RubyGems - packetfu - Versions diffs - 1.1.6 → 1.1.8 - Mend

packetfu 1.1.6 → 1.1.8

Files changed (37) hide show

data/.mailmap +5 -0
data/README.rdoc +1 -1
data/Rakefile +11 -0
data/examples/arp.rb +1 -1
data/examples/arphood.rb +8 -7
data/examples/ethernet.rb +1 -1
data/examples/new-simple-stats.rb +1 -1
data/examples/packetfu-shell.rb +1 -1
data/examples/simple-sniffer.rb +2 -2
data/examples/simple-stats.rb +1 -1
data/examples/uniqpcap.rb +1 -1
data/lib/packetfu/capture.rb +11 -8
data/lib/packetfu/packet.rb +1 -1
data/lib/packetfu/protos/eth.rb +1 -1
data/lib/packetfu/protos/icmp.rb +1 -1
data/lib/packetfu/protos/lldp.rb +59 -0
data/lib/packetfu/protos/lldp/header.rb +250 -0
data/lib/packetfu/protos/lldp/mixin.rb +55 -0
data/lib/packetfu/utils.rb +7 -3
data/lib/packetfu/version.rb +1 -1
data/packetfu.gemspec +3 -3
data/{test → spec}/ethpacket_spec.rb +2 -2
data/{test → spec}/packet_spec.rb +0 -0
data/{test → spec}/packet_subclasses_spec.rb +0 -0
data/{test → spec}/packetfu_spec.rb +1 -6
data/spec/sample.pcap +0 -0
data/spec/sample2.pcap +0 -0
data/{test → spec}/structfu_spec.rb +0 -0
data/{test → spec}/tcp_spec.rb +1 -1
data/spec/vlan-pcapr.cap +0 -0
data/test/func_lldp.rb +25 -0
data/test/sample_lldp.pcap +0 -0
data/test/test_capture.rb +58 -0
data/test/test_icmp.rb +8 -0
data/test/test_tcp.rb +20 -0
data/test/test_udp.rb +8 -0
metadata +48 -15

data/.mailmap ADDED Viewed

@@ -0,0 +1,5 @@
+Tod Beardsley <todb@packetfu.com> Tod Beardsley <tod_beardsley@rapid7.com>
+Tod Beardsley <todb@packetfu.com> Tod Beardsley <todb@metasploit.com>
+Tod Beardsley <todb@packetfu.com> Tod Beardsley <todb@planb-security.net>
+Tod Beardsley <todb@packetfu.com> todb <todb@planb-security.net>

data/README.rdoc CHANGED Viewed

@@ -1,6 +1,6 @@
 = PacketFu
-A library for reading a writing packets to an interface or to a libpcap-formatted file.
+A library for reading and writing packets to an interface or to a libpcap-formatted file.
 It is maintained at http://code.google.com/p/packetfu and https://github.com/todb/packetfu (which repository will win?)

data/Rakefile ADDED Viewed

@@ -0,0 +1,11 @@
+begin
+	require 'rspec/core/rake_task'
+rescue LoadError
+	$stderr.puts "rspec not available, so can't set up spec tasks."
+else
+	RSpec::Core::RakeTask.new
+	task :default => :spec
+end

data/examples/arp.rb CHANGED Viewed

@@ -4,7 +4,7 @@
 # (and a wee bit cleaner) is already available as Packet::Utils::arp, since knowing the
 # MAC address of a target IP turns out to be pretty useful day-to-day.
-require 'examples' # For path setting slight-of-hand
+require './examples' # For path setting slight-of-hand
 require 'packetfu'
 def usage

data/examples/arphood.rb CHANGED Viewed

@@ -1,19 +1,20 @@
 #!/usr/bin/env ruby
 # A simple local network fingerprinter. Uses the OUI list.
+# Usage: rvmsudo ./arphood.rb [iface] [network] <oui.txt>
-require 'examples'
+require './examples'
 require 'packetfu'
 require 'open-uri'
 $oui_prefixes = {}
 $arp_results = []
 def build_oui_list
-	if ARGV[0].nil?
-		puts "Fetching the oui.txt from IEEE, it'll be a second. Avoid this with #{$0} <filename>."
+	if ARGV[2].nil?
+		puts "Fetching the oui.txt from IEEE, it'll be a second. Avoid this with #{$0} [iface] [network] <filename>."
 	oui_file = open("http://standards.ieee.org/regauth/oui/oui.txt")
 	else
-	oui_file =	File.open(ARGV[0], "rb")
+	oui_file =	File.open(ARGV[2], "rb")
 	end
 	oui_file.each do |oui_line|
 		maybe_oui = oui_line.scan(/^[0-9a-f]{2}\-[0-9a-f]{2}\-[0-9a-f]{2}/i)[0]
@@ -30,9 +31,9 @@ build_oui_list
 $root_ok = true if Process.euid.zero?
 def arp_everyone
-	my_net = PacketFu::Config.new(PacketFu::Utils.whoami?(:iface => 'wlan0'))
+	my_net = PacketFu::Config.new(PacketFu::Utils.whoami?(:iface =>(ARGV[0] || 'wlan0')))
 	threads = []
-	network = "192.168.2"
+	network = ARGV[1] || "192.168.2"
 	print "Arping around..."
 	253.times do |i|
 		threads[i] = Thread.new do
@@ -47,7 +48,7 @@ def arp_everyone
 			$arp_results <<  "%s : %s / %s" % [this_host,colon_mac,$oui_prefixes[hyphen_mac]]
 		end
 	end
-	threads.join
+	threads.each {|thr| thr.join}
 end
 if $root_ok

