spcap 0.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/.gitignore +17 -0
- data/Gemfile +4 -0
- data/LICENSE.txt +22 -0
- data/README.md +29 -0
- data/Rakefile +12 -0
- data/lib/spcap/factory.rb +19 -0
- data/lib/spcap/file.rb +48 -0
- data/lib/spcap/ipadress.rb +39 -0
- data/lib/spcap/ippacket.rb +94 -0
- data/lib/spcap/logger.rb +5 -0
- data/lib/spcap/packet.rb +21 -0
- data/lib/spcap/tcppacket.rb +67 -0
- data/lib/spcap/version.rb +3 -0
- data/lib/spcap.rb +9 -0
- data/spcap.gemspec +23 -0
- data/test/lib/spcap/file_test.rb +15 -0
- data/test/test_helper.rb +4 -0
- metadata +98 -0
data/.gitignore
ADDED
data/Gemfile
ADDED
data/LICENSE.txt
ADDED
@@ -0,0 +1,22 @@
|
|
1
|
+
Copyright (c) 2013 Bernard Rodier
|
2
|
+
|
3
|
+
MIT License
|
4
|
+
|
5
|
+
Permission is hereby granted, free of charge, to any person obtaining
|
6
|
+
a copy of this software and associated documentation files (the
|
7
|
+
"Software"), to deal in the Software without restriction, including
|
8
|
+
without limitation the rights to use, copy, modify, merge, publish,
|
9
|
+
distribute, sublicense, and/or sell copies of the Software, and to
|
10
|
+
permit persons to whom the Software is furnished to do so, subject to
|
11
|
+
the following conditions:
|
12
|
+
|
13
|
+
The above copyright notice and this permission notice shall be
|
14
|
+
included in all copies or substantial portions of the Software.
|
15
|
+
|
16
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
17
|
+
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
18
|
+
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
|
19
|
+
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
|
20
|
+
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
|
21
|
+
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
|
22
|
+
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
data/README.md
ADDED
@@ -0,0 +1,29 @@
|
|
1
|
+
# Spcap
|
2
|
+
|
3
|
+
TODO: Write a gem description
|
4
|
+
|
5
|
+
## Installation
|
6
|
+
|
7
|
+
Add this line to your application's Gemfile:
|
8
|
+
|
9
|
+
gem 'spcap'
|
10
|
+
|
11
|
+
And then execute:
|
12
|
+
|
13
|
+
$ bundle
|
14
|
+
|
15
|
+
Or install it yourself as:
|
16
|
+
|
17
|
+
$ gem install spcap
|
18
|
+
|
19
|
+
## Usage
|
20
|
+
|
21
|
+
TODO: Write usage instructions here
|
22
|
+
|
23
|
+
## Contributing
|
24
|
+
|
25
|
+
1. Fork it
|
26
|
+
2. Create your feature branch (`git checkout -b my-new-feature`)
|
27
|
+
3. Commit your changes (`git commit -am 'Add some feature'`)
|
28
|
+
4. Push to the branch (`git push origin my-new-feature`)
|
29
|
+
5. Create new Pull Request
|
data/Rakefile
ADDED
@@ -0,0 +1,19 @@
|
|
1
|
+
module Spcap
|
2
|
+
# 1 Internet Control Message Protocol ICMP
|
3
|
+
# 2 Internet Group Management Protocol IGMP
|
4
|
+
# 6 Transmission Control Protocol TCP
|
5
|
+
# 17 User Datagram Protocol UDP
|
6
|
+
# 41 IPv6 encapsulation ENCAP
|
7
|
+
# 89 Open Shortest Path First OSPF
|
8
|
+
# 132 Stream Control Transmission Protocol SCTP
|
9
|
+
class Factory
|
10
|
+
def self.get_packet(time,raw_data,len,linklayer_header_type)
|
11
|
+
if ( ( ( raw_data.getbyte(0) & 0xF0) / 16 ) == 4 )
|
12
|
+
if raw_data.getbyte(9) == 6
|
13
|
+
return TCPPacket.new(time,raw_data,len,linklayer_header_type)
|
14
|
+
end
|
15
|
+
end
|
16
|
+
Logger.warn "Spcap::Factory only support TCP over IPv4 packet other packet are dropped"
|
17
|
+
end
|
18
|
+
end
