RubyGems - packetfu - Versions diffs - 1.1.9 → 1.1.10 - Mend

packetfu 1.1.9 → 1.1.10

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (77) hide show

data/bench/octets.rb +9 -9
data/examples/100kpackets.rb +12 -12
data/examples/ackscan.rb +16 -16
data/examples/arp.rb +35 -35
data/examples/arphood.rb +36 -36
data/examples/dissect_thinger.rb +6 -6
data/examples/new-simple-stats.rb +23 -23
data/examples/packetfu-shell.rb +25 -25
data/examples/simple-sniffer.rb +9 -9
data/examples/simple-stats.rb +23 -23
data/examples/slammer.rb +3 -3
data/lib/packetfu.rb +127 -127
data/lib/packetfu/capture.rb +169 -169
data/lib/packetfu/config.rb +52 -52
data/lib/packetfu/inject.rb +56 -56
data/lib/packetfu/packet.rb +528 -528
data/lib/packetfu/pcap.rb +579 -579
data/lib/packetfu/protos/arp.rb +90 -90
data/lib/packetfu/protos/arp/header.rb +158 -158
data/lib/packetfu/protos/arp/mixin.rb +36 -36
data/lib/packetfu/protos/eth.rb +44 -44
data/lib/packetfu/protos/eth/header.rb +243 -243
data/lib/packetfu/protos/eth/mixin.rb +3 -3
data/lib/packetfu/protos/hsrp.rb +69 -69
data/lib/packetfu/protos/hsrp/header.rb +107 -107
data/lib/packetfu/protos/hsrp/mixin.rb +29 -29
data/lib/packetfu/protos/icmp.rb +71 -71
data/lib/packetfu/protos/icmp/header.rb +82 -82
data/lib/packetfu/protos/icmp/mixin.rb +14 -14
data/lib/packetfu/protos/invalid.rb +49 -49
data/lib/packetfu/protos/ip.rb +69 -69
data/lib/packetfu/protos/ip/header.rb +291 -291
data/lib/packetfu/protos/ip/mixin.rb +40 -40
data/lib/packetfu/protos/ipv6.rb +50 -50
data/lib/packetfu/protos/ipv6/header.rb +188 -188
data/lib/packetfu/protos/ipv6/mixin.rb +29 -29
data/lib/packetfu/protos/tcp.rb +176 -176
data/lib/packetfu/protos/tcp/ecn.rb +35 -35
data/lib/packetfu/protos/tcp/flags.rb +74 -74
data/lib/packetfu/protos/tcp/header.rb +268 -268
data/lib/packetfu/protos/tcp/hlen.rb +32 -32
data/lib/packetfu/protos/tcp/mixin.rb +46 -46
data/lib/packetfu/protos/tcp/option.rb +321 -321
data/lib/packetfu/protos/tcp/options.rb +95 -95
data/lib/packetfu/protos/tcp/reserved.rb +35 -35
data/lib/packetfu/protos/udp.rb +116 -116
data/lib/packetfu/protos/udp/header.rb +91 -91
data/lib/packetfu/protos/udp/mixin.rb +3 -3
data/lib/packetfu/structfu.rb +280 -280
data/lib/packetfu/utils.rb +226 -217
data/lib/packetfu/version.rb +41 -41
data/packetfu.gemspec +2 -1
data/spec/ethpacket_spec.rb +48 -48
data/spec/packet_spec.rb +57 -57
data/spec/packet_subclasses_spec.rb +8 -8
data/spec/packetfu_spec.rb +59 -59
data/spec/structfu_spec.rb +268 -268
data/spec/tcp_spec.rb +75 -75
data/test/all_tests.rb +13 -13
data/test/func_lldp.rb +3 -3
data/test/ptest.rb +2 -2
data/test/test_arp.rb +116 -116
data/test/test_capture.rb +45 -45
data/test/test_eth.rb +68 -68
data/test/test_hsrp.rb +9 -9
data/test/test_icmp.rb +52 -52
data/test/test_inject.rb +18 -18
data/test/test_invalid.rb +16 -16
data/test/test_ip.rb +36 -36
data/test/test_ip6.rb +48 -48
data/test/test_octets.rb +21 -21
data/test/test_packet.rb +154 -154
data/test/test_pcap.rb +170 -170
data/test/test_structfu.rb +97 -97
data/test/test_tcp.rb +320 -320
data/test/test_udp.rb +76 -76
metadata +4 -3

