RubyGems - packetfu - Versions diffs - 1.1.2 → 1.1.3 - Mend

packetfu 1.1.2 → 1.1.3

Files changed (67) hide show

data/.gitignore +3 -0
data/INSTALL.rdoc +40 -0
data/LICENSE.txt +25 -0
data/examples/100kpackets.rb +41 -0
data/examples/ackscan.rb +38 -0
data/examples/arp.rb +60 -0
data/examples/arphood.rb +59 -0
data/examples/dissect_thinger.rb +22 -0
data/examples/ethernet.rb +10 -0
data/examples/examples.rb +3 -0
data/examples/ids.rb +4 -0
data/examples/idsv2.rb +6 -0
data/examples/new-simple-stats.rb +52 -0
data/examples/oui.txt +84177 -0
data/examples/packetfu-shell.rb +113 -0
data/examples/simple-sniffer.rb +40 -0
data/examples/simple-stats.rb +50 -0
data/examples/slammer.rb +33 -0
data/examples/uniqpcap.rb +15 -0
data/lib/packetfu.rb +147 -0
data/lib/packetfu/capture.rb +169 -0
data/lib/packetfu/config.rb +58 -0
data/lib/packetfu/inject.rb +65 -0
data/lib/packetfu/packet.rb +533 -0
data/lib/packetfu/pcap.rb +594 -0
data/lib/packetfu/protos/arp.rb +268 -0
data/lib/packetfu/protos/eth.rb +296 -0
data/lib/packetfu/protos/hsrp.rb +206 -0
data/lib/packetfu/protos/icmp.rb +179 -0
data/lib/packetfu/protos/invalid.rb +55 -0
data/lib/packetfu/protos/ip.rb +378 -0
data/lib/packetfu/protos/ipv6.rb +250 -0
data/lib/packetfu/protos/tcp.rb +1127 -0
data/lib/packetfu/protos/udp.rb +240 -0
data/lib/packetfu/structfu.rb +294 -0
data/lib/packetfu/utils.rb +194 -0
data/lib/packetfu/version.rb +50 -0
data/packetfu.gemspec +21 -0
data/setup.rb +1586 -0
data/test/all_tests.rb +41 -0
data/test/ethpacket_spec.rb +74 -0
data/test/packet_spec.rb +73 -0
data/test/packet_subclasses_spec.rb +13 -0
data/test/packetfu_spec.rb +90 -0
data/test/ptest.rb +16 -0
data/test/sample-ipv6.pcap +0 -0
data/test/sample.pcap +0 -0
data/test/sample2.pcap +0 -0
data/test/sample_hsrp_pcapr.cap +0 -0
data/test/structfu_spec.rb +335 -0
data/test/tcp_spec.rb +101 -0
data/test/test_arp.rb +135 -0
data/test/test_eth.rb +91 -0
data/test/test_hsrp.rb +20 -0
data/test/test_icmp.rb +54 -0
data/test/test_inject.rb +31 -0
data/test/test_invalid.rb +28 -0
data/test/test_ip.rb +69 -0
data/test/test_ip6.rb +68 -0
data/test/test_octets.rb +37 -0
data/test/test_packet.rb +174 -0
data/test/test_pcap.rb +209 -0
data/test/test_structfu.rb +112 -0
data/test/test_tcp.rb +327 -0
data/test/test_udp.rb +73 -0
data/test/vlan-pcapr.cap +0 -0
metadata +85 -6