|
19
|
+
end
|
data/lib/spcap/file.rb
ADDED
@@ -0,0 +1,48 @@
|
|
1
|
+
module Spcap
|
2
|
+
class File
|
3
|
+
# File format :
|
4
|
+
# File header
|
5
|
+
# 4 Magic number
|
6
|
+
# 2,2 Major version Minor version
|
7
|
+
# 4 Time zone offset always set to 0
|
8
|
+
# 4 Time stamp accuracy always set to 0
|
9
|
+
# 4 Snapshot length
|
10
|
+
# 4 Link-layer header type
|
11
|
+
|
12
|
+
MagicNumber = ["A1B2C3D4"].pack("H*")
|
13
|
+
|
14
|
+
def initialize(istream)
|
15
|
+
@istream = istream
|
16
|
+
magic_number = istream.read(4)
|
17
|
+
if magic_number == MagicNumber
|
18
|
+
@unpack_16 = "n"
|
19
|
+
@unpack_32 = "N"
|
20
|
+
else
|
21
|
+
@unpack_16 = "v"
|
22
|
+
@unpack_32 = "V"
|
23
|
+
end
|
24
|
+
@major_version, @minor_version = read16, read16
|
25
|
+
@istream.read(8) # flush unused time_zone_offset_always_0, timestamp_accuracy_always_0,
|
26
|
+
@snapshot_length = read32
|
27
|
+
@linklayer_header_type = read32
|
28
|
+
end
|
29
|
+
|
30
|
+
def read16 ; @istream.read(2).unpack(@unpack_16).first ; end
|
31
|
+
|
32
|
+
def read32 ; @istream.read(4).unpack(@unpack_32).first ; end
|
33
|
+
# Packets header
|
34
|
+
# 4 Time stamp, seconds value
|
35
|
+
# 4 Time stamp, microseconds value
|
36
|
+
# 4 Length of captured packet data
|
37
|
+
# 4 Un-truncated length of the packet data
|
38
|
+
def each
|
39
|
+
until(@istream.eof?)
|
40
|
+
time = Time.at(read32,read32)
|
41
|
+
caplen = read32
|
42
|
+
len = read32
|
43
|
+
raw_data = @istream.read(caplen)
|
44
|
+
yield Packet.new(time,raw_data,len,@linklayer_header_type)
|
45
|
+
end
|
46
|
+
end
|
47
|
+
end
|
48
|
+
end
|
@@ -0,0 +1,39 @@
|
|
1
|
+
module Spcap
|
2
|
+
class IPAddress
|
3
|
+
attr_reader :address
|
4
|
+
|
5
|
+
def initialize(address)
|
6
|
+
@address = address
|
7
|
+
end
|
8
|
+
|
9
|
+
# Return true if two addresses are the same address.
|
10
|
+
def ==(other)
|
11
|
+
@address = other.adress
|
12
|
+
end
|
13
|
+
|
14
|
+
def hash
|
15
|
+
@address.hash
|
16
|
+
end
|
17
|
+
|
18
|
+
# Return host name correspond to this address.
|
19
|
+
def hostname
|
20
|
+
# Not yet implemented
|
21
|
+
to_num_s
|
22
|
+
end
|
23
|
+
|
24
|
+
Return the value of IP address as integer.
|
25
|
+
def to_i
|
26
|
+
@address.unpackt("N").first
|
27
|
+
end
|
28
|
+
|
29
|
+
|
30
|
+
#Return numerical string representation
|
31
|
+
def to_num_s
|
32
|
+
@address.unpack("CCCC").join('.')
|
33
|
+
end
|
34
|
+
|
35
|
+
def to_s
|
36
|
+
to_num_s
|
37
|
+
end
|
38
|
+
end
|
39
|
+
end
|
@@ -0,0 +1,94 @@
|
|
1
|
+
module Spcap
|
2
|
+
class IPPacket < Packet
|
3
|
+
attr_reader :src,:dst,:iph_len,:ip_len,
|
4
|
+
def initialize(time,data,len,datalink)
|
5
|
+
super(time,data,len,datalink)
|
6
|
+
@src = IPAddress.new(@raw_data[12,4])
|
7
|
+
@dst = IPAddress.new(data[16,4])
|
8
|
+
@iph_len = @raw_data.getbyte(0) & 0x0F
|
9
|
+
@ip_len = @raw_data[2,2].unpack("n").first
|
10
|
+
|
11
|
+
end
|
12
|
+
|
13
|
+
|
14
|
+
# Return header length. (Unit: 4 octets)
|
15
|
+
def ip_hlen
|
16
|
+
@raw_data.getbyte(0) & 0x0F
|
17
|
+
end
|
18
|
+
|
19
|
+
# Return data part as String.
|
20
|
+
def ip_data
|
21
|
+
@raw_data[ip_hlen,self.caplen-ip_hlen]
|
22
|
+
end
|
23
|
+
|
24
|
+
#
|
25
|
+
# Return the value of 3-bits IP flag field.
|
26
|
+
def ip_flags
|
27
|
+
@raw_data.getbyte(6) & 0xE0
|
28
|
+
end
|
29
|
+
|
30
|
+
# Return true if Don't Fragment bit is set.
|
31
|
+
def ip_df?
