RubyGems - packetfu - Versions diffs - 1.1.9 → 1.1.10 - Mend

packetfu 1.1.9 → 1.1.10

Files changed (77) hide show

data/bench/octets.rb +9 -9
data/examples/100kpackets.rb +12 -12
data/examples/ackscan.rb +16 -16
data/examples/arp.rb +35 -35
data/examples/arphood.rb +36 -36
data/examples/dissect_thinger.rb +6 -6
data/examples/new-simple-stats.rb +23 -23
data/examples/packetfu-shell.rb +25 -25
data/examples/simple-sniffer.rb +9 -9
data/examples/simple-stats.rb +23 -23
data/examples/slammer.rb +3 -3
data/lib/packetfu.rb +127 -127
data/lib/packetfu/capture.rb +169 -169
data/lib/packetfu/config.rb +52 -52
data/lib/packetfu/inject.rb +56 -56
data/lib/packetfu/packet.rb +528 -528
data/lib/packetfu/pcap.rb +579 -579
data/lib/packetfu/protos/arp.rb +90 -90
data/lib/packetfu/protos/arp/header.rb +158 -158
data/lib/packetfu/protos/arp/mixin.rb +36 -36
data/lib/packetfu/protos/eth.rb +44 -44
data/lib/packetfu/protos/eth/header.rb +243 -243
data/lib/packetfu/protos/eth/mixin.rb +3 -3
data/lib/packetfu/protos/hsrp.rb +69 -69
data/lib/packetfu/protos/hsrp/header.rb +107 -107
data/lib/packetfu/protos/hsrp/mixin.rb +29 -29
data/lib/packetfu/protos/icmp.rb +71 -71
data/lib/packetfu/protos/icmp/header.rb +82 -82
data/lib/packetfu/protos/icmp/mixin.rb +14 -14
data/lib/packetfu/protos/invalid.rb +49 -49
data/lib/packetfu/protos/ip.rb +69 -69
data/lib/packetfu/protos/ip/header.rb +291 -291
data/lib/packetfu/protos/ip/mixin.rb +40 -40
data/lib/packetfu/protos/ipv6.rb +50 -50
data/lib/packetfu/protos/ipv6/header.rb +188 -188
data/lib/packetfu/protos/ipv6/mixin.rb +29 -29
data/lib/packetfu/protos/tcp.rb +176 -176
data/lib/packetfu/protos/tcp/ecn.rb +35 -35
data/lib/packetfu/protos/tcp/flags.rb +74 -74
data/lib/packetfu/protos/tcp/header.rb +268 -268
data/lib/packetfu/protos/tcp/hlen.rb +32 -32
data/lib/packetfu/protos/tcp/mixin.rb +46 -46
data/lib/packetfu/protos/tcp/option.rb +321 -321
data/lib/packetfu/protos/tcp/options.rb +95 -95
data/lib/packetfu/protos/tcp/reserved.rb +35 -35
data/lib/packetfu/protos/udp.rb +116 -116
data/lib/packetfu/protos/udp/header.rb +91 -91
data/lib/packetfu/protos/udp/mixin.rb +3 -3
data/lib/packetfu/structfu.rb +280 -280
data/lib/packetfu/utils.rb +226 -217
data/lib/packetfu/version.rb +41 -41
data/packetfu.gemspec +2 -1
data/spec/ethpacket_spec.rb +48 -48
data/spec/packet_spec.rb +57 -57
data/spec/packet_subclasses_spec.rb +8 -8
data/spec/packetfu_spec.rb +59 -59
data/spec/structfu_spec.rb +268 -268
data/spec/tcp_spec.rb +75 -75
data/test/all_tests.rb +13 -13
data/test/func_lldp.rb +3 -3
data/test/ptest.rb +2 -2
data/test/test_arp.rb +116 -116
data/test/test_capture.rb +45 -45
data/test/test_eth.rb +68 -68
data/test/test_hsrp.rb +9 -9
data/test/test_icmp.rb +52 -52
data/test/test_inject.rb +18 -18
data/test/test_invalid.rb +16 -16
data/test/test_ip.rb +36 -36
data/test/test_ip6.rb +48 -48
data/test/test_octets.rb +21 -21
data/test/test_packet.rb +154 -154
data/test/test_pcap.rb +170 -170
data/test/test_structfu.rb +97 -97
data/test/test_tcp.rb +320 -320
data/test/test_udp.rb +76 -76
metadata +4 -3