data/examples/ethernet.rb CHANGED Viewed

@@ -1,5 +1,5 @@
-require 'examples' # For path setting slight-of-hand
+require './examples' # For path setting slight-of-hand
 require 'packetfu'
 eth_pkt = PacketFu::EthPacket.new

data/examples/new-simple-stats.rb CHANGED Viewed

@@ -8,7 +8,7 @@
 # every 11 seconds (my own benchmark) for this script, at least
 # it doesn't hog up all your memory.
-require 'examples' # For path setting slight-of-hand
+require './examples' # For path setting slight-of-hand
 require 'packetfu'
 def print_results(stats)

data/examples/packetfu-shell.rb CHANGED Viewed

@@ -44,7 +44,7 @@
 #  => nil
 $: << File.expand_path(File.dirname(__FILE__) + "/../lib/")
-require 'examples'
+require './examples'
 require 'packetfu'
 module PacketFu

data/examples/simple-sniffer.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 #!/usr/bin/env ruby
-require 'examples'
+require './examples'
 require 'packetfu'
 puts "Simple sniffer for PacketFu #{PacketFu.version}"
@@ -11,7 +11,7 @@ def sniff(iface)
 	cap.stream.each do |p|
 		pkt = Packet.parse p
 		if pkt.is_ip?
-			next if pkt.ip_saddr == Utils.ifconfig[:ip_saddr]
+			next if pkt.ip_saddr == Utils.ifconfig(iface)[:ip_saddr]
 			packet_info = [pkt.ip_saddr, pkt.ip_daddr, pkt.size, pkt.proto.last]
 			puts "%-15s -> %-15s %-4d %s" % packet_info
 		end

data/examples/simple-stats.rb CHANGED Viewed

@@ -9,7 +9,7 @@
 # See new-simple-stats.rb for an example of the streaming
 # parsing method.
-require 'examples' # For path setting slight-of-hand
+require './examples' # For path setting slight-of-hand
 require 'packetfu'
 # Takes a file name, parses the packets, and records the packet

data/examples/uniqpcap.rb CHANGED Viewed

@@ -7,7 +7,7 @@
 # Currently, the timestamp information is lost due to PcapRub's
 # file read. For me, this isn't a big deal. Future versions
 # will deal with timestamps correctly.
-require 'examples' # For path setting slight-of-hand
+require './examples' # For path setting slight-of-hand
 require 'packetfu'
 in_array = PacketFu::Read.f2a(:file => ARGV[0])

data/lib/packetfu/capture.rb CHANGED Viewed

@@ -26,7 +26,7 @@ module PacketFu
 	# Read, Write
 	class Capture
 		attr_accessor :array, :stream # Leave these public and open.
-		attr_reader :iface, :snaplen, :promisc, :timeout # Cant change after the init.
+		attr_reader :iface, :snaplen, :promisc, :timeout, :filter
 		def initialize(args={})
 			@array = [] # Where the packet array goes.
@@ -35,13 +35,13 @@ module PacketFu
 			@snaplen = args[:snaplen] || 0xffff
 			@promisc = args[:promisc] || false # Sensible for some Intel wifi cards
 			@timeout = args[:timeout] || 1
+			@filter  = args[:filter] || args[:bpf]
 			setup_params(args)
 		end
 		# Used by new().
 		def setup_params(args={})
-			filter = args[:filter] # Not global; filter criteria can change.
+			filter = args[:filter] || args[:bpf] || @filter
 			start = args[:start] || false
 			capture if start
 			bpf(:filter=>filter) if filter
@@ -55,7 +55,7 @@ module PacketFu
 		#     When true, start capturing packets to the @stream variable. Defaults to true
 		def capture(args={})
 			if Process.euid.zero?
-				filter = args[:filter]
+				filter = args[:filter] || args[:bpf] || @filter
 				start = args[:start] || true
 				if start
 					begin
@@ -98,11 +98,14 @@ module PacketFu
 		#   :filter
 		#     Provide a bpf filter to enable for the capture. For example, 'ip and not tcp'
 		def bpf(args={})
-			filter = args[:filter]
+			filter = args[:filter] || args[:bpf] || @filter
 			capture if @stream.class == Array
-			@stream.setfilter(filter)
+			@stream.setfilter(filter) if filter
+			@filter = filter
 		end
+		alias :filter :bpf
 		# wire_to_array() saves a packet stream as an array of binary strings. From here,
 		# packets may accessed by other functions. Note that the wire_to_array empties
 		# the stream, so multiple calls will append new packets to @array.
@@ -111,7 +114,7 @@ module PacketFu
 		#   :filter
 		#     Provide a bpf filter to apply to packets moving from @stream to @array.
 		def wire_to_array(args={})
-			filter = args[:filter]
+			filter = args[:filter] || args[:bpf] || @filter
 			bpf(:filter=>filter) if filter
 			while this_pkt = @stream.next
@@ -146,7 +149,7 @@ module PacketFu
 		#   :quiet
 		#     TODO: Not implemented yet; do less than peek() at the packets.
 		def show_live(args={})
-			filter = args[:filter]
+			filter = args[:filter] || args[:bpf] || @filter
 			save = args[:save]
 			verbose = args[:verbose] || args[:v] || false
 			quiet = args[:quiet] || args[:q] || false # Setting q and v doesn't make a lot of sense but hey.