|
32
|
+
(@raw_data.getbyte(6) & 0x40) == 0x40
|
33
|
+
end
|
34
|
+
|
35
|
+
# Return true if More Fragment bit is set.
|
36
|
+
def ip_mf?
|
37
|
+
(self.raw_data.getbyte(6) & 0x20) == 0x20
|
38
|
+
end
|
39
|
+
|
40
|
+
# Return destination IP address as IPAddress.
|
41
|
+
def ip_dst
|
42
|
+
@dst
|
43
|
+
end
|
44
|
+
# Return source IP address as IPAddress.
|
45
|
+
def ip_src
|
46
|
+
@src
|
47
|
+
end
|
48
|
+
|
49
|
+
# Return identification.
|
50
|
+
def ip_id
|
51
|
+
@raw_data[4,4]
|
52
|
+
end
|
53
|
+
|
54
|
+
# Return fragment offset.
|
55
|
+
def ip_off
|
56
|
+
@raw_data[4,4].unpack("n").first & 0xFFF
|
57
|
+
end
|
58
|
+
|
59
|
+
|
60
|
+
# Return the value of protocol field.
|
61
|
+
def ip_proto
|
62
|
+
@raw_data.getbyte(9)
|
63
|
+
end
|
64
|
+
|
65
|
+
# Return the value of checksum field.
|
66
|
+
def ip_sum
|
67
|
+
@raw_data[10,2].unpack("n").fisrt
|
68
|
+
end
|
69
|
+
|
70
|
+
|
71
|
+
# Return the value of TOS field.
|
72
|
+
def ip_tos
|
73
|
+
# TODO
|
74
|
+
end
|
75
|
+
|
76
|
+
|
77
|
+
# Return TTL.
|
78
|
+
def ip_ttl
|
79
|
+
@raw_data.getbyte(8)
|
80
|
+
end
|
81
|
+
|
82
|
+
|
83
|
+
# Return IP version.
|
84
|
+
def ip_ver
|
85
|
+
( @raw_data.getbyte(0) & 0xF0 ) / 16
|
86
|
+
end
|
87
|
+
|
88
|
+
# Return string representation.
|
89
|
+
def to_s
|
90
|
+
"TODO" # TODO
|
91
|
+
end
|
92
|
+
|
93
|
+
end
|
94
|
+
end
|
data/lib/spcap/logger.rb
ADDED
data/lib/spcap/packet.rb
ADDED
@@ -0,0 +1,21 @@
|
|
1
|
+
module Spcap
|
2
|
+
class Packet
|
3
|
+
attr_reader :raw_data, :caplen, :len, :time, :datalink
|
4
|
+
|
5
|
+
def initialize(time,data,len,datalink)
|
6
|
+
@time = time
|
7
|
+
@raw_data = data
|
8
|
+
@caplen = data.length
|
9
|
+
@len = len
|
10
|
+
@datalink = datalink
|
11
|
+
end
|
12
|
+
|
13
|
+
def size ; @len; end
|
14
|
+
def length ; @len; end
|
15
|
+
def ip? ; self.kind_of?(IPPacket) ; end
|
16
|
+
def tcp? ; self.kind_of?(TCPPacket) ; end
|
17
|
+
def udp? ; self.kind_of?(UDPPacket) ; end
|
18
|
+
def time_i ; self.time.to_i; end
|
19
|
+
|
20
|
+
end
|
21
|
+
end
|
@@ -0,0 +1,67 @@
|
|
1
|
+
module Spcap
|
2
|
+
TCP_FLAGS = "UAPRSF"
|
3
|
+
class TCPPacket < IPPacket
|
4
|
+
def initialize(time,data,len,datalink)
|
5
|
+
super(time,data,len,datalink)
