RubyGems - packetfu - Versions diffs - 1.1.2 → 1.1.3 - Mend

packetfu 1.1.2 → 1.1.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (67) hide show

data/.gitignore +3 -0
data/INSTALL.rdoc +40 -0
data/LICENSE.txt +25 -0
data/examples/100kpackets.rb +41 -0
data/examples/ackscan.rb +38 -0
data/examples/arp.rb +60 -0
data/examples/arphood.rb +59 -0
data/examples/dissect_thinger.rb +22 -0
data/examples/ethernet.rb +10 -0
data/examples/examples.rb +3 -0
data/examples/ids.rb +4 -0
data/examples/idsv2.rb +6 -0
data/examples/new-simple-stats.rb +52 -0
data/examples/oui.txt +84177 -0
data/examples/packetfu-shell.rb +113 -0
data/examples/simple-sniffer.rb +40 -0
data/examples/simple-stats.rb +50 -0
data/examples/slammer.rb +33 -0
data/examples/uniqpcap.rb +15 -0
data/lib/packetfu.rb +147 -0
data/lib/packetfu/capture.rb +169 -0
data/lib/packetfu/config.rb +58 -0
data/lib/packetfu/inject.rb +65 -0
data/lib/packetfu/packet.rb +533 -0
data/lib/packetfu/pcap.rb +594 -0
data/lib/packetfu/protos/arp.rb +268 -0
data/lib/packetfu/protos/eth.rb +296 -0
data/lib/packetfu/protos/hsrp.rb +206 -0
data/lib/packetfu/protos/icmp.rb +179 -0
data/lib/packetfu/protos/invalid.rb +55 -0
data/lib/packetfu/protos/ip.rb +378 -0
data/lib/packetfu/protos/ipv6.rb +250 -0
data/lib/packetfu/protos/tcp.rb +1127 -0
data/lib/packetfu/protos/udp.rb +240 -0
data/lib/packetfu/structfu.rb +294 -0
data/lib/packetfu/utils.rb +194 -0
data/lib/packetfu/version.rb +50 -0
data/packetfu.gemspec +21 -0
data/setup.rb +1586 -0
data/test/all_tests.rb +41 -0
data/test/ethpacket_spec.rb +74 -0
data/test/packet_spec.rb +73 -0
data/test/packet_subclasses_spec.rb +13 -0
data/test/packetfu_spec.rb +90 -0
data/test/ptest.rb +16 -0
data/test/sample-ipv6.pcap +0 -0
data/test/sample.pcap +0 -0
data/test/sample2.pcap +0 -0
data/test/sample_hsrp_pcapr.cap +0 -0
data/test/structfu_spec.rb +335 -0
data/test/tcp_spec.rb +101 -0
data/test/test_arp.rb +135 -0
data/test/test_eth.rb +91 -0
data/test/test_hsrp.rb +20 -0
data/test/test_icmp.rb +54 -0
data/test/test_inject.rb +31 -0
data/test/test_invalid.rb +28 -0
data/test/test_ip.rb +69 -0
data/test/test_ip6.rb +68 -0
data/test/test_octets.rb +37 -0
data/test/test_packet.rb +174 -0
data/test/test_pcap.rb +209 -0
data/test/test_structfu.rb +112 -0
data/test/test_tcp.rb +327 -0
data/test/test_udp.rb +73 -0
data/test/vlan-pcapr.cap +0 -0
metadata +85 -6