data/bench/octets.rb CHANGED

@@ -8,15 +8,15 @@ IPV4_STR = "1.2.3.4"
 iters = 50_000
 Benchmark.bm do |bm|
-  bm.report("Octets.new.read(...)         ") {iters.times {PacketFu::Octets.new.read(IPV4_RAW)}}
-  bm.report("Octets.new.read_quad(...)    ") {iters.times {PacketFu::Octets.new.read_quad(IPV4_STR)}}
+	bm.report("Octets.new.read(...)         ") {iters.times {PacketFu::Octets.new.read(IPV4_RAW)}}
+	bm.report("Octets.new.read_quad(...)    ") {iters.times {PacketFu::Octets.new.read_quad(IPV4_STR)}}
-  octets = PacketFu::Octets.new
-  bm.report("octets#read(...)             ") {iters.times {octets.read(IPV4_RAW)}}
-  bm.report("octets#read_quad(...)        ") {iters.times {octets.read_quad(IPV4_STR)}}
+	octets = PacketFu::Octets.new
+	bm.report("octets#read(...)             ") {iters.times {octets.read(IPV4_RAW)}}
+	bm.report("octets#read_quad(...)        ") {iters.times {octets.read_quad(IPV4_STR)}}
-  octets.read(IPV4_RAW)
-  bm.report("octets#to_x()                ") {iters.times {octets.to_x}}
-  bm.report("octets#to_i()                ") {iters.times {octets.to_i}}
-  bm.report("octets#to_s()                ") {iters.times {octets.to_s}}
+	octets.read(IPV4_RAW)
+	bm.report("octets#to_x()                ") {iters.times {octets.to_x}}
+	bm.report("octets#to_i()                ") {iters.times {octets.to_i}}
+	bm.report("octets#to_s()                ") {iters.times {octets.to_s}}
 end

data/examples/100kpackets.rb CHANGED

@@ -14,18 +14,18 @@ start_time = Time.now.utc
 count = 0
 100.times do
-  @pcaps = []
-  1000.times do
-    u = UDPPacket.new
-    u.ip_src = [rand(2**32-1)].pack("N")
-    u.ip_dst = [rand(2**32-1)].pack("N")
-    u.recalc
-    @pcaps << u
-  end
-  pfile = PcapFile.new
-  res = pfile.array_to_file(:filename => "/tmp/out.pcap", :array => @pcaps, :append => true)
-  count += res.last
-  puts "Wrote #{count} packets in #{Time.now.utc - start_time} seconds"
+	@pcaps = []
+	1000.times do
+		u = UDPPacket.new
+		u.ip_src = [rand(2**32-1)].pack("N")
+		u.ip_dst = [rand(2**32-1)].pack("N")
+		u.recalc
+		@pcaps << u
+	end
+	pfile = PcapFile.new
+	res = pfile.array_to_file(:filename => "/tmp/out.pcap", :array => @pcaps, :append => true)
+	count += res.last
+	puts "Wrote #{count} packets in #{Time.now.utc - start_time} seconds"
 end
 read_bytes_start = Time.now.utc

