packetfu 1.1.2 → 1.1.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/.gitignore +3 -0
- data/INSTALL.rdoc +40 -0
- data/LICENSE.txt +25 -0
- data/examples/100kpackets.rb +41 -0
- data/examples/ackscan.rb +38 -0
- data/examples/arp.rb +60 -0
- data/examples/arphood.rb +59 -0
- data/examples/dissect_thinger.rb +22 -0
- data/examples/ethernet.rb +10 -0
- data/examples/examples.rb +3 -0
- data/examples/ids.rb +4 -0
- data/examples/idsv2.rb +6 -0
- data/examples/new-simple-stats.rb +52 -0
- data/examples/oui.txt +84177 -0
- data/examples/packetfu-shell.rb +113 -0
- data/examples/simple-sniffer.rb +40 -0
- data/examples/simple-stats.rb +50 -0
- data/examples/slammer.rb +33 -0
- data/examples/uniqpcap.rb +15 -0
- data/lib/packetfu.rb +147 -0
- data/lib/packetfu/capture.rb +169 -0
- data/lib/packetfu/config.rb +58 -0
- data/lib/packetfu/inject.rb +65 -0
- data/lib/packetfu/packet.rb +533 -0
- data/lib/packetfu/pcap.rb +594 -0
- data/lib/packetfu/protos/arp.rb +268 -0
- data/lib/packetfu/protos/eth.rb +296 -0
- data/lib/packetfu/protos/hsrp.rb +206 -0
- data/lib/packetfu/protos/icmp.rb +179 -0
- data/lib/packetfu/protos/invalid.rb +55 -0
- data/lib/packetfu/protos/ip.rb +378 -0
- data/lib/packetfu/protos/ipv6.rb +250 -0
- data/lib/packetfu/protos/tcp.rb +1127 -0
- data/lib/packetfu/protos/udp.rb +240 -0
- data/lib/packetfu/structfu.rb +294 -0
- data/lib/packetfu/utils.rb +194 -0
- data/lib/packetfu/version.rb +50 -0
- data/packetfu.gemspec +21 -0
- data/setup.rb +1586 -0
- data/test/all_tests.rb +41 -0
- data/test/ethpacket_spec.rb +74 -0
- data/test/packet_spec.rb +73 -0
- data/test/packet_subclasses_spec.rb +13 -0
- data/test/packetfu_spec.rb +90 -0
- data/test/ptest.rb +16 -0
- data/test/sample-ipv6.pcap +0 -0
- data/test/sample.pcap +0 -0
- data/test/sample2.pcap +0 -0
- data/test/sample_hsrp_pcapr.cap +0 -0
- data/test/structfu_spec.rb +335 -0
- data/test/tcp_spec.rb +101 -0
- data/test/test_arp.rb +135 -0
- data/test/test_eth.rb +91 -0
- data/test/test_hsrp.rb +20 -0
- data/test/test_icmp.rb +54 -0
- data/test/test_inject.rb +31 -0
- data/test/test_invalid.rb +28 -0
- data/test/test_ip.rb +69 -0
- data/test/test_ip6.rb +68 -0
- data/test/test_octets.rb +37 -0
- data/test/test_packet.rb +174 -0
- data/test/test_pcap.rb +209 -0
- data/test/test_structfu.rb +112 -0
- data/test/test_tcp.rb +327 -0
- data/test/test_udp.rb +73 -0
- data/test/vlan-pcapr.cap +0 -0
- metadata +85 -6
data/test/test_ip.rb
ADDED
@@ -0,0 +1,69 @@
|
|
1
|
+
#!/usr/bin/env ruby
|
2
|
+
require 'test/unit'
|
3
|
+
$:.unshift File.join(File.expand_path(File.dirname(__FILE__)), "..", "lib")
|
4
|
+
require 'packetfu'
|
5
|
+
|
6
|
+
class OctetsTest < Test::Unit::TestCase
|
7
|
+
include PacketFu
|
8
|
+
|
9
|
+
def test_octets_read
|
10
|
+
o = Octets.new
|
11
|
+