data/bench/octets.rb CHANGED

@@ -8,15 +8,15 @@ IPV4_STR = "1.2.3.4"
 iters = 50_000
 Benchmark.bm do |bm|
-  bm.report("Octets.new.read(...)         ") {iters.times {PacketFu::Octets.new.read(IPV4_RAW)}}
-  bm.report("Octets.new.read_quad(...)    ") {iters.times {PacketFu::Octets.new.read_quad(IPV4_STR)}}
+	bm.report("Octets.new.read(...)         ") {iters.times {PacketFu::Octets.new.read(IPV4_RAW)}}
+	bm.report("Octets.new.read_quad(...)    ") {iters.times {PacketFu::Octets.new.read_quad(IPV4_STR)}}
-  octets = PacketFu::Octets.new
-  bm.report("octets#read(...)             ") {iters.times {octets.read(IPV4_RAW)}}
-  bm.report("octets#read_quad(...)        ") {iters.times {octets.read_quad(IPV4_STR)}}
+	octets = PacketFu::Octets.new
+	bm.report("octets#read(...)             ") {iters.times {octets.read(IPV4_RAW)}}
+	bm.report("octets#read_quad(...)        ") {iters.times {octets.read_quad(IPV4_STR)}}
-  octets.read(IPV4_RAW)
-  bm.report("octets#to_x()                ") {iters.times {octets.to_x}}
-  bm.report("octets#to_i()                ") {iters.times {octets.to_i}}
-  bm.report("octets#to_s()                ") {iters.times {octets.to_s}}
+	octets.read(IPV4_RAW)
+	bm.report("octets#to_x()                ") {iters.times {octets.to_x}}
+	bm.report("octets#to_i()                ") {iters.times {octets.to_i}}
+	bm.report("octets#to_s()                ") {iters.times {octets.to_s}}
 end

data/examples/100kpackets.rb CHANGED

@@ -14,18 +14,18 @@ start_time = Time.now.utc
 count = 0
 100.times do
-  @pcaps = []
-  1000.times do
-    u = UDPPacket.new
-    u.ip_src = [rand(2**32-1)].pack("N")
-    u.ip_dst = [rand(2**32-1)].pack("N")
-    u.recalc
-    @pcaps << u
-  end
-  pfile = PcapFile.new
-  res = pfile.array_to_file(:filename => "/tmp/out.pcap", :array => @pcaps, :append => true)
-  count += res.last
-  puts "Wrote #{count} packets in #{Time.now.utc - start_time} seconds"
+	@pcaps = []
+	1000.times do
+		u = UDPPacket.new
+		u.ip_src = [rand(2**32-1)].pack("N")
+		u.ip_dst = [rand(2**32-1)].pack("N")
+		u.recalc
+		@pcaps << u
+	end
+	pfile = PcapFile.new
+	res = pfile.array_to_file(:filename => "/tmp/out.pcap", :array => @pcaps, :append => true)
+	count += res.last
+	puts "Wrote #{count} packets in #{Time.now.utc - start_time} seconds"
 end
 read_bytes_start = Time.now.utc