data/lib/packetfu/packet.rb CHANGED Viewed

@@ -251,7 +251,7 @@ module PacketFu
 			case self.name # Lol ran into case's fancy treatment of classes
 			when /InvalidPacket$/; 0
 			when /EthPacket$/; 1
-			when /IPPacket$/, /ARPPacket$/, /IPv6Packet$/; 2
+			when /IPPacket$/, /ARPPacket$/, /LLDPPacket$/, /IPv6Packet$/; 2
 			when /TCPPacket$/, /UDPPacket$/, /ICMPPacket$/; 3
 			when /HSRPPacket$/; 4
 			else; self.new.headers.size

data/lib/packetfu/protos/eth.rb CHANGED Viewed

@@ -21,7 +21,7 @@ module PacketFu
 		def self.can_parse?(str)
 			# XXX Temporary fix. Need to extend the EthHeader class to handle more.
-			valid_eth_types = [0x0800, 0x0806, 0x86dd]
+			valid_eth_types = [0x0800, 0x0806, 0x86dd, 0x88cc]
 			return false unless str.size >= 14
 			type = str[12,2].unpack("n").first rescue nil
 			return false unless valid_eth_types.include? type

data/lib/packetfu/protos/icmp.rb CHANGED Viewed

@@ -42,7 +42,7 @@ module PacketFu
 		attr_accessor :eth_header, :ip_header, :icmp_header
 		def self.can_parse?(str)
-			return false unless str.size >= 54
+			return false unless str.size >= 38
 			return false unless EthPacket.can_parse? str
 			return false unless IPPacket.can_parse? str
 			return false unless str[23,1] == "\x01"

data/lib/packetfu/protos/lldp.rb ADDED Viewed

@@ -0,0 +1,59 @@
+require 'packetfu/protos/eth/header'
+require 'packetfu/protos/eth/mixin'
+require 'packetfu/protos/lldp/header'
+require 'packetfu/protos/lldp/mixin'
+module PacketFu
+  class LLDPPacket < Packet
+    include ::PacketFu::EthHeaderMixin
+    include ::PacketFu::LLDPHeaderMixin
+    attr_accessor :eth_header, :lldp_header
+    def self.can_parse?(str)
+      return false unless EthPacket.can_parse? str
+      return false unless str.size >= 6
+      return false unless str[12,2] == "\x88\xcc"
+      return false unless str =~ /^\x01\x80\xc2\x00\x00[\x0e\x03\x00]/
+      true
+    end
+    def read(str=nil,args={})
+      raise "Cannot parse `#{str}'" unless self.class.can_parse?(str)
+      @eth_header.read(str)
+      super(args)
+      self
+    end
+    def initialize(args={})
+      @eth_header = EthHeader.new(args).read(args[:eth])
+      @lldp_header = LLDPHeader.new(args).read(args[:lldp])
+      @eth_header.eth_proto = "\x88\xCC"
+      @eth_header.body=@lldp_header
+      @headers = [@eth_header, @lldp_header]
+      super
+    end
+    # Generates summary data for LLDP packets.
+    def peek_format
+      peek_data = ["A  "]
+      peek_data << "%-5d" % self.to_s.size
+      peek_data << lldp_saddr_mac
+      peek_data << "(#{lldp_saddr_mac})"
+      peek_data << "->"
+      peek_data << "01:80:c2:00:00:0e"
+      peek_data.join
+    end
+    # While there are lengths in LLDPPackets, there's not
+    # much to do with them.
+    def recalc(args={})
+      @headers[0].inspect
+    end
+  end
+end
+# vim: nowrap sw=2 sts=0 ts=2 ff=unix ft=ruby

