Module: PacketFu

Defined in:
lib/packetfu.rb,
lib/packetfu/pcap.rb,
lib/packetfu/pcap.rb,
lib/packetfu/pcap.rb,
lib/packetfu/utils.rb,
lib/packetfu/packet.rb,
lib/packetfu/config.rb,
lib/packetfu/inject.rb,
lib/packetfu/capture.rb,
lib/packetfu/version.rb,
lib/packetfu/protos/ip.rb,
lib/packetfu/protos/udp.rb,
lib/packetfu/protos/tcp.rb,
lib/packetfu/protos/arp.rb,
lib/packetfu/protos/eth.rb,
lib/packetfu/protos/icmp.rb,
lib/packetfu/protos/hsrp.rb,
lib/packetfu/protos/ipv6.rb,
lib/packetfu/protos/lldp.rb,
lib/packetfu/protos/invalid.rb,
lib/packetfu/protos/tcp/ecn.rb,
lib/packetfu/protos/tcp/hlen.rb,
lib/packetfu/protos/ip/mixin.rb,
lib/packetfu/protos/tcp/mixin.rb,
lib/packetfu/protos/ip/header.rb,
lib/packetfu/protos/arp/mixin.rb,
lib/packetfu/protos/tcp/flags.rb,
lib/packetfu/protos/eth/mixin.rb,
lib/packetfu/protos/udp/mixin.rb,
lib/packetfu/protos/udp/header.rb,
lib/packetfu/protos/eth/header.rb,
lib/packetfu/protos/tcp/option.rb,
lib/packetfu/protos/tcp/header.rb,
lib/packetfu/protos/lldp/mixin.rb,
lib/packetfu/protos/arp/header.rb,
lib/packetfu/protos/icmp/mixin.rb,
lib/packetfu/protos/ipv6/mixin.rb,
lib/packetfu/protos/hsrp/mixin.rb,
lib/packetfu/protos/ipv6/header.rb,
lib/packetfu/protos/icmp/header.rb,
lib/packetfu/protos/lldp/header.rb,
lib/packetfu/protos/hsrp/header.rb,
lib/packetfu/protos/tcp/options.rb,
lib/packetfu/protos/tcp/reserved.rb

Defined Under Namespace

Modules: ARPHeaderMixin, EthHeaderMixin, HSRPHeaderMixin, ICMPHeaderMixin, IPHeaderMixin, IPv6HeaderMixin, LLDPHeaderMixin, TCPHeaderMixin, UDPHeaderMixin Classes: ARPHeader, ARPPacket, AddrIpv6, Capture, Config, EthHeader, EthMac, EthNic, EthOui, EthPacket, HSRPHeader, HSRPPacket, ICMPHeader, ICMPPacket, IPHeader, IPPacket, IPv6Header, IPv6Packet, Inject, InvalidHeader, InvalidPacket, LLDPHeader, LLDPPacket, Octets, Packet, PcapFile, PcapHeader, PcapPacket, PcapPackets, Read, TCPHeader, TCPPacket, TcpEcn, TcpFlags, TcpHlen, TcpOption, TcpOptions, TcpReserved, Timestamp, UDPHeader, UDPPacket, Utils, Write

Constant Summary collapse

VERSION =

Check the repo's for version release histories

"1.1.11"

Class Method Summary collapse

Instance Method Summary collapse

Class Method Details

.add_packet_class(klass) ⇒ Object

Adds the class to PacketFu's list of packet classes – used in packet parsing.


74
75
76
77
78
79
80
81
82
83
# File 'lib/packetfu.rb', line 74

def self.add_packet_class(klass)
  raise "Need a class" unless klass.kind_of? Class
  if klass.name !~ /[A-Za-z0-9]Packet/
    raise "Packet classes should be named 'ProtoPacket'"
  end
  @packet_classes ||= []
  @packet_classes << klass
  self.clear_packet_groups
  @packet_classes.sort_by! { |x| x.name }
end

.at_least?(str) ⇒ Boolean

Returns true if the version is equal to or greater than the compare version. If the current version of PacketFu is “0.3.1” for example:

PacketFu.at_least? "0"     # => true 
PacketFu.at_least? "0.2.9" # => true 
PacketFu.at_least? "0.3"   # => true 
PacketFu.at_least? "1"     # => true after 1.0's release
PacketFu.at_least? "1.12"  # => false
PacketFu.at_least? "2"     # => false

Returns:

  • (Boolean)

31
32
33
34
35
# File 'lib/packetfu/version.rb', line 31

def self.at_least?(str)
  this_version = binarize_version(self.version)
  ask_version = binarize_version(str)
  this_version >= ask_version
end

.binarize_version(str) ⇒ Object

Returns a version string in a binary format for easy comparisons.