data/examples/ackscan.rb CHANGED

@@ -10,25 +10,25 @@ require 'packetfu'
 #cap = Capture.new(:iface=>'wlan0') # or whatever your interface is
 # Run this on the third
 def do_scan
-  puts "Generating packets..."
-  pkt_array = gen_packets.sort_by {rand}
-  puts "Dumping them on the wire..."
-  inj = PacketFu::Inject.new(:iface => ARGV[0])
-  inj.array_to_wire(:array=>pkt_array)
-  puts "Done!"
+	puts "Generating packets..."
+	pkt_array = gen_packets.sort_by {rand}
+	puts "Dumping them on the wire..."
+	inj = PacketFu::Inject.new(:iface => ARGV[0])
+	inj.array_to_wire(:array=>pkt_array)
+	puts "Done!"
 end
 def gen_packets
-  config = PacketFu::Utils.whoami?(:iface=>ARGV[0])
-  pkt = PacketFu::TCPPacket.new(:config=>config, :flavor=>"Windows")
-  pkt.payload ="all I wanna do is ACK ACK ACK and a RST and take your money"
-  pkt.ip_daddr="209.85.165.0"	# One of Google's networks
-  pkt.tcp_flags.ack=1
-  pkt.tcp_dst=81
-  pkt_array = []
-  256.times do |i|
-   pkt.ip_dst.o4=i
-   pkt.tcp_src = rand(5000 - 1025) + 1025
+	config = PacketFu::Utils.whoami?(:iface=>ARGV[0])
+	pkt = PacketFu::TCPPacket.new(:config=>config, :flavor=>"Windows")
+	pkt.payload ="all I wanna do is ACK ACK ACK and a RST and take your money"
+	pkt.ip_daddr="209.85.165.0"	# One of Google's networks
+	pkt.tcp_flags.ack=1
+	pkt.tcp_dst=81
+	pkt_array = []
+	256.times do |i|
+	 pkt.ip_dst.o4=i
+	 pkt.tcp_src = rand(5000 - 1025) + 1025
  	 pkt.recalc
  	 pkt_array << pkt.to_s
  	end

data/examples/arp.rb CHANGED

@@ -9,11 +9,11 @@ require './examples' # For path setting slight-of-hand
 require 'packetfu'
 def usage
-  if ARGV[0].nil?
-    raise ArgumentError, "You need an IP address to start with."
-  elsif !Process.euid.zero?
-    raise SecurityError, "You need to be root to run this."
-  end
+	if ARGV[0].nil?
+		raise ArgumentError, "You need an IP address to start with."
+	elsif !Process.euid.zero?
+		raise SecurityError, "You need to be root to run this."
+	end
 end
 usage unless target_ip = ARGV[0]		# Need a target IP.
@@ -24,36 +24,36 @@ $packetfu_default = PacketFu::Config.new(PacketFu::Utils.whoami?).config
 def arp(target_ip)
-  arp_pkt = PacketFu::ARPPacket.new(:flavor => "Windows")
-  arp_pkt.eth_saddr = arp_pkt.arp_saddr_mac = $packetfu_default[:eth_saddr]
-  arp_pkt.eth_daddr = "ff:ff:ff:ff:ff:ff"
-  arp_pkt.arp_daddr_mac = "00:00:00:00:00:00"
-  arp_pkt.arp_saddr_ip = $packetfu_default[:ip_saddr]
-  arp_pkt.arp_daddr_ip = target_ip
-  # Stick the Capture object in its own thread.
-  cap_thread = Thread.new do
-    cap = PacketFu::Capture.new(:start => true,
-                                :filter => "arp src #{target_ip} and ether dst #{arp_pkt.eth_saddr}")
-    arp_pkt.to_w # Shorthand for sending single packets to the default interface.
-    target_mac = nil
-    while target_mac.nil?
-      if cap.save > 0
-        arp_response = PacketFu::Packet.parse(cap.array[0])
-        target_mac = arp_response.arp_saddr_mac if arp_response.arp_saddr_ip = target_ip
-      end
-      sleep 0.1 # Check for a response ten times per second.
-    end
-    puts "#{target_ip} is-at #{target_mac}"
-    # That's all we need.
-    exit 0
-  end
-  # Timeout for cap_thread
-  sleep 3; puts "Oh noes! Couldn't get an arp out of #{target_ip}. Maybe it's not here."
-  exit 1
+	arp_pkt = PacketFu::ARPPacket.new(:flavor => "Windows")
+	arp_pkt.eth_saddr = arp_pkt.arp_saddr_mac = $packetfu_default[:eth_saddr]
+	arp_pkt.eth_daddr = "ff:ff:ff:ff:ff:ff"
+	arp_pkt.arp_daddr_mac = "00:00:00:00:00:00"
+	arp_pkt.arp_saddr_ip = $packetfu_default[:ip_saddr]
+	arp_pkt.arp_daddr_ip = target_ip
+	# Stick the Capture object in its own thread.
+	cap_thread = Thread.new do
+		cap = PacketFu::Capture.new(:start => true,
+																:filter => "arp src #{target_ip} and ether dst #{arp_pkt.eth_saddr}")
+		arp_pkt.to_w # Shorthand for sending single packets to the default interface.
+		target_mac = nil
+		while target_mac.nil?
+			if cap.save > 0
+				arp_response = PacketFu::Packet.parse(cap.array[0])
+				target_mac = arp_response.arp_saddr_mac if arp_response.arp_saddr_ip = target_ip
+			end
+			sleep 0.1 # Check for a response ten times per second.
+		end
+		puts "#{target_ip} is-at #{target_mac}"
+		# That's all we need.
+		exit 0
+	end
+	# Timeout for cap_thread
+	sleep 3; puts "Oh noes! Couldn't get an arp out of #{target_ip}. Maybe it's not here."
+	exit 1
 end
 arp(target_ip)