data/test/tcp_spec.rb ADDED Viewed

@@ -0,0 +1,101 @@
+$:.unshift File.join(File.expand_path(File.dirname(__FILE__)), "..", "lib")
+require 'packetfu'
+include PacketFu
+def unusual_numeric_handling_headers(header,i)
+	camelized_header = header.to_s.split("_").map {|x| x.capitalize}.join
+	header_class = PacketFu.const_get camelized_header
+	specify { subject.send(header).should == i }
+	specify { subject.send(header).should be_kind_of Integer }
+	specify { subject.headers.last[header].should be_kind_of header_class }
+end
+def tcp_hlen_numeric(i)
+	unusual_numeric_handling_headers(:tcp_hlen,i)
+end
+def tcp_reserved_numeric(i)
+	unusual_numeric_handling_headers(:tcp_reserved,i)
+end
+def tcp_ecn_numeric(i)
+	unusual_numeric_handling_headers(:tcp_ecn,i)
+end
+describe TCPPacket do
+	subject do
+		bytes = PcapFile.file_to_array("sample2.pcap")[2]
+		packet = Packet.parse(bytes)
+	end
+	context "TcpHlen reading and setting" do
+		context "TcpHlen set via #read" do
+			tcp_hlen_numeric(8)
+		end
+		context "TcpHlen set via an Integer for the setter" do
+			(0..15).each do |i|
+				context "i is #{i}" do
+					before { subject.tcp_hlen = i }
+					tcp_hlen_numeric(i)
+				end
+			end
+		end
+		context "TcpHlen set via a String for the setter" do
+			before { subject.tcp_hlen = "\x60" }
+			tcp_hlen_numeric(6)
+		end
+		context "TcpHlen set via a TcpHlen for the setter" do
+			before { subject.tcp_hlen = TcpHlen.new(:hlen => 7) }
+			tcp_hlen_numeric(7)
+		end
+	end
+	context "TcpReserved reading and setting" do
+		context "TcpReserved set via #read" do
+			tcp_reserved_numeric(0)
+		end
+		context "TcpReserved set via an Integer for the setter" do
+			(0..7).each do |i|
+				context "i is #{i}" do
+					before { subject.tcp_reserved = i }
+					tcp_reserved_numeric(i)
+				end
+			end
+		end
+		context "TcpReserved set via a String for the setter" do
+			before { subject.tcp_reserved = "\x03" }
+			tcp_reserved_numeric(3)
+		end
+		context "TcpReserved set via a TcpReserved for the setter" do
+			before { subject.tcp_reserved = TcpReserved.new(:r1 => 1, :r2 => 0, :r3 => 1) }
+			tcp_reserved_numeric(5)
+		end
+	end
+	context "TcpEcn reading and setting" do
+		context "TcpEcn set via #read" do
+			tcp_ecn_numeric(0)
+		end
+		context "TcpEcn set via an Integer for the setter" do
+			(0..7).each do |i|
+				context "i is #{i}" do
+					before { subject.tcp_ecn = i }
+					tcp_ecn_numeric(i)
+				end
+			end
+		end
+		context "TcpEcn set via a String for the setter" do
+			before { subject.tcp_ecn = "\x00\xc0" }
+			tcp_ecn_numeric(3)
+		end
+		context "TcpEcn set via a TcpEcn for the setter" do
+			before { subject.tcp_ecn = TcpEcn.new(:n => 1, :c => 0, :e => 1) }
+			tcp_ecn_numeric(5)
+		end
+	end
+end