data/lib/packetfu/protos/lldp/header.rb ADDED Viewed

@@ -0,0 +1,250 @@
+module PacketFu
+  # LLDPHeader is a complete LLDP struct, used in LLDPPacket.
+  class LLDPHeader < Struct.new(:lldp_chassis_id_type, :lldp_chassis_id, :lldp_port_id_type, :lldp_port_id, :lldp_ttl, :lldp_port_description, :lldp_system_name, :lldp_system_description, :lldp_capabilty, :lldp_enabled_capability, :lldp_address_type, :lldp_address, :lldp_interface_type, :lldp_interface, :lldp_oid)
+    include StructFu
+    def initialize(args={})
+      src_mac = (args[:lldp_port_id] if :lldp_port_id_type == 3) || (args[:config][:eth_src] if args[:config])
+      src_ip_bin = (args[:lldp_address] if :lldp_address_type == 1) || (args[:config][:ip_src_bin] if args[:config])
+      super(Int8.new(args[:lldp_chassis_id_type] || 4),
+      StructFu::String.new.read(:lldp_chassis_id),
+      Int8.new(args[:lldp_port_id_type] || 3),
+      EthMac.new.read(src_mac),
+      Int16.new(args[:lldp_ttl] || 120),
+      StructFu::String.new.read(:lldp_port_description) || "",
+      StructFu::String.new.read(:lldp_system_name) || "",
+      StructFu::String.new.read(:lldp_system_description) || "",
+      Int16.new(args[:lldp_capabilty] || 0x0080),
+      Int16.new(args[:lldp_enabled_capability] || 0x0080),
+      Int8.new(args[:lldp_address_type] || 1),
+      StructFu::String.new.read(:lldp_address) || src_ip_bin,
+      Int8.new(args[:lldp_interface_type] || 2),
+      Int32.new(args[:lldp_interface]),
+      StructFu::String.new.read(:lldp_oid) || ""
+      )
+    end
+    # Returns the object in string form.
+    def to_s
+      self.to_a.map {|x| x.to_s}.join
+    end
+    # Reads a string to populate the object.
+    def read(str)
+      force_binary(str)
+      return self if str.nil?
+      index = 0
+      #check for lldp pdu end
+      while (str[index,2] != "\x00\x00") && (index+2 < str.size)
+        tlv_known = false
+        #chassis subtype
+        if str[index,1] == "\x02"
+          tlv_known = true
+          tlv_length = str[index+1,1].unpack("U*").join.to_i
+          self[:lldp_chassis_id_type].read(str[index+2,1])
+          self[:lldp_chassis_id].read(str[index+3, tlv_length - 1])
+          index += tlv_length + 2
+        end
+        #port subtype
+        if str[index,1] == "\x04"
+          tlv_known = true
+          tlv_length = str[index+1,1].unpack("U*").join.to_i
+          self[:lldp_port_id_type].read(str[index+2,1])
+          self[:lldp_port_id].read(str[index+3, tlv_length - 1])
+          index += tlv_length + 2
+        end
+        #ttl subtype
+        if str[index,1] == "\x06"
+          tlv_known = true
+          tlv_length = str[index+1,1].unpack("U*").join.to_i
+          self[:lldp_ttl].read(str[index+2, tlv_length])
+          index += tlv_length + 2
+        end
+        #port description
+        if str[index,1] == "\x08"
+          tlv_known = true
+          tlv_length = str[index+1,1].unpack("U*").join.to_i
+          self[:lldp_port_description].read(str[index+2, tlv_length])
+          index += tlv_length + 2
+        end
+        #system name
+        if str[index,1] == "\x0a"
+          tlv_known = true
+          tlv_length = str[index+1,1].unpack("U*").join.to_i
+          self[:lldp_system_name].read(str[index+2, tlv_length])
+          index += tlv_length + 2
+        end
+        #system description
+        if str[index,1] == "\x0c"
+          tlv_known = true
+          tlv_length = str[index+1,1].unpack("U*").join.to_i
+          self[:lldp_system_description].read(str[index+2, tlv_length])
+          index += tlv_length + 2
+        end
+        #system capabilities
+        if str[index,1] == "\x0e"
+          tlv_known = true
+          tlv_length = str[index+1,1].unpack("U*").join.to_i
+          self[:lldp_capabilty].read(str[index+2, 2])
+          self[:lldp_enabled_capability].read(str[index+4, 2])
+          index += tlv_length + 2
+        end
+        #management address
+        if str[index,1] == "\x10"
+          tlv_known = true
+          tlv_length = str[index + 1,1].unpack("U*").join.to_i
+          addr_length = str[index + 2, 1].unpack("U*").join.to_i
+          self[:lldp_address_type].read(str[index + 3, 1])
+          self[:lldp_address].read(str[index + 4,addr_length - 1])
+          self[:lldp_interface_type].read(str[index + addr_length + 3, 1].unpack("U*").join.to_i)
+          self[:lldp_interface].read(str[index + addr_length + 4, 4])
+          oid_string_length = str[index + addr_length + 8, 1].unpack("U*").join.to_i
+          if oid_string_length > 0
+            self[:lldp_oid].read(str[index + addr_length + 9, oid_string_length])
+          end
+          index += tlv_length + 2
+        end
+        #if tlv type is unknown jump over it
+        unless tlv_known
+          tlv_length = str[index+1,1].unpack("U*").join.to_i
+          index += tlv_length + 2
+        end
+      end
+      self
+    end
+    # Setter for the LLDP chassis id type.
+    def lldp_chassis_id_type=(i); typecast i; end
+    # Getter for the LLDP chassis id type.
+    def lldp_chassis_id_type; self[:lldp_chassis_id_type].to_i; end
+    # Setter for the LLDP chassis id.
+    def lldp_chassis_id=(i); typecast i; end
+    # Getter for the LLDP chassis id .
+    def lldp_chassis_id_readable()
+      if self[:lldp_chassis_id_type].to_i == 4
+        return EthHeader.str2mac(self[:lldp_chassis_id].to_s)
+      else
+        return self[:lldp_chassis_id].to_s
+      end
+    end
+    # Setter for the LLDP port id type.
+    def lldp_port_id_type=(i); typecast i; end
+    # Getter for the LLDP port id type.
+    def lldp_port_id_type; self[:lldp_port_id_type].to_i; end
+    # Setter for the LLDP port id .
+    def lldp_port_id=(i); typecast i; end
+    # Getter for the LLDP port id.
+    def lldp_port_id_readable()
+      #if mac addr
+      if self[:lldp_port_id_type].to_i == 3
+        return EthHeader.str2mac(self[:lldp_port_id].to_s)
+      else
+        return self[:lldp_port_id].to_s
+      end
+    end
+    # Set the source MAC address in a more readable way.
+    def lldp_saddr_mac=(mac)
+      mac = EthHeader.mac2str(mac)
+      self[:lldp_port_id_type] = 3
+      self[:lldp_port_id].read(mac)
+      self.lldp_port_id
+    end
+    # Setter for the LLDP ttl.
+    def lldp_ttl=(i); typecast i; end
+    # Getter for the LLDP ttl.
+    def lldp_ttl; self[:lldp_ttl].to_i; end
+    # Setter for the LLDP port description.
+    def lldp_port_description=(i); typecast i; end
+    # Getter for the LLDP port description.
+    def lldp_port_description; self[:lldp_port_description].to_s; end
+    # Setter for the LLDP system name.
+    def lldp_system_name=(i); typecast i; end
+    # Getter for the LLDP system name.
+    def lldp_system_name; self[:lldp_system_name].to_s; end
+    # Setter for the LLDP system description.
+    def lldp_system_description=(i); typecast i; end
+    # Getter for the LLDP system description.
+    def lldp_system_description; self[:lldp_system_description].to_s; end
+    # Setter for the LLDP capability.
+    def lldp_capabilty=(i); typecast i; end
+    # Setter for the LLDP enabled capability.
+    def lldp_enabled_capability=(i); typecast i; end
+    # Setter for the LLDP address type.
+    def lldp_address_type=(i); typecast i; end
+    # Getter for the LLDP address type.
+    def lldp_address_type; self[:lldp_address_type].to_i; end
+    # Setter for the LLDP interface type.
+    def lldp_interface_type=(i); typecast i; end
+    # Getter for the LLDP interface type.
+    def lldp_interface_type; self[:lldp_interface_type].to_i; end
+    # Setter for the LLDP interface.
+    def lldp_interface=(i); typecast i; end
+    # Getter for the LLDP interface type.
+    def lldp_interface; self[:lldp_interface].to_i; end
+    # Setter for the LLDP oid.
+    def lldp_oid=(i); typecast i; end
+    # Getter for the LLDP oid type.
+    def lldp_oid; self[:lldp_oid].to_i; end
+    # Get a more readable source MAC address.
+    def lldp_saddr_mac
+      EthHeader.str2mac(self[:lldp_port_id].to_s)
+    end
+    # Set a more readable source IP address.
+    def lldp_saddr_ip=(addr)
+      self[:lldp_address_type] = 1
+      self[:lldp_address].read_quad(addr)
+    end
+    # Get a more readable source IP address.
+    def lldp_saddr_ip
+      #ipv4 or ipv6
+      if (self[:lldp_address_type].to_i == 1) or (self[:lldp_address_type].to_i == 2)
+        begin
+          IPAddr::ntop(self[:lldp_address])
+        rescue
+          self[:lldp_address]
+        end
+      elsif  self[:lldp_address_type].to_i == 6
+        #mac
+        EthHeader.str2mac(self[:lldp_address].to_s)
+      end
+    end
+    def lldp_address_type_readable
+      case lldp_address_type
+      when 1
+        "IPv4"
+      when 2
+        "IPv6"
+      when 6
+        "MAC"
+      else
+        lldp_address_type
+      end
+    end
+    def lldp_capabilty_readable
+      "0x%04x" % lldp_capabilty
+    end
+    def lldp_enabled_capability_readable
+      "0x%04x" % lldp_enabled_capability
+    end
+    # Readability aliases
+    alias :lldp_chassis_id :lldp_saddr_mac
+    alias :lldp_address :lldp_saddr_ip
+  end # class LLDPHeader
+end

