Class: Mu::Pcap::Packet

Inherits:

Object

• Object
• Mu::Pcap::Packet

Defined in:

lib/mu/pcap/packet.rb

Direct Known Subclasses

Ethernet, IP, SCTP, SCTP::Chunk, SCTP::Parameter, TCP, UDP

Constant Summary

IGNORE_UDP_PORTS =

Remove non-L7/DNS/DHCP traffic if there is L7 traffic. Returns original packets if there is no L7 traffic.

[
    53,      # DNS
    67, 68,  # DHCP
    546, 547 # DHCPv6
]

Instance Attribute Summary

• #payload ⇒ Object

  Returns the value of attribute payload.

• #payload_raw ⇒ Object

  Returns the value of attribute payload_raw.

Class Method Summary

• .isolate_l7(packets) ⇒ Object
• .normalize(packets) ⇒ Object

  Reassemble, reorder, and merge packets.

Instance Method Summary

• #==(other) ⇒ Object
• #deepdup ⇒ Object
• #flow_id ⇒ Object
• #initialize ⇒ Packet constructor

  A new instance of Packet.

• #payload_bytes ⇒ Object

  Get payload as bytes.

• #to_bytes ⇒ Object

Constructor Details

#initialize ⇒ Packet

Returns a new instance of Packet.

# File 'lib/mu/pcap/packet.rb', line 11

def initialize
    @payload = ''
    @payload_raw = ''
end

Instance Attribute Details

#payload ⇒ Object

Returns the value of attribute payload.

# File 'lib/mu/pcap/packet.rb', line 9

def payload
  @payload
end

#payload_raw ⇒ Object

Returns the value of attribute payload_raw.

# File 'lib/mu/pcap/packet.rb', line 9

def payload_raw
  @payload_raw
end

Class Method Details

.isolate_l7(packets) ⇒ Object

# File 'lib/mu/pcap/packet.rb', line 68

def self.isolate_l7 packets
    cleaned_packets = []
    packets.each do |packet|
        if TCP.tcp? packet
            cleaned_packets << packet
        elsif UDP.udp? packet
            src_port = packet.payload.payload.src_port
            dst_port = packet.payload.payload.dst_port
            if not IGNORE_UDP_PORTS.member? src_port and
                not IGNORE_UDP_PORTS.member? dst_port
                cleaned_packets << packet
            end
        elsif SCTP.sctp? packet
            cleaned_packets << packet
        end
    end
    if cleaned_packets.empty?
        return packets
    end
    return cleaned_packets
end

.normalize(packets) ⇒ Object

Reassemble, reorder, and merge packets.

# File 'lib/mu/pcap/packet.rb', line 40

def self.normalize packets
    begin
        packets = TCP.reorder packets
    rescue TCP::ReorderError => e
        Pcap.warning e
    end

    begin
        packets = SCTP.reorder packets
    rescue SCTP::ReorderError => e
        Pcap.warning e
    end

    begin
        packets = TCP.merge packets
    rescue TCP::MergeError => e
        Pcap.warning e
    end
    return packets
end

Instance Method Details

#==(other) ⇒ Object

# File 'lib/mu/pcap/packet.rb', line 97

def == other
    return self.class == other.class && self.payload == other.payload &&
        self.payload_raw == other.payload_raw
end

#deepdup ⇒ Object

# File 'lib/mu/pcap/packet.rb', line 25

def deepdup
    dup = self.dup
    if @payload.respond_to? :deepdup
        dup.payload = @payload.deepdup
    else
        dup.payload = @payload.dup
    end
    return dup
end

#flow_id ⇒ Object

Raises:

• (NotImplementedError)

# File 'lib/mu/pcap/packet.rb', line 35

def flow_id
    raise NotImplementedError
end

#payload_bytes ⇒ Object

Get payload as bytes. If the payload is a parsed object, returns raw payload. Otherwise return unparsed bytes.

# File 'lib/mu/pcap/packet.rb', line 18

def payload_bytes
    if @payload.is_a? String
        return @payload
    end
    return @payload_raw
end

#to_bytes ⇒ Object

# File 'lib/mu/pcap/packet.rb', line 90

def to_bytes
    io = StringIO.new
    write io
    io.close
    return io.string
end