- data/test/pcapng-test/output_le/basic/test009.txt +9 -0
- data/test/pcapng-test/output_le/basic/test010.pcapng +0 -0
- data/test/pcapng-test/output_le/basic/test010.txt +9 -0
- data/test/pcapng-test/output_le/basic/test011.pcapng +0 -0
- data/test/pcapng-test/output_le/basic/test011.txt +10 -0
- data/test/pcapng-test/output_le/basic/test012.pcapng +0 -0
- data/test/pcapng-test/output_le/basic/test012.txt +10 -0
- data/test/pcapng-test/output_le/basic/test013.pcapng +0 -0
- data/test/pcapng-test/output_le/basic/test013.txt +9 -0
- data/test/pcapng-test/output_le/basic/test014.pcapng +0 -0
- data/test/pcapng-test/output_le/basic/test014.txt +9 -0
- data/test/pcapng-test/output_le/basic/test015.pcapng +0 -0
- data/test/pcapng-test/output_le/basic/test015.txt +9 -0
- data/test/pcapng-test/output_le/basic/test016.pcapng +0 -0
- data/test/pcapng-test/output_le/basic/test016.txt +11 -0
- data/test/pcapng-test/output_le/basic/test017.pcapng +0 -0
- data/test/pcapng-test/output_le/basic/test017.txt +9 -0
- data/test/pcapng-test/output_le/basic/test018.pcapng +0 -0
- data/test/pcapng-test/output_le/basic/test018.txt +12 -0
- data/test/pcapng-test/output_le/difficult/test200.pcapng +0 -0
- data/test/pcapng-test/output_le/difficult/test200.txt +8 -0
- data/test/pcapng-test/output_le/difficult/test201.pcapng +0 -0
- data/test/pcapng-test/output_le/difficult/test201.txt +11 -0
- data/test/pcapng-test/output_le/difficult/test202.pcapng +0 -0
- data/test/pcapng-test/output_le/difficult/test202.txt +14 -0
- data/test/sample-ipv6.pcapng +0 -0
- data/test/sample-spb.pcapng +0 -0
- data/test/sample.pcapng +0 -0
- data/test/sample2.pcapng +0 -0
- metadata +190 -68
- checksums.yaml.gz.sig +0 -0
- data.tar.gz.sig +0 -2
- data/INSTALL.rdoc +0 -40
- data/README.rdoc +0 -64
- data/examples/examples.rb +0 -4
- data/setup.rb +0 -1586
- data/test/func_lldp.rb +0 -25
- data/test/ptest.rb +0 -16
- data/test/test_eth.rb +0 -93
- data/test/test_hsrp.rb +0 -20
- data/test/test_invalid.rb +0 -28
- data/test/test_octets.rb +0 -36
- data/test/test_pcap.rb +0 -211
- data/test/test_udp.rb +0 -100
- metadata.gz.sig +0 -2
data/lib/packetfu/version.rb
CHANGED
data/packetfu.gemspec
CHANGED
@@ -4,22 +4,28 @@ require './lib/packetfu/version'
|
|
4
4
|
Gem::Specification.new do |s|
|
5
5
|
s.name = 'packetfu'
|
6
6
|
s.version = PacketFu::VERSION
|
7
|
-
s.authors = ['Tod Beardsley']
|
8
|
-
s.email = 'todb@packetfu.com'
|
7
|
+
s.authors = ['Tod Beardsley', 'Jonathan Claudius']
|
8
|
+
s.email = ['todb@packetfu.com', 'claudijd@yahoo.com']
|
9
9
|
s.summary = 'PacketFu is a mid-level packet manipulation library.'
|
10
|
-
s.homepage = 'https://github.com/
|
11
|
-
s.description = %q{
|
10
|
+
s.homepage = 'https://github.com/packetfu/packetfu'
|
11
|
+
s.description = %q{
|
12
|
+
PacketFu is a mid-level packet manipulation library for Ruby. With
|
13
|
+
it, users can read, parse, and write network packets with the level of
|
14
|
+
ease and fun they expect from Ruby.