data/lib/packetfu/protos/lldp/mixin.rb ADDED Viewed

@@ -0,0 +1,55 @@
+module PacketFu
+  # This Mixin simplifies access to the LLDPHeaders. Mix this in with your
+  # packet interface, and it will add methods that essentially delegate to
+  # the 'lldp_header' method (assuming that it is a LLDPHeader object)
+  module LLDPHeaderMixin
+    def lldp_chassis_id_type=(v); self.lldp_header.lldp_chassis_id_type= v; end
+    def lldp_chassis_id_type; self.lldp_header.lldp_chassis_id_type; end
+    def lldp_chassis_id=(v); self.lldp_header.lldp_chassis_id= v; end
+    def lldp_chassis_id; self.lldp_header.lldp_chassis_id_readable(); end
+    def lldp_port_id_type=(v); self.lldp_header.lldp_port_id_type= v; end
+    def lldp_port_id_type; self.lldp_header.lldp_port_id_type; end
+    def lldp_port_id=(v); self.lldp_header.lldp_port_id= v; end
+    def lldp_port_id; self.lldp_header.lldp_port_id_readable(); end
+    def lldp_ttl=(v); self.lldp_header.lldp_ttl= v; end
+    def lldp_ttl; self.lldp_header.lldp_ttl; end
+    def lldp_port_description=(v); self.lldp_header.lldp_port_description= v; end
+    def lldp_port_description; self.lldp_header.lldp_port_description; end
+    def lldp_system_name=(v); self.lldp_header.lldp_system_name= v; end
+    def lldp_system_name; self.lldp_header.lldp_system_name; end
+    def lldp_system_description=(v); self.lldp_header.lldp_system_description= v; end
+    def lldp_system_description; self.lldp_header.lldp_system_description; end
+    def lldp_capabilty=(v); self.lldp_header.lldp_capabilty= v; end
+    def lldp_capabilty; self.lldp_header.lldp_capabilty_readable(); end
+    def lldp_enabled_capability=(v); self.lldp_header.lldp_enabled_capability= v; end
+    def lldp_enabled_capability; self.lldp_header.lldp_enabled_capability_readable(); end
+    def lldp_address_type=(v); self.lldp_header.lldp_address_type= v; end
+    def lldp_address_type; self.lldp_header.lldp_address_type; end
+    def lldp_address=(v); self.lldp_header.lldp_saddr_ip= v; end
+    def lldp_address; self.lldp_header.lldp_saddr_ip(); end
+    def lldp_interface_type=(v); self.lldp_header.lldp_interface_type= v; end
+    def lldp_interface_type; self.lldp_header.lldp_interface_type; end
+    def lldp_interface=(v); self.lldp_header.lldp_interface= v; end
+    def lldp_interface; self.lldp_header.lldp_interface; end
+    def lldp_oid=(v); self.lldp_header.lldp_oid= v; end
+    def lldp_oid; self.lldp_header.lldp_oid; end
+    def lldp_saddr_mac=(v); self.lldp_header.lldp_saddr_mac= v; end
+    def lldp_saddr_mac; self.lldp_header.lldp_saddr_mac; end
+    def lldp_saddr_ip=(v); self.lldp_header.lldp_saddr_ip= v; end
+    def lldp_saddr_ip; self.lldp_header.lldp_saddr_ip(); end
+  end
+end

