Module: PacketFu

Defined in:
lib/packetfu/pcap.rb,
lib/packetfu/pcap.rb,
lib/packetfu/pcap.rb,
lib/packetfu/utils.rb,
lib/packetfu/common.rb,
lib/packetfu/config.rb,
lib/packetfu/inject.rb,
lib/packetfu/packet.rb,
lib/packetfu/pcapng.rb,
lib/packetfu/capture.rb,
lib/packetfu/version.rb,
lib/packetfu/protos/ip.rb,
lib/packetfu/pcapng/epb.rb,
lib/packetfu/pcapng/idb.rb,
lib/packetfu/pcapng/shb.rb,
lib/packetfu/pcapng/spb.rb,
lib/packetfu/protos/arp.rb,
lib/packetfu/protos/eth.rb,
lib/packetfu/protos/tcp.rb,
lib/packetfu/protos/udp.rb,
lib/packetfu/pcapng/file.rb,
lib/packetfu/protos/hsrp.rb,
lib/packetfu/protos/icmp.rb,
lib/packetfu/protos/ipv6.rb,
lib/packetfu/protos/lldp.rb,
lib/packetfu/pcapng/block.rb,
lib/packetfu/protos/icmpv6.rb,
lib/packetfu/protos/invalid.rb,
lib/packetfu/protos/tcp/ecn.rb,
lib/packetfu/protos/ip/mixin.rb,
lib/packetfu/protos/tcp/hlen.rb,
lib/packetfu/protos/arp/mixin.rb,
lib/packetfu/protos/eth/mixin.rb,
lib/packetfu/protos/ip/header.rb,
lib/packetfu/protos/tcp/flags.rb,
lib/packetfu/protos/tcp/mixin.rb,
lib/packetfu/protos/udp/mixin.rb,
lib/packetfu/protos/arp/header.rb,
lib/packetfu/protos/eth/header.rb,
lib/packetfu/protos/hsrp/mixin.rb,
lib/packetfu/protos/icmp/mixin.rb,
lib/packetfu/protos/ipv6/mixin.rb,
lib/packetfu/protos/lldp/mixin.rb,
lib/packetfu/protos/tcp/header.rb,
lib/packetfu/protos/tcp/option.rb,
lib/packetfu/protos/udp/header.rb,
lib/packetfu/protos/hsrp/header.rb,
lib/packetfu/protos/icmp/header.rb,
lib/packetfu/protos/ipv6/header.rb,
lib/packetfu/protos/lldp/header.rb,
lib/packetfu/protos/tcp/options.rb,
lib/packetfu/protos/icmpv6/mixin.rb,
lib/packetfu/protos/tcp/reserved.rb,
lib/packetfu/pcapng/unknown_block.rb,
lib/packetfu/protos/icmpv6/header.rb

Defined Under Namespace

Modules: ARPHeaderMixin, EthHeaderMixin, HSRPHeaderMixin, ICMPHeaderMixin, ICMPv6HeaderMixin, IPHeaderMixin, IPv6HeaderMixin, LLDPHeaderMixin, PcapNG, TCPHeaderMixin, UDPHeaderMixin Classes: ARPHeader, ARPPacket, AddrIpv6, Capture, Config, EthHeader, EthMac, EthNic, EthOui, EthPacket, HSRPHeader, HSRPPacket, ICMPHeader, ICMPPacket, ICMPv6Header, ICMPv6Packet, IPHeader, IPPacket, IPv6Header, IPv6Packet, Inject, InvalidHeader, InvalidPacket, LLDPHeader, LLDPPacket, Octets, Packet, PcapFile, PcapHeader, PcapPacket, PcapPackets, Read, TCPHeader, TCPPacket, TcpEcn, TcpFlags, TcpHlen, TcpOption, TcpOptions, TcpReserved, Timestamp, UDPHeader, UDPPacket, Utils, Write

Constant Summary collapse

VERSION =

Check the repo’s for version release histories

"2.0.0"

Class Method Summary collapse

Instance Method Summary collapse

Class Method Details

.add_packet_class(klass) ⇒ Object

Adds the class to PacketFu’s list of packet classes – used in packet parsing.