data/examples/ackscan.rb CHANGED

@@ -10,25 +10,25 @@ require 'packetfu'
 #cap = Capture.new(:iface=>'wlan0') # or whatever your interface is
 # Run this on the third
 def do_scan
-  puts "Generating packets..."
-  pkt_array = gen_packets.sort_by {rand}
-  puts "Dumping them on the wire..."
-  inj = PacketFu::Inject.new(:iface => ARGV[0])
-  inj.array_to_wire(:array=>pkt_array)
-  puts "Done!"
+	puts "Generating packets..."
+	pkt_array = gen_packets.sort_by {rand}
+	puts "Dumping them on the wire..."
+	inj = PacketFu::Inject.new(:iface => ARGV[0])
+	inj.array_to_wire(:array=>pkt_array)
+	puts "Done!"
 end
 def gen_packets
-  config = PacketFu::Utils.whoami?(:iface=>ARGV[0])
-  pkt = PacketFu::TCPPacket.new(:config=>config, :flavor=>"Windows")
-  pkt.payload ="all I wanna do is ACK ACK ACK and a RST and take your money"
-  pkt.ip_daddr="209.85.165.0"	# One of Google's networks
-  pkt.tcp_flags.ack=1
-  pkt.tcp_dst=81
-  pkt_array = []
-  256.times do |i|
-   pkt.ip_dst.o4=i
-   pkt.tcp_src = rand(5000 - 1025) + 1025
+	config = PacketFu::Utils.whoami?(:iface=>ARGV[0])
+	pkt = PacketFu::TCPPacket.new(:config=>config, :flavor=>"Windows")
+	pkt.payload ="all I wanna do is ACK ACK ACK and a RST and take your money"
+	pkt.ip_daddr="209.85.165.0"	# One of Google's networks
+	pkt.tcp_flags.ack=1
+	pkt.tcp_dst=81
+	pkt_array = []
+	256.times do |i|
+	 pkt.ip_dst.o4=i
+	 pkt.tcp_src = rand(5000 - 1025) + 1025
  	 pkt.recalc
  	 pkt_array << pkt.to_s
  	end

data/examples/arp.rb CHANGED

@@ -9,11 +9,11 @@ require './examples' # For path setting slight-of-hand
 require 'packetfu'
 def usage
-  if ARGV[0].nil?
-    raise ArgumentError, "You need an IP address to start with."
-  elsif !Process.euid.zero?
-    raise SecurityError, "You need to be root to run this."
-  end
+	if ARGV[0].nil?
+		raise ArgumentError, "You need an IP address to start with."
+	elsif !Process.euid.zero?
+		raise SecurityError, "You need to be root to run this."
+	end
 end
 usage unless target_ip = ARGV[0]		# Need a target IP.
@@ -24,36 +24,36 @@ $packetfu_default = PacketFu::Config.new(PacketFu::Utils.whoami?).config
 def arp(target_ip)
-  arp_pkt = PacketFu::ARPPacket.new(:flavor => "Windows")
-  arp_pkt.eth_saddr = arp_pkt.arp_saddr_mac = $packetfu_default[:eth_saddr]
-  arp_pkt.eth_daddr = "ff:ff:ff:ff:ff:ff"
-  arp_pkt.arp_daddr_mac = "00:00:00:00:00:00"
-  arp_pkt.arp_saddr_ip = $packetfu_default[:ip_saddr]
-  arp_pkt.arp_daddr_ip = target_ip
-  # Stick the Capture object in its own thread.
-  cap_thread = Thread.new do
-    cap = PacketFu::Capture.new(:start => true,
-                                :filter => "arp src #{target_ip} and ether dst #{arp_pkt.eth_saddr}")
-    arp_pkt.to_w # Shorthand for sending single packets to the default interface.
-    target_mac = nil
-    while target_mac.nil?
-      if cap.save > 0
-        arp_response = PacketFu::Packet.parse(cap.array[0])
-        target_mac = arp_response.arp_saddr_mac if arp_response.arp_saddr_ip = target_ip
-      end
-      sleep 0.1 # Check for a response ten times per second.
-    end
-    puts "#{target_ip} is-at #{target_mac}"
-    # That's all we need.
-    exit 0
-  end
-  # Timeout for cap_thread
-  sleep 3; puts "Oh noes! Couldn't get an arp out of #{target_ip}. Maybe it's not here."
-  exit 1
+	arp_pkt = PacketFu::ARPPacket.new(:flavor => "Windows")
+	arp_pkt.eth_saddr = arp_pkt.arp_saddr_mac = $packetfu_default[:eth_saddr]
+	arp_pkt.eth_daddr = "ff:ff:ff:ff:ff:ff"
+	arp_pkt.arp_daddr_mac = "00:00:00:00:00:00"
+	arp_pkt.arp_saddr_ip = $packetfu_default[:ip_saddr]
+	arp_pkt.arp_daddr_ip = target_ip
+	# Stick the Capture object in its own thread.
+	cap_thread = Thread.new do
+		cap = PacketFu::Capture.new(:start => true,
+																:filter => "arp src #{target_ip} and ether dst #{arp_pkt.eth_saddr}")
+		arp_pkt.to_w # Shorthand for sending single packets to the default interface.
+		target_mac = nil
+		while target_mac.nil?
+			if cap.save > 0
+				arp_response = PacketFu::Packet.parse(cap.array[0])
+				target_mac = arp_response.arp_saddr_mac if arp_response.arp_saddr_ip = target_ip
+			end
+			sleep 0.1 # Check for a response ten times per second.
+		end
+		puts "#{target_ip} is-at #{target_mac}"
+		# That's all we need.
+		exit 0
+	end
+	# Timeout for cap_thread
+	sleep 3; puts "Oh noes! Couldn't get an arp out of #{target_ip}. Maybe it's not here."
+	exit 1
 end
 arp(target_ip)