data/lib/packetfu/utils.rb CHANGED Viewed

@@ -53,6 +53,12 @@ module PacketFu
 			cap_thread.value
 		end
+		# Since 177/8 is IANA reserved (for now), this network should
+		# be handled by your default gateway and default interface.
+		def self.rand_routable_daddr
+			IPAddr.new((rand(16777216) + 2969567232), Socket::AF_INET)
+		end
 		# Discovers the local IP and Ethernet address, which is useful for writing
 		# packets you expect to get a response to. Note, this is a noisy
 		# operation; a UDP packet is generated and dropped on to the default (or named)
@@ -74,8 +80,6 @@ module PacketFu
 		#    you will need to specify a target which will use this interface.
 		#   :target => "1.2.3.4"
 		#    A target IP address. By default, a packet will be sent to a random address in the 177/8 network.
-		#    Since this network is IANA reserved (for now), this network should be handled by your default gateway
-		#    and default interface.
 		def self.whoami?(args={})
 			unless args.kind_of? Hash
 				raise ArgumentError, "Argument to `whoami?' must be a Hash"
@@ -83,7 +87,7 @@ module PacketFu
 			if args[:iface].to_s =~ /^lo/ # Linux loopback more or less. Need a switch for windows loopback, too.
 				dst_host = "127.0.0.1"
 			else
-				dst_host = (args[:target] || IPAddr.new((rand(16777216) + 2969567232), Socket::AF_INET).to_s)
+				dst_host = (args[:target] || rand_routable_daddr.to_s)
 			end
 			dst_port = rand(0xffff-1024)+1024

data/lib/packetfu/version.rb CHANGED Viewed

@@ -1,7 +1,7 @@
 module PacketFu
 	# Check the repo's for version release histories
-	VERSION = "1.1.6"
+	VERSION = "1.1.8"
 	# Returns PacketFu::VERSION
 	def self.version

data/packetfu.gemspec CHANGED Viewed

@@ -2,20 +2,20 @@ require 'rake'
 Gem::Specification.new do |s|
   s.name        = 'packetfu'
-  s.version     = '1.1.6'
+  s.version     = '1.1.8'
   s.authors     = ['Tod Beardsley']
   s.email       = 'todb@packetfu.com'
   s.summary     = 'PacketFu is a mid-level packet manipulation library.'
   s.homepage    = 'https://github.com/todb/packetfu'
   s.description = %q{PacketFu is a mid-level packet manipulation library for Ruby. With it, users can read, parse, and write network packets with the level of ease and fun they expect from Ruby. Note that this gem does not automatically require pcaprub, since users may install pcaprub through non-gem means.}
   s.files       = `git ls-files`.split($/)
-	s.license     = 'BSD'
+  s.license     = 'BSD'
   s.add_development_dependency('pcaprub', '>= 0.9.2')
   s.add_development_dependency('rspec',   '>= 2.6.2')
   s.add_development_dependency('sdoc',    '>= 0.2.0')
   s.extra_rdoc_files  = %w[.document README.rdoc]
-  s.test_files        = (s.files & Dir['test/test_*.rb'])
+  s.test_files        = (s.files & (Dir['spec/**/*_spec.rb'] + Dir['test/test_*.rb']) )
   s.rubyforge_project = 'packetfu'
 end

data/{test → spec}/ethpacket_spec.rb RENAMED Viewed

@@ -6,7 +6,7 @@ include PacketFu
 describe EthPacket, "when read from a pcap file" do
 	before :all do
-		parsed_packets = PcapFile.read_packets(File.join(".","sample.pcap"))
+		parsed_packets = PcapFile.read_packets(File.join(File.dirname(__FILE__),"sample.pcap"))
 		@eth_packet = parsed_packets.first
 	end
@@ -61,7 +61,7 @@ describe EthPacket, "when read from a pcap file" do
 	context "isn't a regular Ethernet packet" do
 		subject {
-			parsed_packets = PcapFile.read_packets(File.join(".","vlan-pcapr.cap"))
+			parsed_packets = PcapFile.read_packets(File.join(File.dirname(__FILE__),"vlan-pcapr.cap"))
 			parsed_packets.first
 		}

data/{test → spec}/packet_spec.rb RENAMED Viewed

File without changes

data/{test → spec}/packet_subclasses_spec.rb RENAMED Viewed

File without changes

data/{test → spec}/packetfu_spec.rb RENAMED Viewed

@@ -1,16 +1,11 @@
 $:.unshift File.join(File.expand_path(File.dirname(__FILE__)), "..", "lib")
 require 'packetfu'
-unless %x{#{$0} --version} =~ /^2\.6/
-	puts "PacketFu needs rspec 2.6 or so."
-	exit 1
-end
 describe PacketFu, "version information" do
 	it "reports a version number" do
 		PacketFu::VERSION.should match /^1\.[0-9]\.[0-9]$/
 	end
-	its(:version) {should eq PacketFu::VERSION}
+	its(:version) {should eq PacketFu::VERSION}
 	it "can compare version strings" do
 		PacketFu.binarize_version("1.2.3").should == 0x010203