|
6
|
+
end
|
7
|
+
|
8
|
+
# Return acknowledgement number.
|
9
|
+
def tcp_ack ; ip_data[8,4].unpack("N").first ; end
|
10
|
+
|
11
|
+
# Return data part as String.
|
12
|
+
def tcp_data ; ip_data[tcp_off,tcp_data_len] ; end
|
13
|
+
|
14
|
+
# Return length of data part.
|
15
|
+
def tcp_data_len ; ip_len - ( ip_hlen * 4 ) - (tcp_hlen * 4) ; end
|
16
|
+
|
17
|
+
# Return destination port number.
|
18
|
+
def tcp_sport ; ip_data[0,2].unpack("n").first ; end
|
19
|
+
def sport ; tcp_sport ; end
|
20
|
+
|
21
|
+
# Return destination port number.
|
22
|
+
def tcp_dport ; ip_data[2,2].unpack("n").first ; end
|
23
|
+
def dport ; tcp_dport ; end
|
24
|
+
|
25
|
+
# Return the value of 6-bits flag field.
|
26
|
+
def tcp_flags ; ( ip_data.getbyte(13) & 0x6F ) ; end
|
27
|
+
|
28
|
+
# Return the value of 6-bits flag field as string like ".A...F".
|
29
|
+
def tcp_flags_s
|
30
|
+
ip_data[13].unpack("B*").first[2,6].
|
31
|
+
chars.zip(TCP_FLAGS.chars).collect { |flag,flag_s|
|
32
|
+
(flag == '0' ? '.' : flag_s)
|
33
|
+
}.join
|
34
|
+
end
|
35
|
+
|
36
|
+
# Return true if flag is set.
|
37
|
+
def tcp_fin? ; flags?(7) ; end
|
38
|
+
def tcp_syn? ; flags?(6) ; end
|
39
|
+
def tcp_rst? ; flags?(5) ; end
|
40
|
+
def tcp_psh? ; flags?(4) ; end
|
41
|
+
def tcp_ack? ; flags?(3) ; end
|
42
|
+
def tcp_urg? ; flags?(2) ; end
|
43
|
+
|
44
|
+
# Return TCP data offset (header length). (Unit: 4-octets)
|
45
|
+
def tcp_hlen ; ( ( ip_data.getbyte(12) & 0XF0) / 16 ) ; end
|
46
|
+
def tcp_off ; tcp_hlen ; end
|
47
|
+
|
48
|
+
# Return sequence number.
|
49
|
+
def tcp_seq ; ( ip_data[4,4].unpack("N").first ) ; end
|
50
|
+
|
51
|
+
# Return the value of checksum field.
|
52
|
+
def tcp_sum ; ( ip_data[16,2].unpack("n").first ) ; end
|
53
|
+
|
54
|
+
# Return urgent pointer.
|
55
|
+
def tcp_urp ; ( ip_data[18,2].unpack("n").first ) ; end
|
56
|
+
|
57
|
+
# Return window size.
|
58
|
+
def tcp_win ; ( ip_data[14,2].unpack("n").first ) ; end
|
59
|
+
|
60
|
+
# Return string representation.
|
61
|
+
def to_s ; "TODO" ; end
|
62
|
+
|
63
|
+
private
|
64
|
+
def flag?(i) ; ip_data[13].unpack("B*").first[i] == '1'; end
|
65
|
+
|
66
|
+
end
|
67
|
+
end
|
data/lib/spcap.rb
ADDED
data/spcap.gemspec
ADDED
@@ -0,0 +1,23 @@
|
|
1
|
+
# coding: utf-8
|
2
|
+
lib = File.expand_path('../lib', __FILE__)
|
3
|
+
$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
4
|
+
require 'spcap/version'
|
5
|
+
|
6
|
+
Gem::Specification.new do |spec|
|
7
|
+
spec.name = "spcap"
|
8
|
+
spec.version = Spcap::VERSION
|
9
|
+
spec.authors = ["Bernard Rodier"]
|
10
|
+
spec.email = ["bernard.rodier@gmail.com"]
|
11
|
+
spec.description = %q{Very simple pcap file handler that is not require native extension}
|
12
|
+
spec.summary = %q{Pure ruby gem without native exstension that handle pcap file produce by pcap library or tcpdump}
|
13
|
+
spec.homepage = ""
|
14
|
+
spec.license = "MIT"
|
15
|
+
|
16
|
+
spec.files = `git ls-files`.split($/)
|
17
|
+
spec.executables = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
|
18
|
+
spec.test_files = spec.files.grep(%r{^(test|spec|features)/})
|
19
|
+
spec.require_paths = ["lib"]
|
20
|
+
|
21
|
+
spec.add_development_dependency "bundler", "~> 1.3"
|
22
|
+
spec.add_development_dependency "rake"
|
23
|
+
end
|
@@ -0,0 +1,15 @@
|
|
1
|
+
require_relative '../../test_helper'