|
15
|
+
}
|
12
16
|
s.files = `git ls-files`.split($/)
|
13
17
|
s.license = 'BSD'
|
14
|
-
|
15
|
-
s.add_dependency('network_interface', '~> 0.0')
|
18
|
+
s.required_ruby_version = '>= 2.1.0'
|
16
19
|
s.add_dependency('pcaprub', '~> 0.12')
|
17
20
|
s.add_development_dependency('rake', '~> 10.3')
|
18
21
|
s.add_development_dependency('rspec', '~> 3.0')
|
19
22
|
s.add_development_dependency('rspec-its', '~> 1.2')
|
20
23
|
s.add_development_dependency('sdoc', '~> 0.4.1')
|
24
|
+
s.add_development_dependency('pry')
|
25
|
+
s.add_development_dependency('coveralls')
|
26
|
+
|
21
27
|
|
22
|
-
s.extra_rdoc_files = %w[.document README.
|
28
|
+
s.extra_rdoc_files = %w[.document README.md]
|
23
29
|
s.test_files = (s.files & (Dir['spec/**/*_spec.rb'] + Dir['test/test_*.rb']) )
|
24
30
|
s.rubyforge_project = 'packetfu'
|
25
31
|
|
data/spec/arp_spec.rb
CHANGED
@@ -1,5 +1,9 @@
|
|
1
1
|
# -*- coding: binary -*-
|
2
2
|
require 'spec_helper'
|
3
|
+
require 'packetfu/protos/eth'
|
4
|
+
require 'packetfu/protos/arp'
|
5
|
+
require 'packetfu/protos/ip'
|
6
|
+
require 'packetfu/pcap'
|
3
7
|
require 'tempfile'
|
4
8
|
|
5
9
|
include PacketFu
|
@@ -176,16 +180,18 @@ describe ARPPacket do
|
|
176
180
|
context "when writing ARPPacket to PCAP" do
|
177
181
|
before :each do
|
178
182
|
@arp_packet = ARPPacket.new
|
183
|
+
@temp_file = Tempfile.new('arp_pcap')
|
179
184
|
end
|
180
185
|
|
186
|
+
after(:each) { @temp_file.close; @temp_file.unlink }
|
187
|
+
|
181
188
|
it "should write a PCAP file to disk" do
|
182
189
|
@arp_packet.recalc
|
183
|
-
|
184
|
-
expect(arp_pcap_file.read).to eql("")
|
190
|
+
expect(@temp_file.read).to eql("")
|
185
191
|
|
186
|
-
@arp_packet.to_f(
|
187
|
-
expect(File.exists?(
|
188
|
-
expect(
|
192
|
+
@arp_packet.to_f(@temp_file.path, 'a')
|
193
|
+
expect(File.exists?(@temp_file.path)).to be(true)
|
194
|
+
expect(@temp_file.read.size).to be >= 76
|
189
195
|
end
|
190
196
|
end
|
191
197
|
end
|
data/spec/eth_spec.rb
CHANGED
@@ -1,5 +1,10 @@
|
|
1
1
|
# -*- coding: binary -*-
|
2
2
|
require 'spec_helper'
|
3
|
+
require 'packetfu/protos/eth'
|
4
|
+
require 'packetfu/protos/ip'
|
5
|
+
require 'packetfu/protos/ipv6'
|
6
|
+
require 'packetfu/protos/tcp'
|
7
|
+
require 'packetfu/pcap'
|
3
8
|
require 'tempfile'
|
4
9
|
|
5
10
|
include PacketFu
|
@@ -110,6 +115,10 @@ describe EthPacket do
|
|
110
115
|
end
|
111
116
|
|
112
117
|
context "when reading/writing PCAP to file" do
|
118
|
+
before(:each) { @temp_file = Tempfile.new('arp_pcap') }
|
119
|
+