data/spec/sample.pcap ADDED Viewed

Binary file

data/spec/sample2.pcap ADDED Viewed

Binary file

data/{test → spec}/structfu_spec.rb RENAMED Viewed

File without changes

data/{test → spec}/tcp_spec.rb RENAMED Viewed

@@ -27,7 +27,7 @@ end
 describe TCPPacket do
 	subject do
-		bytes = PcapFile.file_to_array("sample2.pcap")[2]
+		bytes = PcapFile.file_to_array(File.join(File.dirname(__FILE__), "sample2.pcap"))[2]
 		packet = Packet.parse(bytes)
 	end

data/spec/vlan-pcapr.cap ADDED Viewed

Binary file

data/test/func_lldp.rb ADDED Viewed

@@ -0,0 +1,25 @@
+#!/usr/bin/ruby
+# Functional test script contributed by @dmaciejak
+# Still need a real test set.
+$:.unshift File.join(File.expand_path(File.dirname(__FILE__)), "..", "lib")
+require 'packetfu'
+def lldp_pcap
+	fname = "./sample_lldp.pcap"
+	fname if File.readable? fname
+end
+def lldp_test()
+	raise RuntimeError, "Need a sample_lldp.pcap to check!" unless lldp_pcap
+  cap = PacketFu::PcapFile.new.file_to_array(:filename => lldp_pcap)
+  cap.each do |p|
+        pkt = PacketFu::Packet.parse p
+        if pkt.is_lldp?
+          packet_info = [pkt.proto.last, pkt.lldp_capabilty, pkt.lldp_address_type_readable, pkt.lldp_address, pkt.lldp_interface_type, pkt.lldp_interface]
+          puts "%s | %15s | %15s | %15s | %15s | %15s |" % packet_info
+        end
+  end
+end
+lldp_test()

data/test/sample_lldp.pcap ADDED Viewed

Binary file

data/test/test_capture.rb ADDED Viewed

@@ -0,0 +1,58 @@
+#!/usr/bin/env ruby
+require 'test/unit'
+$:.unshift File.join(File.expand_path(File.dirname(__FILE__)), "..", "lib")
+require 'packetfu'
+class CaptureTest < Test::Unit::TestCase
+	def test_cap
+		assert_nothing_raised { PacketFu::Capture }
+	end
+	def test_whoami
+		assert_nothing_raised { PacketFu::Utils.whoami?(:iface => (ENV['IFACE'] || 'lo')) }
+	end
+	def test_new
+		cap = PacketFu::Capture.new
+		assert_kind_of PacketFu::Capture, cap
+		cap = PacketFu::Capture.new(
+			:filter => 'tcp and dst host 1.2.3.4'
+		)
+	end
+	def test_filter
+		daddr = PacketFu::Utils.rand_routable_daddr.to_s
+		cap = PacketFu::Capture.new( :filter => "icmp and dst host #{daddr}")
+		cap.start
+		%x{ping -c 1 #{daddr}}
+		sleep 1
+		cap.save
+		assert cap.array.size == 1
+		pkt = PacketFu::Packet.parse(cap.array.first)
+		assert pkt.ip_daddr == daddr
+	end
+	def test_no_filter
+		daddr = PacketFu::Utils.rand_routable_daddr.to_s
+		daddr2 = PacketFu::Utils.rand_routable_daddr.to_s
+		cap = PacketFu::Capture.new
+		cap.start
+		%x{ping -c 1 #{daddr}}
+		%x{ping -c 1 #{daddr2}}
+		sleep 1
+		cap.save
+		assert cap.array.size > 1
+	end
+	def test_bpf_alias
+		daddr = PacketFu::Utils.rand_routable_daddr.to_s
+		cap = PacketFu::Capture.new( :filter => "icmp and dst host #{daddr}")
+		assert cap.filter.object_id == cap.bpf.object_id
+	end
+end
+# vim: nowrap sw=2 sts=0 ts=2 ff=unix ft=ruby

data/test/test_icmp.rb CHANGED Viewed

@@ -44,11 +44,19 @@ class ICMPTest < Test::Unit::TestCase
 	def test_icmp_read
 		sample_packet = PcapFile.new.file_to_array(:f => 'sample.pcap')[2]
 		pkt = Packet.parse(sample_packet)
+		assert pkt.is_icmp?
 		assert_kind_of ICMPPacket, pkt
 		assert_equal(0x4d58, pkt.icmp_sum.to_i)
 		assert_equal(8, pkt.icmp_type.to_i)
 	end
+	def test_icmp_reread
+		sample_packet = PacketFu::ICMPPacket.new
+		pkt = Packet.parse(sample_packet.to_s)
+		assert sample_packet.is_icmp?
+		assert pkt.is_icmp?
+	end
 end
 # vim: nowrap sw=2 sts=0 ts=2 ff=unix ft=ruby