data/test/tcp_spec.rb ADDED Viewed

@@ -0,0 +1,101 @@
+$:.unshift File.join(File.expand_path(File.dirname(__FILE__)), "..", "lib")
+require 'packetfu'
+include PacketFu
+def unusual_numeric_handling_headers(header,i)
+	camelized_header = header.to_s.split("_").map {|x| x.capitalize}.join
+	header_class = PacketFu.const_get camelized_header
+	specify { subject.send(header).should == i }
+	specify { subject.send(header).should be_kind_of Integer }
+	specify { subject.headers.last[header].should be_kind_of header_class }
+end
+def tcp_hlen_numeric(i)
+	unusual_numeric_handling_headers(:tcp_hlen,i)
+end
+def tcp_reserved_numeric(i)
+	unusual_numeric_handling_headers(:tcp_reserved,i)
+end
+def tcp_ecn_numeric(i)
+	unusual_numeric_handling_headers(:tcp_ecn,i)
+end
+describe TCPPacket do
+	subject do
+		bytes = PcapFile.file_to_array("sample2.pcap")[2]
+		packet = Packet.parse(bytes)
+	end
+	context "TcpHlen reading and setting" do
+		context "TcpHlen set via #read" do
+			tcp_hlen_numeric(8)
+		end
+		context "TcpHlen set via an Integer for the setter" do
+			(0..15).each do |i|
+				context "i is #{i}" do
+					before { subject.tcp_hlen = i }
+					tcp_hlen_numeric(i)
+				end
+			end
+		end
+		context "TcpHlen set via a String for the setter" do
+			before { subject.tcp_hlen = "\x60" }
+			tcp_hlen_numeric(6)
+		end
+		context "TcpHlen set via a TcpHlen for the setter" do
+			before { subject.tcp_hlen = TcpHlen.new(:hlen => 7) }
+			tcp_hlen_numeric(7)
+		end
+	end
+	context "TcpReserved reading and setting" do
+		context "TcpReserved set via #read" do
+			tcp_reserved_numeric(0)
+		end
+		context "TcpReserved set via an Integer for the setter" do
+			(0..7).each do |i|
+				context "i is #{i}" do
+					before { subject.tcp_reserved = i }
+					tcp_reserved_numeric(i)
+				end
+			end
+		end
+		context "TcpReserved set via a String for the setter" do
+			before { subject.tcp_reserved = "\x03" }
+			tcp_reserved_numeric(3)
+		end
+		context "TcpReserved set via a TcpReserved for the setter" do
+			before { subject.tcp_reserved = TcpReserved.new(:r1 => 1, :r2 => 0, :r3 => 1) }
+			tcp_reserved_numeric(5)
+		end
+	end
+	context "TcpEcn reading and setting" do
+		context "TcpEcn set via #read" do
+			tcp_ecn_numeric(0)
+		end
+		context "TcpEcn set via an Integer for the setter" do
+			(0..7).each do |i|
+				context "i is #{i}" do
+					before { subject.tcp_ecn = i }
+					tcp_ecn_numeric(i)
+				end
+			end
+		end
+		context "TcpEcn set via a String for the setter" do
+			before { subject.tcp_ecn = "\x00\xc0" }
+			tcp_ecn_numeric(3)
+		end
+		context "TcpEcn set via a TcpEcn for the setter" do
+			before { subject.tcp_ecn = TcpEcn.new(:n => 1, :c => 0, :e => 1) }
+			tcp_ecn_numeric(5)
+		end
+	end
+end