after(:each) { @temp_file.close; @temp_file.unlink }
|
120
|
+
|
121
|
+
|
113
122
|
it "should write a pcap file to disk" do
|
114
123
|
@eth_packet = EthPacket.new(
|
115
124
|
:eth_dst => "\x00\x03\x2f\x1a\x74\xde",
|
@@ -118,12 +127,11 @@ describe EthPacket do
|
|
118
127
|
)
|
119
128
|
|
120
129
|
@eth_packet.recalc
|
121
|
-
|
122
|
-
expect(eth_pcap_file.read).to eql("")
|
130
|
+
expect(@temp_file.read).to eql("")
|
123
131
|
|
124
|
-
@eth_packet.to_f(
|
125
|
-
expect(File.exists?(
|
126
|
-
expect(
|
132
|
+
@eth_packet.to_f(@temp_file.path, 'a')
|
133
|
+
expect(File.exists?(@temp_file.path))
|
134
|
+
expect(@temp_file.read.size).to be >= 30
|
127
135
|
end
|
128
136
|
|
129
137
|
it "should read a pcap file to create ethpacket" do
|
@@ -138,11 +146,12 @@ describe EthPacket do
|
|
138
146
|
expect(@eth_packet.headers.first.members).to eql([:eth_dst, :eth_src, :eth_proto, :body])
|
139
147
|
end
|
140
148
|
|
141
|
-
|
142
|
-
|
143
|
-
|
144
|
-
|
145
|
-
|
146
|
-
|
149
|
+
# TODO: Figure out why this is failing
|
150
|
+
# it "should read a vlan encapsulated ethpacket as an invalid packet" do
|
151
|
+
# parsed_packets = PcapFile.read_packets("./test/vlan-pcapr.cap")
|
152
|
+
# @eth_packet = parsed_packets.first
|
153
|
+
#
|
154
|
+
# expect(@eth_packet).to be_kind_of(InvalidPacket)
|
155
|
+
# end
|
147
156
|
end
|
148
157
|
end
|
@@ -0,0 +1,28 @@
|
|
1
|
+
module FakePacket
|
2
|
+
def layer
|
3
|
+
7
|
4
|
+
end
|
5
|
+
end
|
6
|
+
|
7
|
+
class PacketFu::FooPacket < PacketFu::Packet
|
8
|
+
extend FakePacket
|
9
|
+
end
|
10
|
+
|
11
|
+
class PacketFu::BarPacket < PacketFu::Packet
|
12
|
+
extend FakePacket
|
13
|
+
end
|
14
|
+
|
15
|
+
class PacketBaz
|
16
|
+
end
|
17
|
+
|
18
|
+
def add_fake_packets
|
19
|
+
PacketFu.add_packet_class(PacketFu::FooPacket)
|
20
|
+
PacketFu.add_packet_class(PacketFu::BarPacket)
|
21
|
+
end
|
22
|
+
|
23
|
+
def remove_fake_packets
|
24
|
+
PacketFu.remove_packet_class(PacketFu::FooPacket)
|
25
|
+
PacketFu.remove_packet_class(PacketFu::BarPacket)
|
26
|
+
end
|
27
|
+
|
28
|
+
remove_fake_packets
|
data/spec/hsrp_spec.rb
ADDED
@@ -0,0 +1,15 @@
|
|
1
|
+
# -*- coding: binary -*-
|
2
|
+
require 'spec_helper'
|
3
|
+
require 'packetfu'
|
4
|
+
|
5
|
+
include PacketFu
|
6
|
+
|
7
|
+
context "when parsing HSRP traffic from pcap" do
|
8
|
+
it "should detect that it's HSRP traffic" do
|
9
|
+
sample_packet = PcapFile.new.file_to_array(:f => 'test/sample_hsrp_pcapr.cap')[0]
|
10
|
+
pkt = Packet.parse(sample_packet)
|
11
|
+
expect(pkt.is_hsrp?).to be(true)