data/test/test_arp.rb ADDED Viewed

@@ -0,0 +1,135 @@
+#!/usr/bin/env ruby
+require 'test/unit'
+$:.unshift File.join(File.expand_path(File.dirname(__FILE__)), "..", "lib")
+require 'packetfu'
+class ArpTest < Test::Unit::TestCase
+	include PacketFu
+	def test_arp_header
+		a = ARPHeader.new
+		assert_kind_of ARPHeader, a
+		assert_kind_of StructFu::Int16, a[:arp_hw]
+		assert_kind_of Fixnum, a.arp_hw
+		assert_kind_of Octets, a[:arp_src_ip]
+		assert_kind_of String, a.arp_src_ip
+		assert_kind_of EthMac, a[:arp_dst_mac]
+		assert_kind_of String, a.arp_dst_mac
+		assert_kind_of StructFu::String, a.body
+	end
+	def test_read_header
+		a = ARPHeader.new
+		sample_arp = "000108000604000200032f1a74dec0a80102001b1151b7cec0a80169"
+		sample_arp = sample_arp.scan(/../).map {|x| x.to_i(16)}.pack("C*")
+		a.read(sample_arp)
+		assert_equal(sample_arp, a.to_s)
+		assert_equal("192.168.1.105", a.arp_daddr_ip)
+		assert_equal("192.168.1.2", a.arp_saddr_ip)
+		assert_equal("00:1b:11:51:b7:ce", a.arp_daddr_mac)
+		assert_equal("00:03:2f:1a:74:de", a.arp_saddr_mac)
+	end
+	def test_arp_read
+		a = ARPPacket.new
+		sample_arp = "001b1151b7ce00032f1a74de0806000108000604000200032f1a74dec0a80102001b1151b7cec0a80169c0a80169"
+		sample_arp = sample_arp.scan(/../).map {|x| x.to_i(16)}.pack("C*")
+		a.read(sample_arp)
+		assert_equal(sample_arp, a.to_s)
+	end
+	def test_write_ip
+		a = ARPPacket.new
+		a.arp_saddr_ip="1.2.3.4"
+		a.arp_daddr_ip="5.6.7.8"
+		assert_equal("1.2.3.4",a.arp_saddr_ip)
+		assert_equal("5.6.7.8",a.arp_daddr_ip)
+		assert_equal("\x01\x02\x03\x04",a.arp_src_ip)
+		assert_equal("\x05\x06\x07\x08",a.arp_dst_ip)
+	end
+	def test_write_mac
+		a = ARPPacket.new
+		a.arp_saddr_mac = "00:01:02:03:04:05"
+		a.arp_daddr_mac = "00:06:07:08:09:0a"
+		assert_equal("00:01:02:03:04:05",a.arp_saddr_mac)
+		assert_equal("00:06:07:08:09:0a",a.arp_daddr_mac)
+		assert_equal("\x00\x01\x02\x03\x04\x05",a.arp_src_mac)
+		assert_equal("\x00\x06\x07\x08\x09\x0a",a.arp_dst_mac)
+	end
+	def test_arp_flavors
+		a = ARPPacket.new(:flavor => "Windows")
+		assert_equal("\x00" * 64, a.payload)
+		a = ARPPacket.new(:flavor => "Linux")
+		assert_equal(32, a.payload.size)
+		a = ARPPacket.new(:flavor => :hp_deskjet)
+		assert_equal(18, a.payload.size)
+		a = ARPPacket.new
+		assert_equal("\x00" * 18, a.payload)
+	end
+	def test_arp_create
+		sample_arp = "000108000604000200032f1a74dec0a80102001b1151b7cec0a80169"
+		sample_arp = sample_arp.scan(/../).map {|x| x.to_i(16)}.pack("C*")
+		a = ARPPacket.new
+		assert_kind_of ARPPacket, a
+		a.arp_hw = 1
+		a.arp_proto = 0x0800
+		a.arp_hw_len = 6
+		a.arp_proto_len = 4
+		a.arp_opcode = 2
+		a.arp_src_mac = "\x00\x03\x2f\x1a\x74\xde"
+		a.arp_src_ip = "\xc0\xa8\x01\x02"
+		a.arp_dst_mac = "\x00\x1b\x11\x51\xb7\xce"
+		a.arp_dst_ip = "\xc0\xa8\x01\x69"
+		a.payload = ""
+		assert_equal(sample_arp,a.to_s[14,0xffff])
+	end
+	def test_arp_new
+		sample_arp = "000108000604000200032f1a74dec0a80102001b1151b7cec0a80169c0a80169"
+		sample_arp = sample_arp.scan(/../).map {|x| x.to_i(16)}.pack("C*")
+		arp = ARPPacket.new(:arp_hw => 1, :arp_proto => 0x0800,
+											 :arp_opcode => 2, :arp_src_ip => "\xc0\xa8\x01\x02")
+		assert_kind_of ARPPacket, arp
+		arp.arp_hw_len = 6
+		arp.arp_proto_len = 4
+		arp.arp_src_mac = "\x00\x03\x2f\x1a\x74\xde"
+		arp.arp_dst_mac = "\x00\x1b\x11\x51\xb7\xce"
+		arp.arp_dst_ip = "\xc0\xa8\x01\x69"
+		arp.payload = "\xc0\xa8\x01\x69"
+		assert_equal(sample_arp,arp.to_s[14,0xffff])
+	end
+	def test_arp_peek
+		a = ARPPacket.new
+		puts "\n"
+		puts "ARP Peek format: "
+		puts a.peek
+		puts "\n"
+		assert(a.peek.size <= 80)
+	end
+	def test_arp_pcap
+		a = ARPPacket.new
+		assert_kind_of ARPPacket, a
+		a.to_f('arp_test.pcap','w')
+		a.arp_hw = 1
+		a.arp_proto = 0x0800
+		a.arp_hw_len = 6
+		a.arp_proto_len = 4
+		a.arp_opcode = 2
+		a.arp_src_mac = "\x00\x03\x2f\x1a\x74\xde"
+		a.arp_src_ip = "\xc0\xa8\x01\x02"
+		a.arp_dst_mac = "\x00\x1b\x11\x51\xb7\xce"
+		a.arp_dst_ip = "\xc0\xa8\x01\x69"
+		a.payload = ""
+		a.eth_daddr = "00:1b:11:51:b7:ce"
+		a.eth_saddr = "00:03:2f:1a:74:de"
+		a.to_f('arp_test.pcap','a')
+	end
+end
+# vim: nowrap sw=2 sts=0 ts=2 ff=unix ft=ruby