data/examples/arphood.rb CHANGED

@@ -11,20 +11,20 @@ require 'open-uri'
 $oui_prefixes = {}
 $arp_results = []
 def build_oui_list
-  if ARGV[2].nil?
-    puts "Fetching the oui.txt from IEEE, it'll be a second. Avoid this with #{$0} [iface] [network] <filename>."
-  oui_file = open("http://standards.ieee.org/regauth/oui/oui.txt")
-  else
-  oui_file =	File.open(ARGV[2], "rb")
-  end
-  oui_file.each do |oui_line|
-    maybe_oui = oui_line.scan(/^[0-9a-f]{2}\-[0-9a-f]{2}\-[0-9a-f]{2}/i)[0]
-    unless maybe_oui.nil?
-      oui_value = maybe_oui
-      oui_vendor = oui_line.split(/\(hex\)\s*/n)[1] || "PRIVATE"
-      $oui_prefixes[oui_value] = oui_vendor.chomp
-    end
-  end
+	if ARGV[2].nil?
+		puts "Fetching the oui.txt from IEEE, it'll be a second. Avoid this with #{$0} [iface] [network] <filename>."
+	oui_file = open("http://standards.ieee.org/regauth/oui/oui.txt")
+	else
+	oui_file =	File.open(ARGV[2], "rb")
+	end
+	oui_file.each do |oui_line|
+		maybe_oui = oui_line.scan(/^[0-9a-f]{2}\-[0-9a-f]{2}\-[0-9a-f]{2}/i)[0]
+		unless maybe_oui.nil?
+			oui_value = maybe_oui
+			oui_vendor = oui_line.split(/\(hex\)\s*/n)[1] || "PRIVATE"
+			$oui_prefixes[oui_value] = oui_vendor.chomp
+		end
+	end
 end
 build_oui_list
@@ -32,30 +32,30 @@ build_oui_list
 $root_ok = true if Process.euid.zero?
 def arp_everyone
-  my_net = PacketFu::Config.new(PacketFu::Utils.whoami?(:iface =>(ARGV[0] || 'wlan0')))
-  threads = []
-  network = ARGV[1] || "192.168.2"
-  print "Arping around..."
-  253.times do |i|
-    threads[i] = Thread.new do
-      this_host = network + ".#{i+1}"
-      print "."
-      colon_mac = PacketFu::Utils.arp(this_host,my_net.config)
-      unless colon_mac.nil?
-        hyphen_mac = colon_mac.tr(':','-').upcase[0,8]
-      else
-        hyphen_mac = colon_mac = "NOTHERE"
-      end
-      $arp_results <<  "%s : %s / %s" % [this_host,colon_mac,$oui_prefixes[hyphen_mac]]
-    end
-  end
-  threads.each {|thr| thr.join}
+	my_net = PacketFu::Config.new(PacketFu::Utils.whoami?(:iface =>(ARGV[0] || 'wlan0')))
+	threads = []
+	network = ARGV[1] || "192.168.2"
+	print "Arping around..."
+	253.times do |i|
+		threads[i] = Thread.new do
+			this_host = network + ".#{i+1}"
+			print "."
+			colon_mac = PacketFu::Utils.arp(this_host,my_net.config)
+			unless colon_mac.nil?
+				hyphen_mac = colon_mac.tr(':','-').upcase[0,8]
+			else
+				hyphen_mac = colon_mac = "NOTHERE"
+			end
+			$arp_results <<  "%s : %s / %s" % [this_host,colon_mac,$oui_prefixes[hyphen_mac]]
+		end
+	end
+	threads.each {|thr| thr.join}
 end
 if $root_ok
-  arp_everyone
-  puts "\n"
-  sleep 3
-  $arp_results.sort.each {|a| puts a unless a =~ /NOTHERE/}
+	arp_everyone
+	puts "\n"
+	sleep 3
+	$arp_results.sort.each {|a| puts a unless a =~ /NOTHERE/}
 end

