packetfu 1.1.8 → 1.1.9

data/lib/packetfu/capture.rb

@@ -1,172 +1,173 @@
+# -*- coding: binary -*-
 module PacketFu
 
-	# The Capture class is used to construct PcapRub objects in order to collect
-	# packets from an interface.
-	#
-	# This class requires PcapRub. In addition, you will need root (or root-like) privileges 
-	# in order to capture from the interface.
-	#
-	# Note, on some wireless cards, setting :promisc => true will disable capturing.
-	#
-	# == Example
-	#
-	#  # Typical use
-	#  cap = PacketFu::Capture.new(:iface => 'eth0', :promisc => true)
-	#  cap.start
-	#  sleep 10
-	#  cap.save
-	#  first_packet = cap.array[0]
-	#
-	#  # Tcpdump-like use
-	#  cap = PacketFu::Capture.new(:start => true)
-	#  cap.show_live(:save => true, :filter => 'tcp and not port 22')
-	#
-	# == See Also
-	#
-	# Read, Write
-	class Capture
-		attr_accessor :array, :stream # Leave these public and open.
-		attr_reader :iface, :snaplen, :promisc, :timeout, :filter
-
-		def initialize(args={})
-			@array = [] # Where the packet array goes.
-			@stream = [] # Where the stream goes.
-			@iface = (args[:iface] || ENV['IFACE'] || Pcap.lookupdev || "lo").to_s
-			@snaplen = args[:snaplen] || 0xffff
-			@promisc = args[:promisc] || false # Sensible for some Intel wifi cards
-			@timeout = args[:timeout] || 1
-			@filter  = args[:filter] || args[:bpf]
-			setup_params(args)
-		end
-
-		# Used by new().
-		def setup_params(args={})
-			filter = args[:filter] || args[:bpf] || @filter
-			start = args[:start] || false
-			capture if start
-			bpf(:filter=>filter) if filter
-		end
-
-		# capture() initializes the @stream varaible. Valid arguments are:
-		#
-		#   :filter
-		#     Provide a bpf filter to enable for the capture. For example, 'ip and not tcp'
-		#   :start
-		#     When true, start capturing packets to the @stream variable. Defaults to true
-		def capture(args={})
-			if Process.euid.zero?
-				filter = args[:filter] || args[:bpf] || @filter
-				start = args[:start] || true
-				if start
-					begin
-						@stream = Pcap.open_live(@iface,@snaplen,@promisc,@timeout)
-					rescue RuntimeError
-						$stderr.print "Are you sure you're root? Error: "
-						raise
-					end
-					bpf(:filter=>filter) if filter
-				else
-					@stream = []
-				end
-				@stream
-			else
-				raise RuntimeError,"Not root, so can't capture packets. Error: "
-			end
-		end
-
-		# start() is equivalent to capture().
-		def start(args={})
-			capture(args)
-		end
-
-		# clear() clears the @stream and @array variables, essentially starting the
-		# capture session over. Valid arguments are:
-		#
-		#   :array 
-		#     If true, the @array is cleared.
-		#   :stream
-		#     If true, the @stream is cleared.
-		def clear(args={})
-			array = args[:array] || true
-			stream = args[:stream] || true
-			@array = [] if array
-			@stream = [] if stream
-		end
-
-		# bpf() sets a bpf filter on a capture session. Valid arugments are:
-		#
-		#   :filter
-		#     Provide a bpf filter to enable for the capture. For example, 'ip and not tcp'
-		def bpf(args={})
-			filter = args[:filter] || args[:bpf] || @filter
-			capture if @stream.class == Array
-			@stream.setfilter(filter) if filter
-			@filter = filter
-		end
-
-		alias :filter :bpf
-
-		# wire_to_array() saves a packet stream as an array of binary strings. From here,
-		# packets may accessed by other functions. Note that the wire_to_array empties
-		# the stream, so multiple calls will append new packets to @array.