data/test/test_eth.rb ADDED Viewed

@@ -0,0 +1,91 @@
+#!/usr/bin/env ruby
+require 'test/unit'
+$:.unshift File.join(File.expand_path(File.dirname(__FILE__)), "..", "lib")
+require 'packetfu'
+puts "Testing #{PacketFu.version}: #{$0}"
+class EthTest < Test::Unit::TestCase
+	def test_ethmac
+		dst = "\x00\x03\x2f\x1a\x74\xde"
+		e = PacketFu::EthMac.new
+		e.read dst
+		assert_equal(dst, e.to_s)
+		assert_equal(0x32f, e.oui.oui)
+		assert_equal("\x1a\x74\xde", e.nic.to_s)
+		assert_equal(222, e.nic.n2)
+	end
+	def test_ethmac_ipad
+		dst = "\x7c\x6d\x62\x01\x02\x03"
+		e = PacketFu::EthMac.new
+		e.read dst
+		assert_equal(dst, e.to_s)
+		assert_equal(0x6d62, e.oui.oui)
+	end
+	def test_ethmac_class
+		src = "\x00\x1b\x11\x51\xb7\xce"
+		e = PacketFu::EthMac.new
+		e.read src
+		assert_instance_of(PacketFu::EthMac, e)
+	end
+	def test_eth
+		header = "00032f1a74de001b1151b7ce0800".scan(/../).map { |x| x.to_i(16) }.pack("C*")
+		src = "\x00\x1b\x11\x51\xb7\xce"
+		dst = "\x00\x03\x2f\x1a\x74\xde"
+		e = PacketFu::EthHeader.new
+		e.eth_dst = dst
+		e.eth_src = src
+		e.eth_proto = "\x08\x00"
+		assert_equal(header, e.to_s)
+		assert_equal(header, PacketFu::EthHeader.new.read(header).to_s)
+	end
+	def test_macaddr
+		dst = "\x00\x03\x2f\x1a\x74\xde"
+		dstmac = "00:03:2f:1a:74:de"
+		assert_equal(dstmac,PacketFu::EthHeader.str2mac(dst))
+		assert_equal(dst, PacketFu::EthHeader.mac2str(dstmac))
+	end
+end
+class EthPacketTest < Test::Unit::TestCase
+	include PacketFu
+	def test_eth_create
+		sample_packet = PcapFile.new.file_to_array(:f => 'sample.pcap')[0]
+		e = EthPacket.new
+		header = "00032f1a74de001b1151b7ce0800".scan(/../).map { |x| x.to_i(16) }.pack("C*")
+		assert_kind_of EthPacket, e
+		assert_kind_of EthHeader, e.headers[0]
+		assert e.is_eth?
+		assert !e.is_tcp?
+		e.eth_dst = "\x00\x03\x2f\x1a\x74\xde"
+		e.eth_src = "\x00\x1b\x11\x51\xb7\xce"
+		e.eth_proto = 0x0800
+		assert_equal header, e.to_s[0,14]
+	end
+	def test_eth_new
+		p = EthPacket.new(
+		:eth_dst => "\x00\x03\x2f\x1a\x74\xde",
+		:eth_src => "\x00\x1b\x11\x51\xb7\xce",
+		:eth_proto => 0x0800)
+		header = "00032f1a74de001b1151b7ce0800".scan(/../).map { |x| x.to_i(16) }.pack("C*")
+		assert_equal header, p.to_s[0,14]
+	end
+	def test_eth_write
+		p = EthPacket.new(
+		:eth_dst => "\x00\x03\x2f\x1a\x74\xde",
+		:eth_src => "\x00\x1b\x11\x51\xb7\xce",
+		:eth_proto => 0x0800)
+		p.to_f('eth_test.pcap')
+	end
+end
+# vim: nowrap sw=2 sts=0 ts=2 ff=unix ft=ruby

data/test/test_hsrp.rb ADDED Viewed

@@ -0,0 +1,20 @@
+#!/usr/bin/env ruby
+require 'test/unit'
+$:.unshift File.join(File.expand_path(File.dirname(__FILE__)), "..", "lib")
+require 'packetfu'
+class HSRPTest < Test::Unit::TestCase
+	include PacketFu
+	def test_hsrp_read
+		sample_packet = PcapFile.new.file_to_array(:f => 'sample_hsrp_pcapr.cap')[0]
+		pkt = Packet.parse(sample_packet)
+		assert pkt.is_hsrp?
+		assert pkt.is_udp?
+		assert_equal(0x2d8d, pkt.udp_sum.to_i)
+		# pkt.to_f('udp_test.pcap','a')
+	end
+end
+# vim: nowrap sw=2 sts=0 ts=2 ff=unix ft=ruby

