Class: PacketFu::ARPPacket

Inherits:

Packet

Object
Packet
PacketFu::ARPPacket

show all

Defined in:: lib/packetfu/protos/arp.rb

Overview

Parameters

:flavor
 Sets the "flavor" of the ARP packet. Choices are currently:
   :windows, :linux, :hp_deskjet 
:eth
 A pre-generated EthHeader object. If not specified, a new one will be created.
:arp
 A pre-generated ARPHeader object. If not specificed, a new one will be created.
:config
 A hash of return address details, often the output of Utils.whoami?

Instance Attribute Summary collapse

#arp_header ⇒ Object

Returns the value of attribute arp_header.
#eth_header ⇒ Object

Returns the value of attribute eth_header.

Attributes inherited from Packet

#flavor, #headers, #iface, #inspect_style

Class Method Summary collapse

.can_parse?(str) ⇒ Boolean

Instance Method Summary collapse

#initialize(args = {}) ⇒ ARPPacket constructor

A new instance of ARPPacket.
#peek_format ⇒ Object

Generates summary data for ARP packets.
#read(str = nil, args = {}) ⇒ Object
#recalc(args = {}) ⇒ Object

While there are lengths in ARPPackets, there’s not much to do with them.

Methods inherited from Packet

#==, #clone, #dissect, #dissection_table, force_binary, #handle_is_identity, #hexify, inherited, #inspect, #inspect_hex, #kind_of?, #layer, layer, #layer_symbol, layer_symbol, #method_missing, #orig_kind_of?, parse, #payload, #payload=, #peek, #proto, #respond_to?, #size, #to_f, #to_pcap, #to_s, #to_w, #write

Constructor Details

#initialize(args = {}) ⇒ `ARPPacket`

Returns a new instance of ARPPacket.

# File 'lib/packetfu/protos/arp.rb', line 206

def initialize(args={})
  @eth_header = EthHeader.new(args).read(args[:eth])
  @arp_header = ARPHeader.new(args).read(args[:arp]) 
  @eth_header.eth_proto = "\x08\x06"
  @eth_header.body=@arp_header

  # Please send more flavors to [email protected].
  # Most of these initial fingerprints come from one (1) sample.
  case (args[:flavor].nil?) ? :nil : args[:flavor].to_s.downcase.intern
  when :windows; @arp_header.body = "\x00" * 64        # 64 bytes of padding 
  when :linux; @arp_header.body = "\x00" * 4 +       # 32 bytes of padding 
    "\x00\x07\x5c\x14" + "\x00" * 4 +
    "\x00\x0f\x83\x34" + "\x00\x0f\x83\x74" +
    "\x01\x11\x83\x78" + "\x00\x00\x00\x0c" + 
    "\x00\x00\x00\x00"
  when :hp_deskjet;                                  # Pads up to 60 bytes.
    @arp_header.body = "\xe0\x90\x0d\x6c" + 
    "\xff\xff\xee\xee" + "\x00" * 4 + 
    "\xe0\x8f\xfa\x18\x00\x20"  
  else; @arp_header.body = "\x00" * 18               # Pads up to 60 bytes.
  end

  @headers = [@eth_header, @arp_header]
  super
end

Dynamic Method Handling

This class handles dynamic methods through the method_missing method in the class PacketFu::Packet

Instance Attribute Details

#arp_header ⇒ `Object`

Returns the value of attribute arp_header.



188
189
190

# File 'lib/packetfu/protos/arp.rb', line 188

def arp_header
  @arp_header
end

#eth_header ⇒ `Object`

Returns the value of attribute eth_header.



188
189
190

# File 'lib/packetfu/protos/arp.rb', line 188

def eth_header
  @eth_header
end

Class Method Details

.can_parse?(str) ⇒ `Boolean`

Returns:

(Boolean)

# File 'lib/packetfu/protos/arp.rb', line 190

def self.can_parse?(str)
  return false unless EthPacket.can_parse? str
  return false unless str.size >= 28
  return false unless str[12,2] == "\x08\x06"
  true
end

Instance Method Details

#peek_format ⇒ `Object`

Generates summary data for ARP packets.

# File 'lib/packetfu/protos/arp.rb', line 233

def peek_format
  peek_data = ["A  "]
  peek_data << "%-5d" % self.to_s.size
  peek_data << arp_saddr_mac
  peek_data << "(#{arp_saddr_ip})"
  peek_data << "->"
  peek_data << case arp_daddr_mac
                when "00:00:00:00:00:00"; "Bcast00"
                when "ff:ff:ff:ff:ff:ff"; "BcastFF"
                else; arp_daddr_mac
                end
  peek_data << "(#{arp_daddr_ip})"
  peek_data << ":"
  peek_data << case arp_opcode
                when 1; "Requ"
                when 2; "Repl"
                when 3; "RReq"
                when 4; "RRpl"
                when 5; "IReq"
                when 6; "IRpl"
                else; "0x%02x" % arp_opcode
                end
  peek_data.join
end

#read(str = nil, args = {}) ⇒ `Object`

# File 'lib/packetfu/protos/arp.rb', line 197

def read(str=nil,args={})
  raise "Cannot parse `#{str}'" unless self.class.can_parse?(str)
  @eth_header.read(str)
  @arp_header.read(str[14,str.size])
  @eth_header.body = @arp_header
  super(args)
  self
end

#recalc(args = {}) ⇒ `Object`

While there are lengths in ARPPackets, there’s not much to do with them.



260
261
262

# File 'lib/packetfu/protos/arp.rb', line 260

def recalc(args={})
  @headers[0].inspect
end