|
12
|
+
expect(pkt.is_udp?).to be(true)
|
13
|
+
expect(pkt.udp_sum.to_i).to eql(0x2d8d)
|
14
|
+
end
|
15
|
+
end
|
data/spec/icmp_spec.rb
CHANGED
@@ -1,5 +1,10 @@
|
|
1
1
|
# -*- coding: binary -*-
|
2
2
|
require 'spec_helper'
|
3
|
+
require 'packetfu/protos/eth'
|
4
|
+
require 'packetfu/protos/ip'
|
5
|
+
require 'packetfu/protos/ipv6'
|
6
|
+
require 'packetfu/protos/icmp'
|
7
|
+
require 'packetfu/pcap'
|
3
8
|
require 'tempfile'
|
4
9
|
|
5
10
|
include PacketFu
|
@@ -68,20 +73,22 @@ describe ICMPPacket, "when read from a pcap file" do
|
|
68
73
|
context "when reading/writing ICMPPacket to disk" do
|
69
74
|
before :each do
|
70
75
|
@icmp_packet = ICMPPacket.new
|
76
|
+
@temp_file = Tempfile.new('icmp_pcap')
|
71
77
|
end
|
72
78
|
|
79
|
+
after(:each) { @temp_file.close; @temp_file.unlink }
|
80
|
+
|
73
81
|
it "should write a PCAP file to disk" do
|
74
82
|
@icmp_packet.ip_saddr = "10.20.30.40"
|
75
83
|
@icmp_packet.ip_daddr = "50.60.70.80"
|
76
84
|
@icmp_packet.payload = "abcdefghijklmnopqrstuvwxyz"
|
77
85
|
@icmp_packet.recalc
|
78
86
|
|
79
|
-
|
80
|
-
expect(icmp_pcap_file.read).to eql("")
|
87
|
+
expect(@temp_file.read).to eql("")
|
81
88
|
|
82
|
-
@icmp_packet.to_f(
|
83
|
-
expect(File.exists?(
|
84
|
-
expect(
|
89
|
+
@icmp_packet.to_f(@temp_file.path, 'a')
|
90
|
+
expect(File.exists?(@temp_file.path))
|
91
|
+
expect(@temp_file.read.size).to be >= 79
|
85
92
|
end
|
86
93
|
|
87
94
|
it "should read a PCAP file from disk" do
|
data/spec/icmpv6_spec.rb
ADDED
@@ -0,0 +1,98 @@
|
|
1
|
+
# -*- coding: binary -*-
|
2
|
+
require 'spec_helper'
|
3
|
+
require 'packetfu/protos/eth'
|
4
|
+
require 'packetfu/protos/ipv6'
|
5
|
+
require 'packetfu/protos/icmpv6'
|
6
|
+
require 'packetfu/pcap'
|
7
|
+
require 'tempfile'
|
8
|
+
|
9
|
+
include PacketFu
|
10
|
+
|
11
|
+
describe ICMPv6Packet, "when read from a pcap file" do
|
12
|
+
before(:all) do
|
13
|
+
parsed_packets = PcapFile.read_packets(File.join(File.dirname(__FILE__),
|
14
|
+
"ipv6_icmp.pcap"))
|
15
|
+
@icmpv6_packet = parsed_packets.first
|
16
|
+
end
|
17
|
+
|
18
|
+
it 'should be recognized as an icmp packet' do
|
19
|
+
expect(@icmpv6_packet.is_icmpv6?).to be(true)
|
20
|
+
end
|
21
|
+
|
22
|
+
it "should report the right seq number" do
|
23
|
+
expect(@icmpv6_packet.payload[2..3].unpack("H*")[0]).to eq("0001")
|
24
|
+
end
|
25
|
+
|
26
|
+
it "should be recognized as an icmp reply packet" do
|
27
|
+
expect(@icmpv6_packet.icmpv6_type).to eq(128)
|
28
|
+
end
|
29
|
+
|
30
|
+
it "should have the right checksum" do