o.read("\x04\x03\x02\x01")
|
12
|
+
assert_equal("4.3.2.1", o.to_x)
|
13
|
+
end
|
14
|
+
|
15
|
+
def test_octets_read_quad
|
16
|
+
o = Octets.new
|
17
|
+
o.read_quad("1.2.3.4")
|
18
|
+
assert_equal("1.2.3.4", o.to_x)
|
19
|
+
assert_equal("\x01\x02\x03\x04", o.to_s)
|
20
|
+
assert_equal(0x01020304, o.to_i)
|
21
|
+
end
|
22
|
+
|
23
|
+
end
|
24
|
+
|
25
|
+
class IPTest < Test::Unit::TestCase
|
26
|
+
include PacketFu
|
27
|
+
|
28
|
+
def test_ip_header_new
|
29
|
+
i = IPHeader.new
|
30
|
+
assert_kind_of IPHeader, i
|
31
|
+
i.ip_id = 0x1234
|
32
|
+
i.ip_recalc :ip_sum
|
33
|
+
assert_equal("E\000\000\024\0224\000\000 \000\210\267\000\000\000\000\000\000\000\000", i.to_s)
|
34
|
+
end
|
35
|
+
|
36
|
+
def test_ip_packet_new
|
37
|
+
i = IPPacket.new
|
38
|
+
assert i.is_ip?
|
39
|
+
end
|
40
|
+
|
41
|
+
def test_ip_peek
|
42
|
+
i = IPPacket.new
|
43
|
+
i.ip_saddr = "1.2.3.4"
|
44
|
+
i.ip_daddr = "5.6.7.8"
|
45
|
+
i.ip_proto = 94
|
46
|
+
i.payload = '\x00' * 30
|
47
|
+
i.recalc
|
48
|
+
puts "\n"
|
49
|
+
puts "IP Peek format: "
|
50
|
+
puts i.peek
|
51
|
+
assert (i.peek.size <= 80)
|
52
|
+
end
|
53
|
+
|
54
|
+
def test_ip_pcap
|
55
|
+
i = IPPacket.new
|
56
|
+
assert_kind_of IPPacket, i
|
57
|
+
i.recalc
|
58
|
+
i.to_f('ip_test.pcap')
|
59
|
+
i.ip_saddr = "1.2.3.4"
|
60
|
+
i.ip_daddr = "5.6.7.8"
|
61
|
+
i.ip_proto = 94
|
62
|
+
i.payload = "\x23" * 10
|
63
|
+
i.recalc
|
64
|
+
i.to_f('ip_test.pcap','a')
|
65
|
+
end
|
66
|
+
|
67
|
+
end
|
68
|
+
|
69
|
+
# vim: nowrap sw=2 sts=0 ts=2 ff=unix ft=ruby
|
data/test/test_ip6.rb
ADDED
@@ -0,0 +1,68 @@
|
|
1
|
+
#!/usr/bin/env ruby
|
2
|
+
require 'test/unit'
|
3
|
+
$:.unshift File.join(File.expand_path(File.dirname(__FILE__)), "..", "lib")
|
4
|
+
require 'packetfu'
|
5
|
+
|
6
|
+
class IPv6AddrTest < Test::Unit::TestCase
|
7
|
+
include PacketFu
|
8
|
+
|
9
|
+
def test_addr_read
|
10
|
+
a = AddrIpv6.new
|
11
|
+
addr = "\xfe\x80\x00\x00\x00\x00\x00\x00\x02\x1a\xc5\xff\xfe\x00\x01\x52"
|
12
|
+
a.read(addr)
|
13
|
+
assert_equal(338288524927261089654170548082086773074, a.to_i)
|
14
|
+
assert_equal("fe80::21a:c5ff:fe00:152",a.to_x)
|
15
|
+
end
|
16
|
+
|
17
|
+
def test_octets_read_quad
|
18
|
+
a = AddrIpv6.new
|
19
|
+
addr = "fe80::21a:c5ff:fe00:152"
|
20
|
+
a.read_x(addr)
|
21
|
+
assert_equal(addr,a.to_x)
|
22
|
+
end
|
23
|
+
|
24
|
+
end
|
25
|
+
|
26
|
+
class IPv6Test < Test::Unit::TestCase
|
27
|
+
include PacketFu
|
28
|
+
|
29
|
+
def test_ipv6_header_new
|
30
|
+
i = IPv6Header.new
|
31
|
+
assert_kind_of IPv6Header, i
|
32
|
+
assert_equal("`\000\000\000\000\000\000\377\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000", i.to_s)
|
33
|
+
end
|
34
|
+
|
35
|
+
def test_ipv6_packet_new
|
36
|
+
i = IPv6Packet.new
|
37
|
+
assert i.is_ipv6?