data/test/test_tcp.rb CHANGED Viewed

@@ -85,6 +85,18 @@ class TcpFlagsTest < Test::Unit::TestCase
 		assert_equal(0x12, t.to_i)
 	end
+	def test_tcp_flags_unset
+		t = TcpFlags.new
+		assert_kind_of TcpFlags, t
+		t.syn = 1
+		assert_equal(0x02, t.to_i)
+		t.syn = 0
+		assert_equal(0x00, t.to_i)
+		t.syn = 1
+		t.syn = false
+		assert_equal(0x00, t.to_i)
+	end
 	def test_tcp_flags_read
 		t = TcpFlags.new
 		t.read("\x11")
@@ -312,6 +324,14 @@ class TCPPacketTest < Test::Unit::TestCase
 		stripped.read(str, :strip => true)
 		assert_equal 16, stripped.tcp_header.body.length
 	end
+	def test_tcp_reread
+		sample_packet = PacketFu::TCPPacket.new
+		pkt = Packet.parse(sample_packet.to_s)
+		assert sample_packet.is_tcp?
+		assert pkt.is_tcp?
+	end
 end
 class TCPPacketTest < Test::Unit::TestCase

data/test/test_udp.rb CHANGED Viewed

@@ -85,6 +85,14 @@ class UDPTest < Test::Unit::TestCase
 		pkt.to_f('udp_test.pcap','a')
 	end
+	def test_udp_reread
+		sample_packet = PacketFu::UDPPacket.new
+		pkt = Packet.parse(sample_packet.to_s)
+		assert sample_packet.is_udp?
+		assert pkt.is_udp?
+	end
 end
 # vim: nowrap sw=2 sts=0 ts=2 ff=unix ft=ruby

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: packetfu
 version: !ruby/object:Gem::Version
-  version: 1.1.6
+  version: 1.1.8
   prerelease:
 platform: ruby
 authors:
@@ -9,11 +9,11 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2012-10-27 00:00:00.000000000 Z
+date: 2013-06-06 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: pcaprub
-  requirement: &12628060 !ruby/object:Gem::Requirement
+  requirement: !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -21,10 +21,15 @@ dependencies:
         version: 0.9.2
   type: :development
   prerelease: false
-  version_requirements: *12628060
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: 0.9.2
 - !ruby/object:Gem::Dependency
   name: rspec
-  requirement: &12627260 !ruby/object:Gem::Requirement
+  requirement: !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -32,10 +37,15 @@ dependencies:
         version: 2.6.2
   type: :development
   prerelease: false
-  version_requirements: *12627260
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: 2.6.2
 - !ruby/object:Gem::Dependency
   name: sdoc
-  requirement: &12626240 !ruby/object:Gem::Requirement
+  requirement: !ruby/object:Gem::Requirement
     none: false
     requirements:
     - - ! '>='
@@ -43,7 +53,12 @@ dependencies:
         version: 0.2.0
   type: :development
   prerelease: false
-  version_requirements: *12626240
+  version_requirements: !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: 0.2.0
 description: PacketFu is a mid-level packet manipulation library for Ruby. With it,
   users can read, parse, and write network packets with the level of ease and fun
   they expect from Ruby. Note that this gem does not automatically require pcaprub,
@@ -57,9 +72,11 @@ extra_rdoc_files:
 files:
 - .document
 - .gitignore
+- .mailmap
 - INSTALL.rdoc
 - LICENSE.txt
 - README.rdoc
+- Rakefile
 - bench/after-2012-07-28.txt
 - bench/before-2012-07-28.txt
 - bench/benchit.rb
@@ -110,6 +127,9 @@ files:
 - lib/packetfu/protos/ipv6.rb
 - lib/packetfu/protos/ipv6/header.rb
 - lib/packetfu/protos/ipv6/mixin.rb
+- lib/packetfu/protos/lldp.rb
+- lib/packetfu/protos/lldp/header.rb
+- lib/packetfu/protos/lldp/mixin.rb
 - lib/packetfu/protos/tcp.rb
 - lib/packetfu/protos/tcp/ecn.rb
 - lib/packetfu/protos/tcp/flags.rb
@@ -127,19 +147,25 @@ files:
 - lib/packetfu/version.rb
 - packetfu.gemspec
 - setup.rb
+- spec/ethpacket_spec.rb
+- spec/packet_spec.rb
+- spec/packet_subclasses_spec.rb
+- spec/packetfu_spec.rb
+- spec/sample.pcap
+- spec/sample2.pcap
+- spec/structfu_spec.rb
+- spec/tcp_spec.rb
+- spec/vlan-pcapr.cap
 - test/all_tests.rb
-- test/ethpacket_spec.rb
-- test/packet_spec.rb
-- test/packet_subclasses_spec.rb
-- test/packetfu_spec.rb
+- test/func_lldp.rb
 - test/ptest.rb
 - test/sample-ipv6.pcap
 - test/sample.pcap
 - test/sample2.pcap
 - test/sample_hsrp_pcapr.cap
-- test/structfu_spec.rb
-- test/tcp_spec.rb
+- test/sample_lldp.pcap
 - test/test_arp.rb
+- test/test_capture.rb
 - test/test_eth.rb
 - test/test_hsrp.rb
 - test/test_icmp.rb
@@ -175,12 +201,19 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: packetfu
-rubygems_version: 1.8.15
+rubygems_version: 1.8.25
 signing_key:
 specification_version: 3
 summary: PacketFu is a mid-level packet manipulation library.
 test_files:
+- spec/ethpacket_spec.rb
+- spec/packet_spec.rb
+- spec/packet_subclasses_spec.rb
+- spec/packetfu_spec.rb
+- spec/structfu_spec.rb
+- spec/tcp_spec.rb
 - test/test_arp.rb
+- test/test_capture.rb
 - test/test_eth.rb
 - test/test_hsrp.rb
 - test/test_icmp.rb