data/test/test_icmp.rb ADDED Viewed

@@ -0,0 +1,54 @@
+#!/usr/bin/env ruby
+require 'test/unit'
+$:.unshift File.join(File.expand_path(File.dirname(__FILE__)), "..", "lib")
+require 'packetfu'
+class ICMPTest < Test::Unit::TestCase
+	include PacketFu
+	def test_icmp_header_new
+		i = ICMPHeader.new
+		assert_kind_of ICMPHeader, i
+		assert_equal("\x00\x00\xff\xff", i.to_s)
+		i.icmp_type = 1
+		i.icmp_recalc :icmp_sum
+		assert_equal("\x01\x00\xfe\xff", i.to_s)
+	end
+	def test_icmp_peek
+		i = ICMPPacket.new
+		i.ip_saddr = "10.20.30.40"
+		i.ip_daddr = "50.60.70.80"
+		i.payload = "abcdefghijklmnopqrstuvwxyz"
+		i.recalc
+		puts "\n"
+		puts "ICMP Peek format: "
+		puts i.peek
+		assert (i.peek.size <= 80)
+	end
+	def test_icmp_pcap
+		i = ICMPPacket.new
+		assert_kind_of ICMPPacket, i
+		i.recalc
+		i.to_f('icmp_test.pcap')
+		i.ip_saddr = "10.20.30.40"
+		i.ip_daddr = "50.60.70.80"
+		i.payload = "\x00\x01\x00\01abcdefghijklmnopqrstuvwxyz"
+		i.icmp_code = 8
+		i.recalc
+		i.to_f('icmp_test.pcap','a')
+		assert File.exists?('icmp_test.pcap')
+	end
+	def test_icmp_read
+		sample_packet = PcapFile.new.file_to_array(:f => 'sample.pcap')[2]
+		pkt = Packet.parse(sample_packet)
+		assert_kind_of ICMPPacket, pkt
+		assert_equal(0x4d58, pkt.icmp_sum.to_i)
+		assert_equal(8, pkt.icmp_type.to_i)
+	end
+end
+# vim: nowrap sw=2 sts=0 ts=2 ff=unix ft=ruby

data/test/test_inject.rb ADDED Viewed

@@ -0,0 +1,31 @@
+#!/usr/bin/env ruby
+require 'test/unit'
+$:.unshift File.join(File.expand_path(File.dirname(__FILE__)), "..", "lib")
+require 'packetfu'
+class InjectTest < Test::Unit::TestCase
+	def test_cap
+		assert_nothing_raised { PacketFu::Capture }
+	end
+	def test_whoami
+		assert_nothing_raised { PacketFu::Utils.whoami?(:iface => (ENV['IFACE'] || 'lo')) }
+	end
+	def test_to_w
+		assert_equal(Process.euid, 0, "TEST FAIL: This test must be run as root")
+		conf = PacketFu::Utils.whoami?(:iface => (ENV['IFACE'] || 'lo'))
+		p = PacketFu::UDPPacket.new(:config => conf)
+		p.udp_dport = 12345
+		p.udp_sport = 12345
+		p.payload = "PacketFu test packet"
+		p.recalc
+		assert p.to_w
+	end
+end
+# vim: nowrap sw=2 sts=0 ts=2 ff=unix ft=ruby

data/test/test_invalid.rb ADDED Viewed

@@ -0,0 +1,28 @@
+#!/usr/bin/env ruby
+require 'test/unit'
+$:.unshift File.join(File.expand_path(File.dirname(__FILE__)), "..", "lib")
+require 'packetfu'
+class InvalidTest < Test::Unit::TestCase
+	include PacketFu
+	def test_create_invalid
+		p = InvalidPacket.new
+		assert_kind_of InvalidPacket, p
+		assert_kind_of Packet, p
+		assert p.is_invalid?
+		assert_equal false, p.is_eth?
+		assert_not_equal EthPacket, p.class
+	end
+	# Sadly, the only way to generate an "InvalidPacket" is
+	# to read a packet that's less than 14 bytes. Otherwise,
+	# it's presumed to be an EthPacket. TODO: Fix this assumption!
+	def test_parse_invalid
+		p = Packet.parse("A" * 13)
+		assert_kind_of InvalidPacket, p
+	end
+end
+# vim: nowrap sw=2 sts=0 ts=2 ff=unix ft=ruby