|
38
|
+
end
|
39
|
+
|
40
|
+
def test_ipv6_peek
|
41
|
+
i = IPv6Packet.new
|
42
|
+
i.ipv6_saddr = "fe80::1"
|
43
|
+
i.ipv6_daddr = "fe80::2"
|
44
|
+
i.ipv6_next = 0x11
|
45
|
+
i.payload = '\x00' * 30
|
46
|
+
i.recalc
|
47
|
+
puts "\n"
|
48
|
+
puts "IPv6 Peek format: "
|
49
|
+
puts i.peek
|
50
|
+
assert (i.peek.size <= 80)
|
51
|
+
end
|
52
|
+
|
53
|
+
=begin
|
54
|
+
def test_ipv6_pcap
|
55
|
+
i = IPPacket.new
|
56
|
+
assert_kind_of IPPacket, i
|
57
|
+
i.recalc
|
58
|
+
i.to_f('ip_test.pcap')
|
59
|
+
i.ip_saddr = "1.2.3.4"
|
60
|
+
i.ip_daddr = "5.6.7.8"
|
61
|
+
i.ip_proto = 94
|
62
|
+
i.payload = "\x23" * 10
|
63
|
+
i.recalc
|
64
|
+
i.to_f('ip_test.pcap','a')
|
65
|
+
end
|
66
|
+
=end
|
67
|
+
end
|
68
|
+
# vim: nowrap sw=2 sts=0 ts=2 ff=unix ft=ruby
|
data/test/test_octets.rb
ADDED
@@ -0,0 +1,37 @@
|
|
1
|
+
#!/usr/bin/env ruby
|
2
|
+
require 'test/unit'
|
3
|
+
$:.unshift File.join(File.expand_path(File.dirname(__FILE__)), "..", "lib")
|
4
|
+
require 'packetfu'
|
5
|
+
|
6
|
+
class OctetTest < Test::Unit::TestCase
|
7
|
+
include PacketFu
|
8
|
+
|
9
|
+
def setup
|
10
|
+
@o = Octets.new
|
11
|
+
end
|
12
|
+
|
13
|
+
def test_create_octets
|
14
|
+
assert_kind_of Octets, @o
|
15
|
+
end
|
16
|
+
|
17
|
+
def test_read
|
18
|
+
s = "\x0a\x0a\x0a\x0b"
|
19
|
+
@o.read s
|
20
|
+
assert_equal(s, @o.to_s)
|
21
|
+
end
|
22
|
+
|
23
|
+
def test_dotted
|
24
|
+
s = "\x0a\x0a\x0a\x01"
|
25
|
+
@o.read s
|
26
|
+
assert_equal("10.10.10.1", @o.to_x)
|
27
|
+
end
|
28
|
+
|
29
|
+
def test_numerical
|
30
|
+
s = "\x00\x00\x00\x80"
|
31
|
+
@o.read s
|
32
|
+
assert_equal(128, @o.to_i)
|
33
|
+
end
|
34
|
+
|
35
|
+
end
|
36
|
+
|
37
|
+
# vim: nowrap sw=2 sts=0 ts=2 ff=unix ft=ruby
|
data/test/test_packet.rb
ADDED
@@ -0,0 +1,174 @@
|
|
1
|
+
#!/usr/bin/env ruby
|
2
|
+
require 'test/unit'
|
3
|
+
$:.unshift File.expand_path(File.join(File.dirname(__FILE__), "..", "lib"))
|
4
|
+
require 'packetfu'
|
5
|
+
|
6
|
+
class NewPacketTest < Test::Unit::TestCase
|
7
|
+
include PacketFu
|
8
|
+
|
9
|
+
def test_method_missing_and_respond_to
|
10
|
+
p = TCPPacket.new
|
11
|
+
assert p.respond_to?(:ip_len)
|
12
|
+
assert p.ip_len = 20
|
13
|
+
assert !(p.respond_to? :ip_bogus_header)
|
14
|
+
assert_raise NoMethodError do
|
15
|
+
p.bogus_header = 20
|
16
|
+
end
|
17
|
+
end
|
18
|
+
|
19
|
+
def test_more_method_missing_magic
|
20
|
+
p = UDPPacket.new
|
21
|
+
assert_kind_of(UDPPacket,p)
|
22
|
+
assert p.is_udp?