data/test/test_arp.rb ADDED Viewed

@@ -0,0 +1,135 @@
+#!/usr/bin/env ruby
+require 'test/unit'
+$:.unshift File.join(File.expand_path(File.dirname(__FILE__)), "..", "lib")
+require 'packetfu'
+class ArpTest < Test::Unit::TestCase
+	include PacketFu
+	def test_arp_header
+		a = ARPHeader.new
+		assert_kind_of ARPHeader, a
+		assert_kind_of StructFu::Int16, a[:arp_hw]
+		assert_kind_of Fixnum, a.arp_hw
+		assert_kind_of Octets, a[:arp_src_ip]
+		assert_kind_of String, a.arp_src_ip
+		assert_kind_of EthMac, a[:arp_dst_mac]
+		assert_kind_of String, a.arp_dst_mac
+		assert_kind_of StructFu::String, a.body
+	end
+	def test_read_header
+		a = ARPHeader.new
+		sample_arp = "000108000604000200032f1a74dec0a80102001b1151b7cec0a80169"
+		sample_arp = sample_arp.scan(/../).map {|x| x.to_i(16)}.pack("C*")
+		a.read(sample_arp)
+		assert_equal(sample_arp, a.to_s)
+		assert_equal("192.168.1.105", a.arp_daddr_ip)
+		assert_equal("192.168.1.2", a.arp_saddr_ip)
+		assert_equal("00:1b:11:51:b7:ce", a.arp_daddr_mac)
+		assert_equal("00:03:2f:1a:74:de", a.arp_saddr_mac)
+	end
+	def test_arp_read
+		a = ARPPacket.new
+		sample_arp = "001b1151b7ce00032f1a74de0806000108000604000200032f1a74dec0a80102001b1151b7cec0a80169c0a80169"
+		sample_arp = sample_arp.scan(/../).map {|x| x.to_i(16)}.pack("C*")
+		a.read(sample_arp)
+		assert_equal(sample_arp, a.to_s)
+	end
+	def test_write_ip
+		a = ARPPacket.new
+		a.arp_saddr_ip="1.2.3.4"
+		a.arp_daddr_ip="5.6.7.8"
+		assert_equal("1.2.3.4",a.arp_saddr_ip)
+		assert_equal("5.6.7.8",a.arp_daddr_ip)
+		assert_equal("\x01\x02\x03\x04",a.arp_src_ip)
+		assert_equal("\x05\x06\x07\x08",a.arp_dst_ip)
+	end
+	def test_write_mac
+		a = ARPPacket.new
+		a.arp_saddr_mac = "00:01:02:03:04:05"
+		a.arp_daddr_mac = "00:06:07:08:09:0a"
+		assert_equal("00:01:02:03:04:05",a.arp_saddr_mac)
+		assert_equal("00:06:07:08:09:0a",a.arp_daddr_mac)
+		assert_equal("\x00\x01\x02\x03\x04\x05",a.arp_src_mac)
+		assert_equal("\x00\x06\x07\x08\x09\x0a",a.arp_dst_mac)
+	end
+	def test_arp_flavors
+		a = ARPPacket.new(:flavor => "Windows")
+		assert_equal("\x00" * 64, a.payload)
+		a = ARPPacket.new(:flavor => "Linux")
+		assert_equal(32, a.payload.size)
+		a = ARPPacket.new(:flavor => :hp_deskjet)
+		assert_equal(18, a.payload.size)
+		a = ARPPacket.new
+		assert_equal("\x00" * 18, a.payload)
+	end
+	def test_arp_create
+		sample_arp = "000108000604000200032f1a74dec0a80102001b1151b7cec0a80169"
+		sample_arp = sample_arp.scan(/../).map {|x| x.to_i(16)}.pack("C*")
+		a = ARPPacket.new
+		assert_kind_of ARPPacket, a
+		a.arp_hw = 1
+		a.arp_proto = 0x0800
+		a.arp_hw_len = 6
+		a.arp_proto_len = 4
+		a.arp_opcode = 2
+		a.arp_src_mac = "\x00\x03\x2f\x1a\x74\xde"
+		a.arp_src_ip = "\xc0\xa8\x01\x02"
+		a.arp_dst_mac = "\x00\x1b\x11\x51\xb7\xce"
+		a.arp_dst_ip = "\xc0\xa8\x01\x69"
+		a.payload = ""
+		assert_equal(sample_arp,a.to_s[14,0xffff])
+	end
+	def test_arp_new
+		sample_arp = "000108000604000200032f1a74dec0a80102001b1151b7cec0a80169c0a80169"
+		sample_arp = sample_arp.scan(/../).map {|x| x.to_i(16)}.pack("C*")
+		arp = ARPPacket.new(:arp_hw => 1, :arp_proto => 0x0800,
+											 :arp_opcode => 2, :arp_src_ip => "\xc0\xa8\x01\x02")
+		assert_kind_of ARPPacket, arp
+		arp.arp_hw_len = 6
+		arp.arp_proto_len = 4
+		arp.arp_src_mac = "\x00\x03\x2f\x1a\x74\xde"
+		arp.arp_dst_mac = "\x00\x1b\x11\x51\xb7\xce"
+		arp.arp_dst_ip = "\xc0\xa8\x01\x69"
+		arp.payload = "\xc0\xa8\x01\x69"
+		assert_equal(sample_arp,arp.to_s[14,0xffff])
+	end
+	def test_arp_peek
+		a = ARPPacket.new
+		puts "\n"
+		puts "ARP Peek format: "
+		puts a.peek
+		puts "\n"
+		assert(a.peek.size <= 80)
+	end
+	def test_arp_pcap
+		a = ARPPacket.new
+		assert_kind_of ARPPacket, a
+		a.to_f('arp_test.pcap','w')
+		a.arp_hw = 1
+		a.arp_proto = 0x0800
+		a.arp_hw_len = 6
+		a.arp_proto_len = 4
+		a.arp_opcode = 2
+		a.arp_src_mac = "\x00\x03\x2f\x1a\x74\xde"
+		a.arp_src_ip = "\xc0\xa8\x01\x02"
+		a.arp_dst_mac = "\x00\x1b\x11\x51\xb7\xce"
+		a.arp_dst_ip = "\xc0\xa8\x01\x69"
+		a.payload = ""
+		a.eth_daddr = "00:1b:11:51:b7:ce"
+		a.eth_saddr = "00:03:2f:1a:74:de"
+		a.to_f('arp_test.pcap','a')
+	end
+end
+# vim: nowrap sw=2 sts=0 ts=2 ff=unix ft=ruby