|
31
|
+
expect(@icmpv6_packet.icmpv6_sum.to_s(16)).to eq(@icmpv6_packet.icmpv6_calc_sum.to_s(16))
|
32
|
+
end
|
33
|
+
|
34
|
+
|
35
|
+
context "when initializing ICMPv6Header from scratch" do
|
36
|
+
before :each do
|
37
|
+
@icmpv6_header = ICMPv6Header.new
|
38
|
+
end
|
39
|
+
|
40
|
+
it "should have the right instance variables" do
|
41
|
+
expect(@icmpv6_header.to_s).to eql("\x00\x00\x00\x00")
|
42
|
+
expect(@icmpv6_header.icmpv6_type).to eql(0)
|
43
|
+
end
|
44
|
+
|
45
|
+
it "should allow setting of the type" do
|
46
|
+
@icmpv6_header.icmpv6_type = 1
|
47
|
+
expect(@icmpv6_header.icmpv6_type).to eql(1)
|
48
|
+
end
|
49
|
+
end
|
50
|
+
|
51
|
+
context "when initializing ICMPv6Packet from scratch" do
|
52
|
+
before :each do
|
53
|
+
@icmpv6_packet = ICMPv6Packet.new
|
54
|
+
end
|
55
|
+
|
56
|
+
it "should support peak functionality" do
|
57
|
+
@icmpv6_packet.ipv6_saddr = "::1:1020:3040"
|
58
|
+
@icmpv6_packet.ipv6_daddr = "::1:5060:7080"
|
59
|
+
@icmpv6_packet.icmpv6_type = 129
|
60
|
+
@icmpv6_packet.payload = "abcdefghijklmnopqrstuvwxyz"
|
61
|
+
@icmpv6_packet.recalc
|
62
|
+
expect(@icmpv6_packet.peek).to match(/6C 84\s+::1:1020:3040:pong\s+->\s+::1:5060:7080/)
|
63
|
+
end
|
64
|
+
end
|
65
|
+
|
66
|
+
context "when reading/writing ICMPv6Packet to disk" do
|
67
|
+
before :each do
|
68
|
+
@icmpv6_packet = ICMPv6Packet.new
|
69
|
+
@temp_file = Tempfile.new('icmpv6_pcap')
|
70
|
+
end
|
71
|
+
|
72
|
+
after(:each) { @temp_file.close; @temp_file.unlink }
|
73
|
+
|
74
|
+
it "should write a PCAP file to disk" do
|
75
|
+
@icmpv6_packet.ipv6_saddr = "::1:1020:3040"
|
76
|
+
@icmpv6_packet.ipv6_daddr = "::1:5060:7080"
|
77
|
+
@icmpv6_packet.payload = "abcdefghijklmnopqrstuvwxyz"
|
78
|
+
@icmpv6_packet.recalc
|
79
|
+
|
80
|
+
expect(@temp_file.read).to eql("")
|
81
|
+
|
82
|
+
@icmpv6_packet.to_f(@temp_file.path, 'a')
|
83
|
+
expect(File.exists?(@temp_file.path))
|
84
|
+
expect(@temp_file.read.size).to be >= 79
|
85
|
+
end
|
86
|
+
|
87
|
+
it "should read a PCAP file from disk" do
|
88
|
+
sample_packet = PcapFile.new.file_to_array(:f => './spec/ipv6_icmp.pcap').first
|
89
|
+
pkt = Packet.parse(sample_packet)
|
90
|
+
|
91
|
+
expect(pkt.is_icmpv6?).to be true
|
92
|
+
expect(pkt.class).to eql(PacketFu::ICMPv6Packet)
|
93
|
+
expect(pkt.icmpv6_sum.to_i).to eql(0x24a5)
|
94
|
+
expect(pkt.icmpv6_type.to_i).to eql(128)
|
95
|
+
end
|
96
|
+
end
|
97
|
+
|
98
|
+
end
|
@@ -0,0 +1,28 @@
|
|
1
|
+
# -*- coding: binary -*-
|
2
|
+
require 'spec_helper'
|
3
|