|
23
|
+
assert p.is_ip?
|
24
|
+
assert p.is_eth?
|
25
|
+
assert_equal(p.ip_hl,5)
|
26
|
+
assert p.layer
|
27
|
+
assert_raise NoMethodError do
|
28
|
+
p.is_blue?
|
29
|
+
end
|
30
|
+
assert_raise NoMethodError do
|
31
|
+
p.tcp_blue
|
32
|
+
end
|
33
|
+
assert_raise NoMethodError do
|
34
|
+
p.udp_blue
|
35
|
+
end
|
36
|
+
assert_raise NoMethodError do
|
37
|
+
p.blue
|
38
|
+
end
|
39
|
+
end
|
40
|
+
end
|
41
|
+
|
42
|
+
class PacketStrippingTest < Test::Unit::TestCase
|
43
|
+
|
44
|
+
include PacketFu
|
45
|
+
|
46
|
+
def test_arp_strip
|
47
|
+
pcaps = PcapFile.new.file_to_array(:f => 'sample.pcap')
|
48
|
+
p = Packet.parse(pcaps[5], :fix => true) # Really ARP request.
|
49
|
+
assert_kind_of(Packet,p)
|
50
|
+
assert_kind_of(ARPPacket,p)
|
51
|
+
end
|
52
|
+
|
53
|
+
end
|
54
|
+
|
55
|
+
class PacketParsersTest < Test::Unit::TestCase
|
56
|
+
include PacketFu
|
57
|
+
|
58
|
+
def test_parse_eth_packet
|
59
|
+
assert_equal(EthPacket.layer, 1)
|
60
|
+
assert_equal(EthPacket.layer_symbol, :link)
|
61
|
+
pcaps = PcapFile.new.file_to_array(:f => 'sample.pcap')
|
62
|
+
p = Packet.parse(pcaps[5]) # Really ARP.
|
63
|
+
assert_kind_of(Packet,p)
|
64
|
+
assert_kind_of(EthHeader, p.headers[0])
|
65
|
+
assert p.is_eth?
|
66
|
+
assert_equal(pcaps[5],p.to_s)
|
67
|
+
end
|
68
|
+
|
69
|
+
def test_parse_arp_request
|
70
|
+
assert_equal(ARPPacket.layer, 2)
|
71
|
+
pcaps = PcapFile.new.file_to_array(:f => 'sample.pcap')
|
72
|
+
p = Packet.parse(pcaps[5]) # Really ARP request.
|
73
|
+
assert p.is_eth?
|
74
|
+
assert_kind_of(EthPacket,p)
|
75
|
+
assert_kind_of(ARPPacket,p)
|
76
|
+
assert p.is_arp?
|
77
|
+
assert_equal(p.to_s, pcaps[5])
|
78
|
+
assert_equal(1, p.arp_opcode.to_i)
|
79
|
+
assert_equal("\x00\x01", p.headers.last[:arp_opcode].to_s)
|
80
|
+
end
|
81
|
+
|
82
|
+
def test_parse_arp_reply
|
83
|
+
assert_equal(ARPPacket.layer, 2)
|
84
|
+
pcaps = PcapFile.new.file_to_array(:f => 'sample.pcap')
|
85
|
+
p = Packet.parse(pcaps[6]) # Really ARP reply.