data/test/test_eth.rb ADDED Viewed

@@ -0,0 +1,91 @@
+#!/usr/bin/env ruby
+require 'test/unit'
+$:.unshift File.join(File.expand_path(File.dirname(__FILE__)), "..", "lib")
+require 'packetfu'
+puts "Testing #{PacketFu.version}: #{$0}"
+class EthTest < Test::Unit::TestCase
+	def test_ethmac
+		dst = "\x00\x03\x2f\x1a\x74\xde"
+		e = PacketFu::EthMac.new
+		e.read dst
+		assert_equal(dst, e.to_s)
+		assert_equal(0x32f, e.oui.oui)
+		assert_equal("\x1a\x74\xde", e.nic.to_s)
+		assert_equal(222, e.nic.n2)
+	end
+	def test_ethmac_ipad
+		dst = "\x7c\x6d\x62\x01\x02\x03"
+		e = PacketFu::EthMac.new
+		e.read dst
+		assert_equal(dst, e.to_s)
+		assert_equal(0x6d62, e.oui.oui)
+	end
+	def test_ethmac_class
+		src = "\x00\x1b\x11\x51\xb7\xce"
+		e = PacketFu::EthMac.new
+		e.read src
+		assert_instance_of(PacketFu::EthMac, e)
+	end
+	def test_eth
+		header = "00032f1a74de001b1151b7ce0800".scan(/../).map { |x| x.to_i(16) }.pack("C*")
+		src = "\x00\x1b\x11\x51\xb7\xce"
+		dst = "\x00\x03\x2f\x1a\x74\xde"
+		e = PacketFu::EthHeader.new
+		e.eth_dst = dst
+		e.eth_src = src
+		e.eth_proto = "\x08\x00"
+		assert_equal(header, e.to_s)
+		assert_equal(header, PacketFu::EthHeader.new.read(header).to_s)
+	end
+	def test_macaddr
+		dst = "\x00\x03\x2f\x1a\x74\xde"
+		dstmac = "00:03:2f:1a:74:de"
+		assert_equal(dstmac,PacketFu::EthHeader.str2mac(dst))
+		assert_equal(dst, PacketFu::EthHeader.mac2str(dstmac))
+	end
+end
+class EthPacketTest < Test::Unit::TestCase
+	include PacketFu
+	def test_eth_create
+		sample_packet = PcapFile.new.file_to_array(:f => 'sample.pcap')[0]
+		e = EthPacket.new
+		header = "00032f1a74de001b1151b7ce0800".scan(/../).map { |x| x.to_i(16) }.pack("C*")
+		assert_kind_of EthPacket, e
+		assert_kind_of EthHeader, e.headers[0]
+		assert e.is_eth?
+		assert !e.is_tcp?
+		e.eth_dst = "\x00\x03\x2f\x1a\x74\xde"
+		e.eth_src = "\x00\x1b\x11\x51\xb7\xce"
+		e.eth_proto = 0x0800
+		assert_equal header, e.to_s[0,14]
+	end
+	def test_eth_new
+		p = EthPacket.new(
+		:eth_dst => "\x00\x03\x2f\x1a\x74\xde",
+		:eth_src => "\x00\x1b\x11\x51\xb7\xce",
+		:eth_proto => 0x0800)
+		header = "00032f1a74de001b1151b7ce0800".scan(/../).map { |x| x.to_i(16) }.pack("C*")
+		assert_equal header, p.to_s[0,14]
+	end
+	def test_eth_write
+		p = EthPacket.new(
+		:eth_dst => "\x00\x03\x2f\x1a\x74\xde",
+		:eth_src => "\x00\x1b\x11\x51\xb7\xce",
+		:eth_proto => 0x0800)
+		p.to_f('eth_test.pcap')
+	end
+end
+# vim: nowrap sw=2 sts=0 ts=2 ff=unix ft=ruby

data/test/test_hsrp.rb ADDED Viewed

@@ -0,0 +1,20 @@
+#!/usr/bin/env ruby
+require 'test/unit'
+$:.unshift File.join(File.expand_path(File.dirname(__FILE__)), "..", "lib")
+require 'packetfu'
+class HSRPTest < Test::Unit::TestCase
+	include PacketFu
+	def test_hsrp_read
+		sample_packet = PcapFile.new.file_to_array(:f => 'sample_hsrp_pcapr.cap')[0]
+		pkt = Packet.parse(sample_packet)
+		assert pkt.is_hsrp?
+		assert pkt.is_udp?
+		assert_equal(0x2d8d, pkt.udp_sum.to_i)
+		# pkt.to_f('udp_test.pcap','a')
+	end
+end
+# vim: nowrap sw=2 sts=0 ts=2 ff=unix ft=ruby