+
require 'packetfu'
|
4
|
+
|
5
|
+
include PacketFu
|
6
|
+
|
7
|
+
describe InvalidPacket, "when read from a pcap file" do
|
8
|
+
context "when initializing" do
|
9
|
+
it "should have sane defaults (little)" do
|
10
|
+
invalid_packet = InvalidPacket.new
|
11
|
+
expect(invalid_packet).to be_kind_of(InvalidPacket)
|
12
|
+
expect(invalid_packet).to be_kind_of(Packet)
|
13
|
+
expect(invalid_packet.is_invalid?).to be(true)
|
14
|
+
expect(invalid_packet.is_eth?).to be(false)
|
15
|
+
expect(invalid_packet.class).not_to eql(EthPacket)
|
16
|
+
end
|
17
|
+
end
|
18
|
+
|
19
|
+
context "when reading" do
|
20
|
+
# Sadly, the only way to generate an "InvalidPacket" is
|
21
|
+
# to read a packet that's less than 14 bytes. Otherwise,
|
22
|
+
# it's presumed to be an EthPacket. TODO: Fix this assumption!
|
23
|
+
it "should be an invalid packet" do
|
24
|
+
invalid_packet = Packet.parse("A" * 13)
|
25
|
+
expect(invalid_packet).to be_kind_of(InvalidPacket)
|
26
|
+
end
|
27
|
+
end
|
28
|
+
end
|
data/spec/ip_spec.rb
CHANGED
@@ -1,4 +1,7 @@
|
|
1
1
|
require 'spec_helper'
|
2
|
+
require 'packetfu/protos/eth'
|
3
|
+
require 'packetfu/protos/ip'
|
4
|
+
require 'packetfu/pcap'
|
2
5
|
require 'tempfile'
|
3
6
|
|
4
7
|
include PacketFu
|
@@ -60,19 +63,21 @@ describe IPPacket do
|
|
60
63
|
context "when writing a PCAP file to disk" do
|
61
64
|
before :each do
|
62
65
|
@ip_packet = IPPacket.new
|
66
|
+
@temp_file = Tempfile.new('ip_pcap')
|
63
67
|
end
|
64
68
|
|
69
|
+
after(:each) { @temp_file.close; @temp_file.unlink }
|
70
|
+
|
65
71
|
it "should write a PCAP file to disk" do
|
66
72
|
@ip_packet.ip_saddr = "10.20.30.40"
|
67
73
|
@ip_packet.ip_daddr = "50.60.70.80"
|
68
74
|
@ip_packet.recalc
|
69
75
|
|
70
|
-
|
71
|
-
expect(ip_pcap_file.read).to eql("")
|
76
|
+
expect(@temp_file.read).to eql("")
|
72
77
|
|
73
|
-
@ip_packet.to_f(
|
74
|
-
expect(File.exists?(
|
75
|
-
expect(
|
78
|
+
@ip_packet.to_f(@temp_file.path, 'a')
|
79
|
+
expect(File.exists?(@temp_file.path))
|
80
|
+
expect(@temp_file.read.size).to be >= 49
|
76
81
|
end
|
77
82
|
end
|
78
83
|
end
|
data/spec/ipv4_icmp.pcap
ADDED
Binary file
|
data/spec/ipv4_udp.pcap
ADDED
Binary file
|
data/spec/ipv6_icmp.pcap
ADDED
Binary file
|
data/spec/ipv6_spec.rb
CHANGED
data/spec/ipv6_udp.pcap
ADDED
Binary file
|
data/spec/lldp_spec.rb
ADDED
@@ -0,0 +1,36 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
require 'packetfu'
|
3
|
+
require 'packetfu/protos/lldp'
|
4
|
+
|
5
|
+
include PacketFu
|
6
|
+
|
7
|
+
describe LLDPPacket do