|
86
|
+
assert_equal(p.to_s, pcaps[6])
|
87
|
+
assert_equal(2, p.arp_opcode.to_i)
|
88
|
+
assert_equal("\x00\x02", p.headers.last[:arp_opcode].to_s)
|
89
|
+
end
|
90
|
+
|
91
|
+
def test_parse_ip_packet
|
92
|
+
assert_equal(IPPacket.layer, 2)
|
93
|
+
pcaps = PcapFile.new.file_to_array(:f => 'sample.pcap')
|
94
|
+
p = Packet.parse(pcaps[0]) # Really DNS request
|
95
|
+
assert_equal(p.to_s[0,20], pcaps[0][0,20])
|
96
|
+
assert_equal(p.to_s, pcaps[0])
|
97
|
+
assert_kind_of(EthPacket,p)
|
98
|
+
assert_kind_of(IPPacket,p)
|
99
|
+
end
|
100
|
+
|
101
|
+
def test_parse_tcp_packet
|
102
|
+
assert_equal(TCPPacket.layer, 3)
|
103
|
+
pcaps = PcapFile.new.file_to_array(:f => 'sample.pcap')
|
104
|
+
p = Packet.parse(pcaps[7]) # Really FIN/ACK
|
105
|
+
assert_equal(p.to_s, pcaps[7])
|
106
|
+
assert_kind_of(EthPacket,p)
|
107
|
+
assert_kind_of(IPPacket,p)
|
108
|
+
assert_kind_of(TCPPacket,p)
|
109
|
+
end
|
110
|
+
|
111
|
+
def test_parse_udp_packet
|
112
|
+
assert_equal(UDPPacket.layer, 3)
|
113
|
+
pcaps = PcapFile.new.file_to_array(:f => 'sample.pcap')
|
114
|
+
p = Packet.parse(pcaps[0]) # Really DNS request
|
115
|
+
assert_equal(p.to_s, pcaps[0])
|
116
|
+
assert_kind_of(EthPacket,p)
|
117
|
+
assert_kind_of(IPPacket,p)
|
118
|
+
assert_kind_of(UDPPacket,p)
|
119
|
+
end
|
120
|
+
|
121
|
+
def test_parse_icmp_packet
|
122
|
+
assert_equal(ICMPPacket.layer, 3)
|
123
|
+
assert_equal(ICMPPacket.layer_symbol, :transport)
|
124
|
+
pcaps = PcapFile.new.file_to_array(:f => 'sample.pcap')
|
125
|
+
p = Packet.parse(pcaps[3]) # Really ICMP reply
|
126
|
+
assert_equal(p.to_s, pcaps[3])
|
127
|
+
assert_kind_of(EthPacket,p)
|
128
|
+
assert_kind_of(IPPacket,p)
|
129
|
+
assert_kind_of(ICMPPacket,p)
|
130
|
+
end
|
131
|
+
|
132
|
+
def test_parse_invalid_packet
|
133
|
+
assert_equal(InvalidPacket.layer, 0)
|
134
|
+
assert_equal(InvalidPacket.layer_symbol, :invalid)
|
135
|
+
p = Packet.parse("\xff\xfe\x00\x01")
|
136
|
+
assert_equal(p.to_s, "\xff\xfe\x00\x01")
|
137
|
+
assert_kind_of(InvalidPacket,p)
|
138
|
+
end
|
139
|
+
|
140
|
+
def test_parse_ipv6_packet
|
141
|
+
assert_equal(IPv6Packet.layer, 2)
|
142
|
+
assert_equal(IPv6Packet.layer_symbol, :internet)
|
143
|
+
pcaps = PcapFile.new.file_to_array(:f => 'sample-ipv6.pcap')
|
144
|
+
p = Packet.parse(pcaps[0]) # Really an IPv6 packet
|
145
|
+
assert_equal(p.to_s, pcaps[0])
|
146
|
+
assert_kind_of(EthPacket,p)
|
147
|
+
assert(!p.kind_of?(IPPacket), "Misidentified as an IP Packet!")