|
2
|
+
|
3
|
+
describe Spcap::File do
|
4
|
+
subject { Spcap::File.new(File.open('test/pcap_files/sample.pcap')) }
|
5
|
+
|
6
|
+
it "must be a Spcap::File" do
|
7
|
+
subject.must_be_instance_of(Spcap::File)
|
8
|
+
end
|
9
|
+
|
10
|
+
it "must handle each without error" do
|
11
|
+
subject.each{|p| }
|
12
|
+
subject.must_respond_to(:each)
|
13
|
+
end
|
14
|
+
|
15
|
+
end
|
data/test/test_helper.rb
ADDED
metadata
ADDED
@@ -0,0 +1,98 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: spcap
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 0.0.1
|
5
|
+
prerelease:
|
6
|
+
platform: ruby
|
7
|
+
authors:
|
8
|
+
- Bernard Rodier
|
9
|
+
autorequire:
|
10
|
+
bindir: bin
|
11
|
+
cert_chain: []
|
12
|
+
date: 2013-08-23 00:00:00.000000000 Z
|
13
|
+
dependencies:
|
14
|
+
- !ruby/object:Gem::Dependency
|
15
|
+
name: bundler
|
16
|
+
requirement: !ruby/object:Gem::Requirement
|
17
|
+
none: false
|
18
|
+
requirements:
|
19
|
+
- - ~>
|
20
|
+
- !ruby/object:Gem::Version
|
21
|
+
version: '1.3'
|
22
|
+
type: :development
|
23
|
+
prerelease: false
|
24
|
+
version_requirements: !ruby/object:Gem::Requirement
|
25
|
+
none: false
|
26
|
+
requirements:
|
27
|
+
- - ~>
|
28
|
+
- !ruby/object:Gem::Version
|
29
|
+
version: '1.3'
|
30
|
+
- !ruby/object:Gem::Dependency
|
31
|
+
name: rake
|
32
|
+
requirement: !ruby/object:Gem::Requirement
|
33
|
+
none: false
|
34
|
+
requirements:
|
35
|
+
- - ! '>='
|
36
|
+
- !ruby/object:Gem::Version
|
37
|
+
version: '0'
|
38
|
+
type: :development
|
39
|
+
prerelease: false
|
40
|
+
version_requirements: !ruby/object:Gem::Requirement
|
41
|
+
none: false
|
42
|
+
requirements:
|
43
|
+
- - ! '>='
|
44
|
+
- !ruby/object:Gem::Version
|
45
|
+
version: '0'
|
46
|
+
description: Very simple pcap file handler that is not require native extension
|
47
|
+
email:
|
48
|
+
- bernard.rodier@gmail.com
|
49
|
+
executables: []
|
50
|
+
extensions: []
|
51
|
+
extra_rdoc_files: []
|
52
|
+
files:
|
53
|
+
- .gitignore
|
54
|
+
- Gemfile
|
55
|
+
- LICENSE.txt
|
56
|
+
- README.md
|
57
|
+
- Rakefile
|
58
|
+
- lib/spcap.rb
|
59
|
+
- lib/spcap/factory.rb
|
60
|
+
- lib/spcap/file.rb
|
61
|
+
- lib/spcap/ipadress.rb
|
62
|
+
- lib/spcap/ippacket.rb
|
63
|
+
- lib/spcap/logger.rb
|
64
|
+
- lib/spcap/packet.rb
|
65
|
+
- lib/spcap/tcppacket.rb
|
66
|
+
- lib/spcap/version.rb
|
67
|
+
- spcap.gemspec
|
68
|
+
- test/lib/spcap/file_test.rb
|
69
|
+
- test/test_helper.rb
|
70
|
+
homepage: ''
|
71
|
+
licenses:
|
72
|
+
- MIT
|
73
|
+
post_install_message:
|
74
|
+
rdoc_options: []
|
75
|
+
require_paths:
|
76
|
+
- lib
|
77
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
78
|
+
none: false
|
79
|
+
requirements:
|
80
|
+
- - ! '>='
|
81
|
+
- !ruby/object:Gem::Version
|
82
|
+
version: '0'
|
83
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
84
|
+
none: false
|
85
|
+
requirements:
|
86
|
+
- - ! '>='
|
87
|
+
- !ruby/object:Gem::Version
|
88
|
+
version: '0'
|
89
|
+
requirements: []
|
90
|
+
rubyforge_project:
|
91
|
+
rubygems_version: 1.8.23
|
92
|
+
signing_key:
|
93
|
+
specification_version: 3
|
94
|
+
summary: Pure ruby gem without native exstension that handle pcap file produce by
|
95
|
+
pcap library or tcpdump
|
96
|
+
test_files:
|
97
|
+
- test/lib/spcap/file_test.rb
|
98
|
+
- test/test_helper.rb
|