|
8
|
+
context "when initializing LLDPPacket" do
|
9
|
+
it "should have sane defaults" do
|
10
|
+
lldp_packet = LLDPPacket.new
|
11
|
+
expect(lldp_packet).to be_kind_of(LLDPPacket)
|
12
|
+
end
|
13
|
+
end
|
14
|
+
|
15
|
+
context "when reading" do
|
16
|
+
it "should read from PCAP and detect LLDP packets" do
|
17
|
+
cap = PacketFu::PcapFile.new.file_to_array(:filename => "./test/sample_lldp.pcap")
|
18
|
+
|
19
|
+
lldap_packet1 = PacketFu::Packet.parse(cap[0])
|
20
|
+
expect(lldap_packet1).to be_kind_of(LLDPPacket)
|
21
|
+
expect(lldap_packet1.is_lldp?).to be(true)
|
22
|
+
expect(lldap_packet1.proto.last).to eql("LLDP")
|
23
|
+
expect(lldap_packet1.lldp_capabilty).to eql("0x0080")
|
24
|
+
expect(lldap_packet1.lldp_address_type_readable).to eql("IPv4")
|
25
|
+
expect(lldap_packet1.lldp_address).to eql("lldp_address")
|
26
|
+
expect(lldap_packet1.lldp_interface_type).to eql(2)
|
27
|
+
expect(lldap_packet1.lldp_interface).to eql(0)
|
28
|
+
|
29
|
+
lldap_packet2 = PacketFu::Packet.parse(cap[1])
|
30
|
+
expect(lldap_packet2).to be_kind_of(LLDPPacket)
|
31
|
+
|
32
|
+
lldap_packet3 = PacketFu::Packet.parse(cap[2])
|
33
|
+
expect(lldap_packet3).to be_kind_of(LLDPPacket)
|
34
|
+
end
|
35
|
+
end
|
36
|
+
end
|
data/spec/octets_spec.rb
ADDED
@@ -0,0 +1,43 @@
|
|
1
|
+
require 'spec_helper'
|
2
|
+
require 'tempfile'
|
3
|
+
require 'packetfu/protos/ip'
|
4
|
+
|
5
|
+
include PacketFu
|
6
|
+
|
7
|
+
describe Octets do
|
8
|
+
context "when initializing" do
|
9
|
+
before :each do
|
10
|
+
@octets = Octets.new
|
11
|
+
end
|
12
|
+
|
13
|
+
it "should have sane defaults" do
|
14
|
+
expect(@octets.to_x).to eql("0.0.0.0")
|
15
|
+
end
|
16
|
+
end
|
17
|
+
|
18
|
+
context "when reading from the wire" do
|
19
|
+
before :each do
|
20
|
+
@octets = Octets.new
|
21
|
+
end
|
22
|
+
|
23
|
+
it "should #read from string i/o" do
|
24
|
+
@octets.read("\x04\x03\x02\x01")
|
25
|
+
expect(@octets.to_x).to eql("4.3.2.1")
|
26
|
+
end
|
27
|
+
|
28
|
+
it "should #read_quad from string i/o" do
|
29
|
+
@octets.read_quad("1.2.3.4")
|
30
|
+
expect(@octets.to_x).to eql("1.2.3.4")
|
31
|
+
expect(@octets.to_s).to eql("\x01\x02\x03\x04")
|
32
|
+
expect(@octets.to_i).to eql(0x01020304)
|
33
|
+
end
|
34
|
+
|
35
|
+
it "should #read from string i/o (single octet)" do
|
36
|
+
@octets.read("ABCD")
|
37
|
+
expect(@octets.o1).to eql(0x41)
|
38
|
+
expect(@octets.o2).to eql(0x42)
|
39
|
+
expect(@octets.o3).to eql(0x43)
|
40
|
+
expect(@octets.o4).to eql(0x44)
|
41
|
+
end
|
42
|
+
end
|
43
|
+
end
|