|
148
|
+
assert_kind_of(IPv6Packet,p)
|
149
|
+
end
|
150
|
+
|
151
|
+
def test_parse_hsrp_packet
|
152
|
+
assert_equal(HSRPPacket.layer, 4)
|
153
|
+
assert_equal(HSRPPacket.layer_symbol, :application)
|
154
|
+
pcaps = PcapFile.new.file_to_array(:f => 'sample_hsrp_pcapr.cap')
|
155
|
+
p = Packet.parse(pcaps[0]) # Really an HSRP Hello packet
|
156
|
+
assert_equal(p.to_s, pcaps[0])
|
157
|
+
assert_kind_of(EthPacket,p)
|
158
|
+
assert_kind_of(IPPacket,p)
|
159
|
+
assert_kind_of(UDPPacket,p)
|
160
|
+
assert_kind_of(HSRPPacket,p)
|
161
|
+
end
|
162
|
+
|
163
|
+
def test_parse_hsrp_as_udp
|
164
|
+
assert_equal(:application, HSRPPacket.layer_symbol)
|
165
|
+
pcaps = PcapFile.new.file_to_array(:f => 'sample_hsrp_pcapr.cap')
|
166
|
+
p = Packet.parse(pcaps[0], :parse_app => false) # Really an HSRP Hello packet
|
167
|
+
assert_kind_of(UDPPacket,p)
|
168
|
+
assert(!p.kind_of?(HSRPPacket), "Misidentified HSRP packet when we didn't want it!" )
|
169
|
+
end
|
170
|
+
|
171
|
+
end
|
172
|
+
|
173
|
+
|
174
|
+
# vim: nowrap sw=2 sts=0 ts=2 ff=unix ft=ruby
|
data/test/test_pcap.rb
ADDED
@@ -0,0 +1,209 @@
|
|
1
|
+
#!/usr/bin/env ruby
|
2
|
+
require 'test/unit'
|
3
|
+
$:.unshift File.join(File.expand_path(File.dirname(__FILE__)), "..", "lib")
|
4
|
+
require 'packetfu'
|
5
|
+
|
6
|
+
class PcapHeaderTest < Test::Unit::TestCase
|
7
|
+
include PacketFu
|
8
|
+
def setup
|
9
|
+
@file = File.open('sample.pcap') {|f| f.read}
|
10
|
+
@file.force_encoding "binary" if @file.respond_to? :force_encoding
|
11
|
+
@file_magic = @file[0,4]
|
12
|
+
@file_header = @file[0,24]
|
13
|
+
end
|
14
|
+
|
15
|
+
def test_header_size
|
16
|
+
assert_equal(24, PcapHeader.new.sz)
|
17
|
+
assert_equal(24, PcapHeader.new.sz)
|
18
|
+
end
|
19
|
+
|
20
|
+
# If this fails, the rest is pretty much for naught.
|
21
|
+
def test_read_file
|
22
|
+
assert_equal("\xd4\xc3\xb2\xa1", @file_magic) # yep, it's libpcap.
|
23
|
+
end
|
24
|
+
|
25
|
+
def test_endian_magic
|
26
|
+
p = PcapHeader.new # usual case
|
27
|
+
assert_equal(@file_magic, p.to_s[0,4])
|
28
|
+
p = PcapHeader.new(:endian => :big)
|
29
|
+
assert_equal("\xa1\xb2\xc3\xd4", p.to_s[0,4])
|
30
|
+
end
|
31
|
+
|
32
|
+
def test_header
|
33
|
+
p = PcapHeader.new
|
34
|
+
assert_equal(@file_header, p.to_s[0,24])
|
35
|
+
p = PcapHeader.new(:endian => :big)
|
36
|
+
assert_not_equal(@file_header, p.to_s[0,24])