data/examples/arphood.rb CHANGED

@@ -11,20 +11,20 @@ require 'open-uri'
 $oui_prefixes = {}
 $arp_results = []
 def build_oui_list
-  if ARGV[2].nil?
-    puts "Fetching the oui.txt from IEEE, it'll be a second. Avoid this with #{$0} [iface] [network] <filename>."
-  oui_file = open("http://standards.ieee.org/regauth/oui/oui.txt")
-  else
-  oui_file =	File.open(ARGV[2], "rb")
-  end
-  oui_file.each do |oui_line|
-    maybe_oui = oui_line.scan(/^[0-9a-f]{2}\-[0-9a-f]{2}\-[0-9a-f]{2}/i)[0]
-    unless maybe_oui.nil?
-      oui_value = maybe_oui
-      oui_vendor = oui_line.split(/\(hex\)\s*/n)[1] || "PRIVATE"
-      $oui_prefixes[oui_value] = oui_vendor.chomp
-    end
-  end
+	if ARGV[2].nil?
+		puts "Fetching the oui.txt from IEEE, it'll be a second. Avoid this with #{$0} [iface] [network] <filename>."
+	oui_file = open("http://standards.ieee.org/regauth/oui/oui.txt")
+	else
+	oui_file =	File.open(ARGV[2], "rb")
+	end
+	oui_file.each do |oui_line|
+		maybe_oui = oui_line.scan(/^[0-9a-f]{2}\-[0-9a-f]{2}\-[0-9a-f]{2}/i)[0]
+		unless maybe_oui.nil?
+			oui_value = maybe_oui
+			oui_vendor = oui_line.split(/\(hex\)\s*/n)[1] || "PRIVATE"
+			$oui_prefixes[oui_value] = oui_vendor.chomp
+		end
+	end
 end
 build_oui_list
@@ -32,30 +32,30 @@ build_oui_list
 $root_ok = true if Process.euid.zero?
 def arp_everyone
-  my_net = PacketFu::Config.new(PacketFu::Utils.whoami?(:iface =>(ARGV[0] || 'wlan0')))
-  threads = []
-  network = ARGV[1] || "192.168.2"
-  print "Arping around..."
-  253.times do |i|
-    threads[i] = Thread.new do
-      this_host = network + ".#{i+1}"
-      print "."
-      colon_mac = PacketFu::Utils.arp(this_host,my_net.config)
-      unless colon_mac.nil?
-        hyphen_mac = colon_mac.tr(':','-').upcase[0,8]
-      else
-        hyphen_mac = colon_mac = "NOTHERE"
-      end
-      $arp_results <<  "%s : %s / %s" % [this_host,colon_mac,$oui_prefixes[hyphen_mac]]
-    end
-  end
-  threads.each {|thr| thr.join}
+	my_net = PacketFu::Config.new(PacketFu::Utils.whoami?(:iface =>(ARGV[0] || 'wlan0')))
+	threads = []
+	network = ARGV[1] || "192.168.2"
+	print "Arping around..."
+	253.times do |i|
+		threads[i] = Thread.new do
+			this_host = network + ".#{i+1}"
+			print "."
+			colon_mac = PacketFu::Utils.arp(this_host,my_net.config)
+			unless colon_mac.nil?
+				hyphen_mac = colon_mac.tr(':','-').upcase[0,8]
+			else
+				hyphen_mac = colon_mac = "NOTHERE"
+			end
+			$arp_results <<  "%s : %s / %s" % [this_host,colon_mac,$oui_prefixes[hyphen_mac]]
+		end
+	end
+	threads.each {|thr| thr.join}
 end
 if $root_ok
-  arp_everyone
-  puts "\n"
-  sleep 3
-  $arp_results.sort.each {|a| puts a unless a =~ /NOTHERE/}
+	arp_everyone
+	puts "\n"
+	sleep 3
+	$arp_results.sort.each {|a| puts a unless a =~ /NOTHERE/}
 end