data/test/test_icmp.rb ADDED Viewed

@@ -0,0 +1,54 @@
+#!/usr/bin/env ruby
+require 'test/unit'
+$:.unshift File.join(File.expand_path(File.dirname(__FILE__)), "..", "lib")
+require 'packetfu'
+class ICMPTest < Test::Unit::TestCase
+	include PacketFu
+	def test_icmp_header_new
+		i = ICMPHeader.new
+		assert_kind_of ICMPHeader, i
+		assert_equal("\x00\x00\xff\xff", i.to_s)
+		i.icmp_type = 1
+		i.icmp_recalc :icmp_sum
+		assert_equal("\x01\x00\xfe\xff", i.to_s)
+	end
+	def test_icmp_peek
+		i = ICMPPacket.new
+		i.ip_saddr = "10.20.30.40"
+		i.ip_daddr = "50.60.70.80"
+		i.payload = "abcdefghijklmnopqrstuvwxyz"
+		i.recalc
+		puts "\n"
+		puts "ICMP Peek format: "
+		puts i.peek
+		assert (i.peek.size <= 80)
+	end
+	def test_icmp_pcap
+		i = ICMPPacket.new
+		assert_kind_of ICMPPacket, i
+		i.recalc
+		i.to_f('icmp_test.pcap')
+		i.ip_saddr = "10.20.30.40"
+		i.ip_daddr = "50.60.70.80"
+		i.payload = "\x00\x01\x00\01abcdefghijklmnopqrstuvwxyz"
+		i.icmp_code = 8
+		i.recalc
+		i.to_f('icmp_test.pcap','a')
+		assert File.exists?('icmp_test.pcap')
+	end
+	def test_icmp_read
+		sample_packet = PcapFile.new.file_to_array(:f => 'sample.pcap')[2]
+		pkt = Packet.parse(sample_packet)
+		assert_kind_of ICMPPacket, pkt
+		assert_equal(0x4d58, pkt.icmp_sum.to_i)
+		assert_equal(8, pkt.icmp_type.to_i)
+	end
+end
+# vim: nowrap sw=2 sts=0 ts=2 ff=unix ft=ruby

data/test/test_inject.rb ADDED Viewed

@@ -0,0 +1,31 @@
+#!/usr/bin/env ruby
+require 'test/unit'
+$:.unshift File.join(File.expand_path(File.dirname(__FILE__)), "..", "lib")
+require 'packetfu'
+class InjectTest < Test::Unit::TestCase
+	def test_cap
+		assert_nothing_raised { PacketFu::Capture }
+	end
+	def test_whoami
+		assert_nothing_raised { PacketFu::Utils.whoami?(:iface => (ENV['IFACE'] || 'lo')) }
+	end
+	def test_to_w
+		assert_equal(Process.euid, 0, "TEST FAIL: This test must be run as root")
+		conf = PacketFu::Utils.whoami?(:iface => (ENV['IFACE'] || 'lo'))
+		p = PacketFu::UDPPacket.new(:config => conf)
+		p.udp_dport = 12345
+		p.udp_sport = 12345
+		p.payload = "PacketFu test packet"
+		p.recalc
+		assert p.to_w
+	end
+end
+# vim: nowrap sw=2 sts=0 ts=2 ff=unix ft=ruby

data/test/test_invalid.rb ADDED Viewed

@@ -0,0 +1,28 @@
+#!/usr/bin/env ruby
+require 'test/unit'
+$:.unshift File.join(File.expand_path(File.dirname(__FILE__)), "..", "lib")
+require 'packetfu'
+class InvalidTest < Test::Unit::TestCase
+	include PacketFu
+	def test_create_invalid
+		p = InvalidPacket.new
+		assert_kind_of InvalidPacket, p
+		assert_kind_of Packet, p
+		assert p.is_invalid?
+		assert_equal false, p.is_eth?
+		assert_not_equal EthPacket, p.class
+	end
+	# Sadly, the only way to generate an "InvalidPacket" is
+	# to read a packet that's less than 14 bytes. Otherwise,
+	# it's presumed to be an EthPacket. TODO: Fix this assumption!
+	def test_parse_invalid
+		p = Packet.parse("A" * 13)
+		assert_kind_of InvalidPacket, p
+	end
+end
+# vim: nowrap sw=2 sts=0 ts=2 ff=unix ft=ruby