-		# Valid arguments are:
-		#
-		#   :filter
-		#     Provide a bpf filter to apply to packets moving from @stream to @array.
-		def wire_to_array(args={})
-			filter = args[:filter] || args[:bpf] || @filter
-			bpf(:filter=>filter) if filter
-
-			while this_pkt = @stream.next
-				@array << this_pkt
-			end
-			@array.size
-		end
-
-		# next() exposes the Stream object's next method to the outside world.
-		def next
-			return @stream.next
-		end
-
-		# w2a() is a equivalent to wire_to_array()
-		def w2a(args={})
-			wire_to_array(args)
-		end
-
-		# save() is a equivalent to wire_to_array()
-		def save(args={})
-			wire_to_array(args)
-		end
-
-		# show_live() is a method to capture packets and display peek() data to stdout. Valid arguments are:
-		#
-		#   :filter
-		#     Provide a bpf filter to captured packets.
-		#   :save
-		#     Save the capture in @array
-		#   :verbose
-		#     TODO: Not implemented yet; do more than just peek() at the packets.
-		#   :quiet
-		#     TODO: Not implemented yet; do less than peek() at the packets.
-		def show_live(args={})
-			filter = args[:filter] || args[:bpf] || @filter
-			save = args[:save]
-			verbose = args[:verbose] || args[:v] || false
-			quiet = args[:quiet] || args[:q] || false # Setting q and v doesn't make a lot of sense but hey.
-
-			# Ensure the capture's started.
-			if @stream.class == Array
-				capture
-			end
-
-			@stream.setfilter(filter) if filter
-			while true
-				@stream.each do |pkt|
-					puts Packet.parse(pkt).peek
-					@array << pkt if args[:save]
-				end
-			end
-		end
-
-	end
+  # The Capture class is used to construct PcapRub objects in order to collect
+  # packets from an interface.
+  #
+  # This class requires PcapRub. In addition, you will need root (or root-like) privileges 
+  # in order to capture from the interface.
+  #
+  # Note, on some wireless cards, setting :promisc => true will disable capturing.
+  #
+  # == Example
+  #
+  #  # Typical use
+  #  cap = PacketFu::Capture.new(:iface => 'eth0', :promisc => true)
+  #  cap.start
+  #  sleep 10
+  #  cap.save
+  #  first_packet = cap.array[0]
+  #
+  #  # Tcpdump-like use
+  #  cap = PacketFu::Capture.new(:start => true)
+  #  cap.show_live(:save => true, :filter => 'tcp and not port 22')
+  #
+  # == See Also
+  #
+  # Read, Write
+  class Capture
+    attr_accessor :array, :stream # Leave these public and open.
+    attr_reader :iface, :snaplen, :promisc, :timeout, :filter
+
+    def initialize(args={})
+      @array = [] # Where the packet array goes.
+      @stream = [] # Where the stream goes.
+      @iface = (args[:iface] || ENV['IFACE'] || Pcap.lookupdev || "lo").to_s
+      @snaplen = args[:snaplen] || 0xffff
+      @promisc = args[:promisc] || false # Sensible for some Intel wifi cards
+      @timeout = args[:timeout] || 1
+      @filter  = args[:filter] || args[:bpf]
+      setup_params(args)
+    end
+
+    # Used by new().
+    def setup_params(args={})
+      filter = args[:filter] || args[:bpf] || @filter
+      start = args[:start] || false
+      capture if start
+      bpf(:filter=>filter) if filter
+    end
+
+    # capture() initializes the @stream varaible. Valid arguments are:
+    #
+    #   :filter
+    #     Provide a bpf filter to enable for the capture. For example, 'ip and not tcp'
+    #   :start
+    #     When true, start capturing packets to the @stream variable. Defaults to true
+    def capture(args={})