data/examples/dissect_thinger.rb CHANGED

@@ -14,10 +14,10 @@ include PacketFu
 packets = PcapFile.file_to_array fname
 packets.each do |packet|
-  puts "_" * 75
-  puts packet.inspect
-  puts "_" * 75
-  pkt = Packet.parse(packet)
-  puts pkt.dissect
-  sleep sleep_interval
+	puts "_" * 75
+	puts packet.inspect
+	puts "_" * 75
+	pkt = Packet.parse(packet)
+	puts pkt.dissect
+	sleep sleep_interval
 end

data/examples/new-simple-stats.rb CHANGED

@@ -13,38 +13,38 @@ require './examples' # For path setting slight-of-hand
 require 'packetfu'
 def print_results(stats)
-  stats.each_pair { |k,v| puts "%-12s: %10d" % [k,v] }
+	stats.each_pair { |k,v| puts "%-12s: %10d" % [k,v] }
 end
 # Takes a file name, parses the packets, and records the packet
 # type based on its PacketFu class.
 def count_packet_types(file)
-  stats = {}
-  count = 0
-  elapsed = 0
-  start_time = Time.now
-  PacketFu::PcapFile.read_packets(file) do |pkt|
-    kind = pkt.proto.last.to_sym
-    stats[kind] ? stats[kind] += 1 : stats[kind] = 1
-    count += 1
-    elapsed = (Time.now - start_time).to_i
-    if count % 5_000 == 0
-      puts "After #{count} packets (#{elapsed} seconds elapsed):"
-      print_results(stats)
-    end
-  end
-  puts "Final results for #{count} packets (#{elapsed} seconds elapsed):"
-  print_results(stats)
+	stats = {}
+	count = 0
+	elapsed = 0
+	start_time = Time.now
+	PacketFu::PcapFile.read_packets(file) do |pkt|
+		kind = pkt.proto.last.to_sym
+		stats[kind] ? stats[kind] += 1 : stats[kind] = 1
+		count += 1
+		elapsed = (Time.now - start_time).to_i
+		if count % 5_000 == 0
+			puts "After #{count} packets (#{elapsed} seconds elapsed):"
+			print_results(stats)
+		end
+	end
+	puts "Final results for #{count} packets (#{elapsed} seconds elapsed):"
+	print_results(stats)
 end
 if File.readable?(infile = (ARGV[0] || 'in.pcap'))
-  title = "Packets by packet type in '#{infile}'"
-  puts "-" * title.size
-  puts title
-  puts "-" * title.size
-  count_packet_types(infile)
+	title = "Packets by packet type in '#{infile}'"
+	puts "-" * title.size
+	puts title
+	puts "-" * title.size
+	count_packet_types(infile)
 else
-  raise RuntimeError, "Need an infile, like so: #{$0} in.pcap"
+	raise RuntimeError, "Need an infile, like so: #{$0} in.pcap"
 end