|
37
|
+
# We want to ensure our endianness is little or big.
|
38
|
+
assert_raise(ArgumentError) {PcapHeader.new(:endian => :just_right)}
|
39
|
+
end
|
40
|
+
|
41
|
+
def test_header_read
|
42
|
+
p = PcapHeader.new
|
43
|
+
p.read @file
|
44
|
+
assert_equal(@file_header,p.to_s)
|
45
|
+
end
|
46
|
+
|
47
|
+
end
|
48
|
+
|
49
|
+
class TimestampTest < Test::Unit::TestCase
|
50
|
+
include PacketFu
|
51
|
+
def setup
|
52
|
+
@file = File.open('sample.pcap') {|f| f.read}
|
53
|
+
@ts = @file[24,8]
|
54
|
+
end
|
55
|
+
|
56
|
+
def test_timestamp_size
|
57
|
+
assert_equal(3, Timestamp.new.size) # Number of elements
|
58
|
+
assert_equal(8, Timestamp.new.sz) # Length of the string (in PacketFu)
|
59
|
+
end
|
60
|
+
|
61
|
+
def test_timestamp_read
|
62
|
+
t = Timestamp.new
|
63
|
+
t.read(@ts)
|
64
|
+
assert_equal(@ts, t.to_s)
|
65
|
+
end
|
66
|
+
end
|
67
|
+
|
68
|
+
class PcapPacketTest < Test::Unit::TestCase
|
69
|
+
include PacketFu
|
70
|
+
def setup
|
71
|
+
@file = File.open('sample.pcap') {|f| f.read}
|
72
|
+
@file.force_encoding "binary" if @file.respond_to? :force_encoding
|
73
|
+
@header = @file[0,24]
|
74
|
+
@packet = @file[24,100] # pkt is 78 bytes + 16 bytes pcap hdr == 94
|
75
|
+
end
|
76
|
+
|
77
|
+
def test_pcappacket_read
|
78
|
+
p = PcapPacket.new :endian => :little
|
79
|
+
p.read(@packet)
|
80
|
+
assert_equal(78,@packet[8,4].unpack("V").first)
|
81
|
+
assert_equal(@packet[8,4].unpack("V").first,p[:incl_len].to_i)
|
82
|
+
assert_equal(@packet[0,94],p.to_s)
|
83
|
+
end
|
84
|
+
|
85
|
+
end
|
86
|
+
|
87
|
+
class PcapPacketsTest < Test::Unit::TestCase
|
88
|
+
|
89
|
+
include PacketFu
|
90
|
+
def setup
|
91
|
+
@file = File.open('sample.pcap') {|f| f.read}
|
92
|
+
end
|
93
|
+
|
94
|
+
def test_pcappackets_read
|
95
|
+
p = PcapPackets.new
|
96
|
+
p.read @file
|
97
|
+
assert_equal(11,p.size)
|
98
|
+
assert_equal(@file[24,@file.size],p.to_s)
|
99
|
+
end
|
100
|
+
|
101
|
+
end
|
102
|
+
|
103
|
+
class PcapFileTest < Test::Unit::TestCase
|
104
|
+
require 'digest/md5'
|
105
|
+
|
106
|
+
include PacketFu
|
107
|
+
def setup
|
108
|
+
@file = File.open('sample.pcap') {|f| f.read}
|
109
|
+
@md5 = '1be3b5082bb135c6f22de8801feb3495'
|
110
|
+
end
|
111
|
+
|
112
|
+
def test_pcapfile_read
|
113
|
+
p = PcapFile.new
|
114
|
+
p.read @file
|
115
|
+
assert_equal(3,p.size)
|
116
|
+
assert_equal(@file.size, p.sz)
|
117
|
+
assert_equal(@file, p.to_s)
|
118
|
+
end
|
119
|
+
|
120
|
+
def test_pcapfile_file_to_array
|
121
|
+
p = PcapFile.new.file_to_array(:filename => 'sample.pcap')
|
122
|
+
assert_equal(@md5.downcase, Digest::MD5.hexdigest(@file).downcase)
|
123
|
+
assert_instance_of(Array, p)
|
124
|
+
assert_instance_of(String, p[0])
|
125
|
+
assert_equal(11,p.size)
|
126
|
+
assert_equal(78,p[0].size)
|
127
|
+
assert_equal(94,p[1].size)
|
128
|
+
assert_equal(74,p[10].size)