51
52
53
54
55
56
57
58
59
60
 
# File 'lib/packetfu/common.rb', line 51

def self.add_packet_class(klass)
  raise "Need a class" unless klass.kind_of? Class
  if klass.name !~ /[A-Za-z0-9]Packet/
    raise "Packet classes should be named 'ProtoPacket'"
  end
  @packet_classes ||= []
  @packet_classes << klass
  self.clear_packet_groups
  @packet_classes.sort_by! { |x| x.name }
end

.at_least?(str) ⇒ Boolean

Returns true if the version is equal to or greater than the compare version. If the current version of PacketFu is “0.3.1” for example:

PacketFu.at_least? "0"     # => true 
PacketFu.at_least? "0.2.9" # => true 
PacketFu.at_least? "0.3"   # => true 
PacketFu.at_least? "1"     # => true after 1.0's release
PacketFu.at_least? "1.12"  # => false
PacketFu.at_least? "2"     # => false

Returns:

  • (Boolean) 


31
32
33
34
35
 
# File 'lib/packetfu/version.rb', line 31

def self.at_least?(str)
  this_version = binarize_version(self.version)
  ask_version = binarize_version(str)
  this_version >= ask_version
end

.binarize_version(str) ⇒ Object

Returns a version string in a binary format for easy comparisons.



13
14
15
16
17
18
19
20
 
# File 'lib/packetfu/version.rb', line 13

def self.binarize_version(str)
  if(str.respond_to?(:split) && str =~ /^[0-9]+(\.([0-9]+)(\.[0-9]+)?)?\..+$/)
    bin_major,bin_minor,bin_teeny = str.split(/\x2e/).map {|x| x.to_i}
    bin_version = (bin_major.to_i << 16) + (bin_minor.to_i << 8) + bin_teeny.to_i
  else
    raise ArgumentError, "Compare version malformed. Should be \x22x.y.z\x22"
  end
end

.classesObject

Returns an array of classes defined in PacketFu



46
47
48
 
# File 'lib/packetfu/common.rb', line 46

def self.classes
  constants.map { |const| const_get(const) if const_get(const).kind_of? Class}.compact
end

.clear_packet_groupsObject 



95
96
97
98
99
 
# File 'lib/packetfu/common.rb', line 95

def self.clear_packet_groups
  @packet_class_prefixes = nil
  @packet_classes_by_layer = nil
  @packet_classes_by_layer_without_application = nil
end

.force_binary(str) ⇒ Object

Deal with Ruby’s encoding by ignoring it.



7
8
9
 
# File 'lib/packetfu/common.rb', line 7

def self.force_binary(str)
  str.force_encoding Encoding::BINARY if str.respond_to? :force_encoding
end

.inspect_styleObject

The current inspect style. One of :hex, :dissect, or :default Note that :default means Ruby’s default, which is usually far too long to be useful.



110
111
112
 
# File 'lib/packetfu/common.rb', line 110

def self.inspect_style
  @inspect_style ||= :dissect
end

.inspect_style=(arg) ⇒ Object

Setter for PacketFu’s @inspect_style



115
116
117
118
119
120
121
122
123
124
125
126
 
# File 'lib/packetfu/common.rb', line 115

def self.inspect_style=(arg)
  @inspect_style = case arg
    when :hex, :pretty
      :hex
    when :dissect, :verbose
      :dissect
    when :default, :ugly
      :default
    else
      :dissect
    end
end

.newer_than?(str) ⇒ Boolean

Returns true if the current version is newer than the compare version.