+      if Process.euid.zero?
+        filter = args[:filter] || args[:bpf] || @filter
+        start = args[:start] || true
+        if start
+          begin
+            @stream = Pcap.open_live(@iface,@snaplen,@promisc,@timeout)
+          rescue RuntimeError
+            $stderr.print "Are you sure you're root? Error: "
+            raise
+          end
+          bpf(:filter=>filter) if filter
+        else
+          @stream = []
+        end
+        @stream
+      else
+        raise RuntimeError,"Not root, so can't capture packets. Error: "
+      end
+    end
+
+    # start() is equivalent to capture().
+    def start(args={})
+      capture(args)
+    end
+
+    # clear() clears the @stream and @array variables, essentially starting the
+    # capture session over. Valid arguments are:
+    #
+    #   :array 
+    #     If true, the @array is cleared.
+    #   :stream
+    #     If true, the @stream is cleared.
+    def clear(args={})
+      array = args[:array] || true
+      stream = args[:stream] || true
+      @array = [] if array
+      @stream = [] if stream
+    end
+
+    # bpf() sets a bpf filter on a capture session. Valid arugments are:
+    #
+    #   :filter
+    #     Provide a bpf filter to enable for the capture. For example, 'ip and not tcp'
+    def bpf(args={})
+      filter = args[:filter] || args[:bpf] || @filter
+      capture if @stream.class == Array
+      @stream.setfilter(filter) if filter
+      @filter = filter
+    end
+
+    alias :filter :bpf
+
+    # wire_to_array() saves a packet stream as an array of binary strings. From here,
+    # packets may accessed by other functions. Note that the wire_to_array empties
+    # the stream, so multiple calls will append new packets to @array.
+    # Valid arguments are:
+    #
+    #   :filter
+    #     Provide a bpf filter to apply to packets moving from @stream to @array.
+    def wire_to_array(args={})
+      filter = args[:filter] || args[:bpf] || @filter
+      bpf(:filter=>filter) if filter
+
+      while this_pkt = @stream.next
+        @array << this_pkt
+      end
+      @array.size
+    end
+
+    # next() exposes the Stream object's next method to the outside world.
+    def next
+      return @stream.next
+    end
+
+    # w2a() is a equivalent to wire_to_array()
+    def w2a(args={})
+      wire_to_array(args)
+    end
+
+    # save() is a equivalent to wire_to_array()
+    def save(args={})
+      wire_to_array(args)
+    end
+
+    # show_live() is a method to capture packets and display peek() data to stdout. Valid arguments are:
+    #
+    #   :filter
+    #     Provide a bpf filter to captured packets.
+    #   :save
+    #     Save the capture in @array
+    #   :verbose
+    #     TODO: Not implemented yet; do more than just peek() at the packets.
+    #   :quiet
+    #     TODO: Not implemented yet; do less than peek() at the packets.
+    def show_live(args={})
+      filter = args[:filter] || args[:bpf] || @filter
+      save = args[:save]
+      verbose = args[:verbose] || args[:v] || false
+      quiet = args[:quiet] || args[:q] || false # Setting q and v doesn't make a lot of sense but hey.
+
+      # Ensure the capture's started.
+      if @stream.class == Array
+        capture
+      end
+
+      @stream.setfilter(filter) if filter
+      while true
+        @stream.each do |pkt|
+          puts Packet.parse(pkt).peek
+          @array << pkt if args[:save]
+        end
+      end
+    end
+
+  end
 end