|
129
|
+
end
|
130
|
+
|
131
|
+
def test_pcapfile_read_and_write
|
132
|
+
File.unlink('out.pcap') if File.exists? 'out.pcap'
|
133
|
+
p = PcapFile.new
|
134
|
+
p.read @file
|
135
|
+
p.to_file(:filename => 'out.pcap')
|
136
|
+
@newfile = File.open('out.pcap') {|f| f.read(f.stat.size)}
|
137
|
+
@newfile.force_encoding "binary" if @newfile.respond_to? :force_encoding
|
138
|
+
assert_equal(@file, @newfile)
|
139
|
+
p.to_file(:filename => 'out.pcap', :append => true)
|
140
|
+
packet_array = PcapFile.new.f2a(:filename => 'out.pcap')
|
141
|
+
assert_equal(22, packet_array.size)
|
142
|
+
end
|
143
|
+
|
144
|
+
def test_pcapfile_write_after_recalc
|
145
|
+
File.unlink('out.pcap') if File.exists? 'out.pcap'
|
146
|
+
pcaps = PcapFile.new.file_to_array(:filename => 'sample.pcap')
|
147
|
+
pcaps.each {|pkt|
|
148
|
+
p = Packet.parse pkt
|
149
|
+
p.recalc
|
150
|
+
p.to_f('out.pcap','a')
|
151
|
+
}
|
152
|
+
packet_array = PcapFile.new.f2a(:filename => 'out.pcap')
|
153
|
+
assert_equal(11, packet_array.size)
|
154
|
+
File.unlink('out.pcap')
|
155
|
+
end
|
156
|
+
|
157
|
+
def test_pcapfile_read_and_write_timestamps
|
158
|
+
File.unlink('out.pcap') if File.exists? 'out.pcap'
|
159
|
+
pf = PcapFile.new
|
160
|
+
arr = pf.file_to_array(:filename => 'sample.pcap')
|
161
|
+
assert_equal(11, arr.size)
|
162
|
+
pf = PcapFile.new
|
163
|
+
pf.a2f(:array => arr, :f => 'out.pcap', :ts_inc => 4,
|
164
|
+
:timestamp => Time.now.to_i - 1_000_000)
|
165
|
+
diff_time = pf.body[0].timestamp.sec.to_i - pf.body[1].timestamp.sec.to_i
|
166
|
+
assert_equal(-4, diff_time)
|
167
|
+
File.unlink('out.pcap')
|
168
|
+
end
|
169
|
+
|
170
|
+
end
|
171
|
+
|
172
|
+
# Test the legacy Read objects.
|
173
|
+
class ReadTest < Test::Unit::TestCase
|
174
|
+
|
175
|
+
include PacketFu
|
176
|
+
|
177
|
+
def test_read_string
|
178
|
+
pkts = Read.file_to_array(:file => 'sample.pcap')
|
179
|
+
assert_kind_of Array, pkts
|
180
|
+
assert_equal 11, pkts.size
|
181
|
+
this_packet = Packet.parse pkts[0]
|
182
|
+
assert_kind_of UDPPacket, this_packet
|
183
|
+
that_packet = Packet.parse pkts[3]
|
184
|
+
assert_kind_of ICMPPacket, that_packet
|
185
|
+
end
|
186
|
+
|
187
|
+
def test_read_hash
|
188
|
+
pkts = Read.file_to_array(:file => 'sample.pcap', :ts => true)
|
189
|
+
assert_kind_of Array, pkts
|
190
|
+
assert_equal 11, pkts.size
|
191
|
+
this_packet = Packet.parse pkts[0].values.first
|
192
|
+
assert_kind_of UDPPacket, this_packet
|
193
|
+
that_packet = Packet.parse pkts[3].values.first
|
194
|
+
assert_kind_of ICMPPacket, that_packet
|
195
|
+
end
|
196
|
+
|
197
|
+
end
|
198
|
+
|
199
|
+
class WriteTest < Test::Unit::TestCase
|
200
|
+
|
201
|
+
include PacketFu
|
202
|
+
|
203
|
+
def test_write
|
204
|
+
|
205
|
+
end
|
206
|
+
|
207
|
+
end
|
208
|
+
|
209
|
+
# vim: nowrap sw=2 sts=0 ts=2 ff=unix ft=ruby
|