Returns:

  • (Boolean) 


46
47
48
49
 
# File 'lib/packetfu/version.rb', line 46

def self.newer_than?(str)
  return false if str == self.version
  !self.older_than?(str)
end

.older_than?(str) ⇒ Boolean

Returns true if the current version is older than the compare version.

Returns:

  • (Boolean) 


38
39
40
41
42
43
 
# File 'lib/packetfu/version.rb', line 38

def self.older_than?(str)
  return false if str == self.version
  this_version = binarize_version(self.version)
  ask_version = binarize_version(str)
  this_version < ask_version
end

.packet_classesObject

Returns an array of packet classes



72
73
74
 
# File 'lib/packetfu/common.rb', line 72

def self.packet_classes
  @packet_classes || []
end

.packet_classes_by_layerObject 



83
84
85
86
87
 
# File 'lib/packetfu/common.rb', line 83

def self.packet_classes_by_layer
  return [] if @packet_classes.nil?
  self.reset_packet_groups unless @packet_classes_by_layer
  @packet_classes_by_layer
end

.packet_classes_by_layer_without_applicationObject 



89
90
91
92
93
 
# File 'lib/packetfu/common.rb', line 89

def self.packet_classes_by_layer_without_application
  return [] if @packet_classes.nil?
  self.reset_packet_groups unless @packet_classes_by_layer_without_application
  @packet_classes_by_layer_without_application
end

.packet_prefixesObject

Returns an array of packet types by packet prefix.



77
78
79
80
81
 
# File 'lib/packetfu/common.rb', line 77

def self.packet_prefixes
  return [] if @packet_classes.nil?
  self.reset_packet_groups unless @packet_class_prefixes
  @packet_class_prefixes
end

.pcaprub_loaded?Boolean

Returns the status of pcaprub

Returns:

  • (Boolean) 


41
42
43
 
# File 'lib/packetfu/common.rb', line 41

def self.pcaprub_loaded?
  @pcaprub_loaded
end

.pcaprub_platform_requireObject

PacketFu works best with Pcaprub version 0.8-dev (at least) The current (Aug 01, 2010) pcaprub gem is 0.9, so should be fine.



19
20
21
22
23
24
25
26
 
# File 'lib/packetfu/common.rb', line 19

def self.pcaprub_platform_require
  begin
    require 'pcaprub'
  rescue LoadError
    return false
  end
  @pcaprub_loaded = true
end

.remove_packet_class(klass) ⇒ Object

Presumably, there may be a time where you’d like to remove a packet class.



63
64
65
66
67
68
69
 
# File 'lib/packetfu/common.rb', line 63

def self.remove_packet_class(klass)
  raise "Need a class" unless klass.kind_of? Class
  @packet_classes ||= []
  @packet_classes.delete klass
  self.clear_packet_groups
  @packet_classes
end

.reset_packet_groupsObject 



101
102
103
104
105
 
# File 'lib/packetfu/common.rb', line 101

def self.reset_packet_groups
	@packet_class_prefixes = @packet_classes.map {|p| p.to_s.split("::").last.to_s.downcase.gsub(/packet$/,"")}
  @packet_classes_by_layer = @packet_classes.sort_by { |pclass| pclass.layer }.reverse
  @packet_classes_by_layer_without_application = @packet_classes_by_layer.reject { |pclass| pclass.layer_symbol == :application }
end

.versionObject

Returns PacketFu::VERSION



8
9
10
 
# File 'lib/packetfu/version.rb', line 8

def self.version
  VERSION
end

Instance Method Details

#toggle_inspectObject

Switches inspect styles in a round-robin fashion between :dissect, :default, and :hex



130
131
132
133
134
135
136
137
138
139
140
141
 
# File 'lib/packetfu/common.rb', line 130

def toggle_inspect
  case @inspect_style
  when :hex, :pretty
    @inspect_style = :dissect
  when :dissect, :verbose
    @inspect_style = :default
  when :default, :ugly
    @inspect_style = :hex
  else
    @inspect_style = :dissect
  end
end