data/lib/packetfu/config.rb

@@ -1,58 +1,59 @@
+# -*- coding: binary -*-
 module PacketFu
 
-	# The Config class holds various bits of useful default information 
-	# for packet creation. If initialized without arguments, @iface will be 
-	# set to ENV['IFACE'] or Pcap.lookupdev (or lo), and the @pcapfile will
-	# be set to "/tmp/out.pcap" # (yes, it's Linux-biased, sorry, fixing 
-	# this is a TODO.)
-	#
-	# Any number of instance variables can be passed in to the intialize function (as a
-	# hash), though only the expected network-related variables will be readable and
-	# writeable directly.
-	#
-	# == Examples
-	#
-	#   PacketFu::Config.new(:ip_saddr => "1.2.3.4").ip_saddr #=> "1.2.3.4"
-	#   PacketFu::Config.new(:foo=>"bar").foo #=> NomethodError: undefined method `foo'...
-	#
-	# The config() function, however, does provide access to custom variables:
-	#
-	#   PacketFu::Config.new(:foo=>"bar").config[:foo] #=> "bar"
-	#   obj = PacketFu::Config.new(:foo=>"bar")
-	#   obj.config(:baz => "bat")
-	#   obj.config #=> {:iface=>"eth0", :baz=>"bat", :pcapfile=>"/tmp/out.pcap", :foo=>"bar"}
-	class Config
-		attr_accessor :eth_saddr,	# The discovered eth_saddr 
-			:eth_daddr,							# The discovered eth_daddr (ie, the gateway)
-			:eth_src,								# The discovered eth_src in binary form.
-			:eth_dst,								# The discovered eth_dst (gateway) in binary form.
-			:ip_saddr,							# The discovered ip_saddr
-			:ip_src,								# The discovered ip_src in binary form.
-			:iface,									# The declared interface.
-			:pcapfile								# A declared default file to write to.
-	
-		def initialize(args={})
-			if Process.euid.zero?
-				@iface = args[:iface] || ENV['IFACE'] || Pcap.lookupdev || "lo" 
-			end	
-			@pcapfile = "/tmp/out.pcap"
-			args.each_pair { |k,v| self.instance_variable_set(("@#{k}"),v) }
-		end
+  # The Config class holds various bits of useful default information 
+  # for packet creation. If initialized without arguments, @iface will be 
+  # set to ENV['IFACE'] or Pcap.lookupdev (or lo), and the @pcapfile will
+  # be set to "/tmp/out.pcap" # (yes, it's Linux-biased, sorry, fixing 
+  # this is a TODO.)
+  #
+  # Any number of instance variables can be passed in to the intialize function (as a
+  # hash), though only the expected network-related variables will be readable and
+  # writeable directly.
+  #
+  # == Examples
+  #
+  #   PacketFu::Config.new(:ip_saddr => "1.2.3.4").ip_saddr #=> "1.2.3.4"
+  #   PacketFu::Config.new(:foo=>"bar").foo #=> NomethodError: undefined method `foo'...
+  #
+  # The config() function, however, does provide access to custom variables:
+  #
+  #   PacketFu::Config.new(:foo=>"bar").config[:foo] #=> "bar"
+  #   obj = PacketFu::Config.new(:foo=>"bar")
+  #   obj.config(:baz => "bat")
+  #   obj.config #=> {:iface=>"eth0", :baz=>"bat", :pcapfile=>"/tmp/out.pcap", :foo=>"bar"}
+  class Config
+    attr_accessor :eth_saddr,	# The discovered eth_saddr 
+      :eth_daddr,							# The discovered eth_daddr (ie, the gateway)
+      :eth_src,								# The discovered eth_src in binary form.
+      :eth_dst,								# The discovered eth_dst (gateway) in binary form.
+      :ip_saddr,							# The discovered ip_saddr
+      :ip_src,								# The discovered ip_src in binary form.
+      :iface,									# The declared interface.
+      :pcapfile								# A declared default file to write to.
+  
+    def initialize(args={})
+      if Process.euid.zero?
+        @iface = args[:iface] || ENV['IFACE'] || Pcap.lookupdev || "lo" 
+      end	
+      @pcapfile = "/tmp/out.pcap"
+      args.each_pair { |k,v| self.instance_variable_set(("@#{k}"),v) }
+    end
 
-		# Returns all instance variables as a hash (including custom variables set at initialization).
-		def config(arg=nil)
-			if arg
-				arg.each_pair {|k,v| self.instance_variable_set(("@" + k.to_s).intern, v)}
-			else
-				config_hash = {}
-				self.instance_variables.each do |v| 
-					key = v.to_s.gsub(/^@/,"").to_sym
-					config_hash[key] = self.instance_variable_get(v) 
-				end
-				config_hash
-			end
-		end
+    # Returns all instance variables as a hash (including custom variables set at initialization).
+    def config(arg=nil)
+      if arg
+        arg.each_pair {|k,v| self.instance_variable_set(("@" + k.to_s).intern, v)}
+      else
+        config_hash = {}
+        self.instance_variables.each do |v| 
+          key = v.to_s.gsub(/^@/,"").to_sym
+          config_hash[key] = self.instance_variable_get(v) 
+        end
+        config_hash
+      end
+    end
 
-	end
+  end
 
 end