data/examples/dissect_thinger.rb CHANGED

@@ -14,10 +14,10 @@ include PacketFu
 packets = PcapFile.file_to_array fname
 packets.each do |packet|
-  puts "_" * 75
-  puts packet.inspect
-  puts "_" * 75
-  pkt = Packet.parse(packet)
-  puts pkt.dissect
-  sleep sleep_interval
+	puts "_" * 75
+	puts packet.inspect
+	puts "_" * 75
+	pkt = Packet.parse(packet)
+	puts pkt.dissect
+	sleep sleep_interval
 end

data/examples/new-simple-stats.rb CHANGED

@@ -13,38 +13,38 @@ require './examples' # For path setting slight-of-hand
 require 'packetfu'
 def print_results(stats)
-  stats.each_pair { |k,v| puts "%-12s: %10d" % [k,v] }
+	stats.each_pair { |k,v| puts "%-12s: %10d" % [k,v] }
 end
 # Takes a file name, parses the packets, and records the packet
 # type based on its PacketFu class.
 def count_packet_types(file)
-  stats = {}
-  count = 0
-  elapsed = 0
-  start_time = Time.now
-  PacketFu::PcapFile.read_packets(file) do |pkt|
-    kind = pkt.proto.last.to_sym
-    stats[kind] ? stats[kind] += 1 : stats[kind] = 1
-    count += 1
-    elapsed = (Time.now - start_time).to_i
-    if count % 5_000 == 0
-      puts "After #{count} packets (#{elapsed} seconds elapsed):"
-      print_results(stats)
-    end
-  end
-  puts "Final results for #{count} packets (#{elapsed} seconds elapsed):"
-  print_results(stats)
+	stats = {}
+	count = 0
+	elapsed = 0
+	start_time = Time.now
+	PacketFu::PcapFile.read_packets(file) do |pkt|
+		kind = pkt.proto.last.to_sym
+		stats[kind] ? stats[kind] += 1 : stats[kind] = 1
+		count += 1
+		elapsed = (Time.now - start_time).to_i
+		if count % 5_000 == 0
+			puts "After #{count} packets (#{elapsed} seconds elapsed):"
+			print_results(stats)
+		end
+	end
+	puts "Final results for #{count} packets (#{elapsed} seconds elapsed):"
+	print_results(stats)
 end
 if File.readable?(infile = (ARGV[0] || 'in.pcap'))
-  title = "Packets by packet type in '#{infile}'"
-  puts "-" * title.size
-  puts title
-  puts "-" * title.size
-  count_packet_types(infile)
+	title = "Packets by packet type in '#{infile}'"
+	puts "-" * title.size
+	puts title
+	puts "-" * title.size
+	count_packet_types(infile)
 else
-  raise RuntimeError, "Need an infile, like so: #{$0} in.pcap"
+	raise RuntimeError, "Need an infile, like so: #{$0} in.pcap"
 end