data/examples/packetfu-shell.rb CHANGED

@@ -49,12 +49,12 @@ require './examples'
 require 'packetfu'
 module PacketFu
-  def whoami?(args={})
-    Utils.whoami?(args)
-  end
-  def arp(arg)
-    Utils.arp(arg)
-  end
+	def whoami?(args={})
+		Utils.whoami?(args)
+	end
+	def arp(arg)
+		Utils.arp(arg)
+	end
 end
 include PacketFu
@@ -64,7 +64,7 @@ include PacketFu
 # http://jisho.org/words?jap=+%E3%83%91%E3%82%B1%E3%83%83%E3%83%88%E3%83%95&eng=&dict=edict
 #
 def packetfu_ascii_art
-  puts <<EOM
+	puts <<EOM
  _______  _______  _______  _        _______ _________ _______
 (  ____ )(  ___  )(  ____ \\| \\    /\\(  ____ \\\\__   __/(  ____ \\|\\     /|
 | (    )|| (   ) || (    \\/|  \\  / /| (    \\/   ) (   | (    \\/| )   ( |
@@ -82,33 +82,33 @@ def packetfu_ascii_art
              a mid-level packet manipulation library for ruby
 EOM
-  end
+	end
 @pcaprub_loaded = PacketFu.pcaprub_loaded?
 # Displays a helpful banner.
 def banner
-  packetfu_ascii_art
-  puts ">>> PacketFu Shell #{PacketFu.version}."
-  if Process.euid.zero? && @pcaprub_loaded
-    puts ">>> Use $packetfu_default.config for salient networking details."
-    print "IP:  %-15s Mac: %s" % [$packetfu_default.ip_saddr, $packetfu_default.eth_saddr]
-    puts "   Gateway: %s" % $packetfu_default.eth_daddr
-    print "Net: %-15s" % [Pcap.lookupnet($packetfu_default.iface)][0]
-    print "  " * 13
-    puts "Iface:   %s" % [($packetfu_default.iface)]
-    puts ">>> Packet capturing/injecting enabled."
-  else
-    print ">>> Packet capturing/injecting disabled. "
-    puts Process.euid.zero? ? "(no PcapRub)" : "(not root)"
-  end
-  puts "<>" * 36
+	packetfu_ascii_art
+	puts ">>> PacketFu Shell #{PacketFu.version}."
+	if Process.euid.zero? && @pcaprub_loaded
+		puts ">>> Use $packetfu_default.config for salient networking details."
+		print "IP:  %-15s Mac: %s" % [$packetfu_default.ip_saddr, $packetfu_default.eth_saddr]
+		puts "   Gateway: %s" % $packetfu_default.eth_daddr
+		print "Net: %-15s" % [Pcap.lookupnet($packetfu_default.iface)][0]
+		print "  " * 13
+		puts "Iface:   %s" % [($packetfu_default.iface)]
+		puts ">>> Packet capturing/injecting enabled."
+	else
+		print ">>> Packet capturing/injecting disabled. "
+		puts Process.euid.zero? ? "(no PcapRub)" : "(not root)"
+	end
+	puts "<>" * 36
 end
 # Silly wlan0 workaround
 begin
-  $packetfu_default = PacketFu::Config.new(Utils.whoami?) if(@pcaprub_loaded && Process.euid.zero?)
+	$packetfu_default = PacketFu::Config.new(Utils.whoami?) if(@pcaprub_loaded && Process.euid.zero?)
 rescue RuntimeError
-  $packetfu_default = PacketFu::Config.new(Utils.whoami?(:iface => 'wlan0')) if(@pcaprub_loaded && Process.euid.zero?)
+	$packetfu_default = PacketFu::Config.new(Utils.whoami?(:iface => 'wlan0')) if(@pcaprub_loaded && Process.euid.zero?)
 end
 banner

data/examples/simple-sniffer.rb CHANGED

@@ -8,15 +8,15 @@ include PacketFu
 iface = ARGV[0] || "eth0"
 def sniff(iface)
-  cap = Capture.new(:iface => iface, :start => true)
-  cap.stream.each do |p|
-    pkt = Packet.parse p
-    if pkt.is_ip?
-      next if pkt.ip_saddr == Utils.ifconfig(iface)[:ip_saddr]
-      packet_info = [pkt.ip_saddr, pkt.ip_daddr, pkt.size, pkt.proto.last]
-      puts "%-15s -> %-15s %-4d %s" % packet_info
-    end
-  end
+	cap = Capture.new(:iface => iface, :start => true)
+	cap.stream.each do |p|
+		pkt = Packet.parse p
+		if pkt.is_ip?
+			next if pkt.ip_saddr == Utils.ifconfig(iface)[:ip_saddr]
+			packet_info = [pkt.ip_saddr, pkt.ip_daddr, pkt.size, pkt.proto.last]
+			puts "%-15s -> %-15s %-4d %s" % packet_info
+		end
+	end
 end
 sniff(iface)