data/examples/packetfu-shell.rb CHANGED

@@ -49,12 +49,12 @@ require './examples'
 require 'packetfu'
 module PacketFu
-  def whoami?(args={})
-    Utils.whoami?(args)
-  end
-  def arp(arg)
-    Utils.arp(arg)
-  end
+	def whoami?(args={})
+		Utils.whoami?(args)
+	end
+	def arp(arg)
+		Utils.arp(arg)
+	end
 end
 include PacketFu
@@ -64,7 +64,7 @@ include PacketFu
 # http://jisho.org/words?jap=+%E3%83%91%E3%82%B1%E3%83%83%E3%83%88%E3%83%95&eng=&dict=edict
 #
 def packetfu_ascii_art
-  puts <<EOM
+	puts <<EOM
  _______  _______  _______  _        _______ _________ _______
 (  ____ )(  ___  )(  ____ \\| \\    /\\(  ____ \\\\__   __/(  ____ \\|\\     /|
 | (    )|| (   ) || (    \\/|  \\  / /| (    \\/   ) (   | (    \\/| )   ( |
@@ -82,33 +82,33 @@ def packetfu_ascii_art
              a mid-level packet manipulation library for ruby
 EOM
-  end
+	end
 @pcaprub_loaded = PacketFu.pcaprub_loaded?
 # Displays a helpful banner.
 def banner
-  packetfu_ascii_art
-  puts ">>> PacketFu Shell #{PacketFu.version}."
-  if Process.euid.zero? && @pcaprub_loaded
-    puts ">>> Use $packetfu_default.config for salient networking details."
-    print "IP:  %-15s Mac: %s" % [$packetfu_default.ip_saddr, $packetfu_default.eth_saddr]
-    puts "   Gateway: %s" % $packetfu_default.eth_daddr
-    print "Net: %-15s" % [Pcap.lookupnet($packetfu_default.iface)][0]
-    print "  " * 13
-    puts "Iface:   %s" % [($packetfu_default.iface)]
-    puts ">>> Packet capturing/injecting enabled."
-  else
-    print ">>> Packet capturing/injecting disabled. "
-    puts Process.euid.zero? ? "(no PcapRub)" : "(not root)"
-  end
-  puts "<>" * 36
+	packetfu_ascii_art
+	puts ">>> PacketFu Shell #{PacketFu.version}."
+	if Process.euid.zero? && @pcaprub_loaded
+		puts ">>> Use $packetfu_default.config for salient networking details."
+		print "IP:  %-15s Mac: %s" % [$packetfu_default.ip_saddr, $packetfu_default.eth_saddr]
+		puts "   Gateway: %s" % $packetfu_default.eth_daddr
+		print "Net: %-15s" % [Pcap.lookupnet($packetfu_default.iface)][0]
+		print "  " * 13
+		puts "Iface:   %s" % [($packetfu_default.iface)]
+		puts ">>> Packet capturing/injecting enabled."
+	else
+		print ">>> Packet capturing/injecting disabled. "
+		puts Process.euid.zero? ? "(no PcapRub)" : "(not root)"
+	end
+	puts "<>" * 36
 end
 # Silly wlan0 workaround
 begin
-  $packetfu_default = PacketFu::Config.new(Utils.whoami?) if(@pcaprub_loaded && Process.euid.zero?)
+	$packetfu_default = PacketFu::Config.new(Utils.whoami?) if(@pcaprub_loaded && Process.euid.zero?)
 rescue RuntimeError
-  $packetfu_default = PacketFu::Config.new(Utils.whoami?(:iface => 'wlan0')) if(@pcaprub_loaded && Process.euid.zero?)
+	$packetfu_default = PacketFu::Config.new(Utils.whoami?(:iface => 'wlan0')) if(@pcaprub_loaded && Process.euid.zero?)
 end
 banner

data/examples/simple-sniffer.rb CHANGED

@@ -8,15 +8,15 @@ include PacketFu
 iface = ARGV[0] || "eth0"
 def sniff(iface)
-  cap = Capture.new(:iface => iface, :start => true)
-  cap.stream.each do |p|
-    pkt = Packet.parse p
-    if pkt.is_ip?
-      next if pkt.ip_saddr == Utils.ifconfig(iface)[:ip_saddr]
-      packet_info = [pkt.ip_saddr, pkt.ip_daddr, pkt.size, pkt.proto.last]
-      puts "%-15s -> %-15s %-4d %s" % packet_info
-    end
-  end
+	cap = Capture.new(:iface => iface, :start => true)
+	cap.stream.each do |p|
+		pkt = Packet.parse p
+		if pkt.is_ip?
+			next if pkt.ip_saddr == Utils.ifconfig(iface)[:ip_saddr]
+			packet_info = [pkt.ip_saddr, pkt.ip_daddr, pkt.size, pkt.proto.last]
+			puts "%-15s -> %-15s %-4d %s" % packet_info
+		end
+	end
 end
 sniff(iface)