13
14
15
16
17
18
19
20
# File 'lib/packetfu/version.rb', line 13

def self.binarize_version(str)
  if(str.respond_to?(:split) && str =~ /^[0-9]+(\.([0-9]+)(\.[0-9]+)?)?\..+$/)
    bin_major,bin_minor,bin_teeny = str.split(/\x2e/).map {|x| x.to_i}
    bin_version = (bin_major.to_i << 16) + (bin_minor.to_i << 8) + bin_teeny.to_i
  else
    raise ArgumentError, "Compare version malformed. Should be \x22x.y.z\x22"
  end
end

.classesObject

Returns an array of classes defined in PacketFu


69
70
71
# File 'lib/packetfu.rb', line 69

def self.classes
  constants.map { |const| const_get(const) if const_get(const).kind_of? Class}.compact
end

.clear_packet_groupsObject


118
119
120
121
122
# File 'lib/packetfu.rb', line 118

def self.clear_packet_groups
  @packet_class_prefixes = nil
  @packet_classes_by_layer = nil
  @packet_classes_by_layer_without_application = nil
end

.force_binary(str) ⇒ Object

Deal with Ruby's encoding by ignoring it.


30
31
32
# File 'lib/packetfu.rb', line 30

def self.force_binary(str)
  str.force_encoding Encoding::BINARY if str.respond_to? :force_encoding
end

.inspect_styleObject

The current inspect style. One of :hex, :dissect, or :default Note that :default means Ruby's default, which is usually far too long to be useful.


133
134
135
# File 'lib/packetfu.rb', line 133

def self.inspect_style
  @inspect_style ||= :dissect
end

.inspect_style=(arg) ⇒ Object

Setter for PacketFu's @inspect_style


138
139
140
141
142
143
144
145
146
147
148
149
# File 'lib/packetfu.rb', line 138

def self.inspect_style=(arg)
  @inspect_style = case arg
    when :hex, :pretty
      :hex
    when :dissect, :verbose
      :dissect
    when :default, :ugly
      :default
    else
      :dissect
    end
end

.newer_than?(str) ⇒ Boolean

Returns true if the current version is newer than the compare version.

Returns:

  • (Boolean)

46
47
48
49
# File 'lib/packetfu/version.rb', line 46

def self.newer_than?(str)
  return false if str == self.version
  !self.older_than?(str)
end

.older_than?(str) ⇒ Boolean

Returns true if the current version is older than the compare version.

Returns:

  • (Boolean)

38
39
40
41
42
43
# File 'lib/packetfu/version.rb', line 38

def self.older_than?(str)
  return false if str == self.version
  this_version = binarize_version(self.version)
  ask_version = binarize_version(str)
  this_version < ask_version
end

.packet_classesObject

Returns an array of packet classes


95
96
97
# File 'lib/packetfu.rb', line 95

def self.packet_classes
  @packet_classes || []
end

.packet_classes_by_layerObject


106
107
108
109
110
# File 'lib/packetfu.rb', line 106

def self.packet_classes_by_layer
  return [] if @packet_classes.nil?
  self.reset_packet_groups unless @packet_classes_by_layer
  @packet_classes_by_layer
end

.packet_classes_by_layer_without_applicationObject


112
113
114
115
116
# File 'lib/packetfu.rb', line 112

def self.packet_classes_by_layer_without_application
  return [] if @packet_classes.nil?
  self.reset_packet_groups unless @packet_classes_by_layer_without_application
  @packet_classes_by_layer_without_application
end

.packet_prefixesObject

Returns an array of packet types by packet prefix.


100
101
102
103
104
# File 'lib/packetfu.rb', line 100

def self.packet_prefixes
  return [] if @packet_classes.nil?
  self.reset_packet_groups unless @packet_class_prefixes
  @packet_class_prefixes
end

.pcaprub_loaded?Boolean

Returns the status of pcaprub

Returns:

  • (Boolean)

64
65
66
# File 'lib/packetfu.rb', line 64

def self.pcaprub_loaded?
  @pcaprub_loaded
end

.pcaprub_platform_requireObject

PacketFu works best with Pcaprub version 0.8-dev (at least) The current (Aug 01, 2010) pcaprub gem is 0.9, so should be fine.


42
43
44
45
46
47
48
49
# File 'lib/packetfu.rb', line 42

def self.pcaprub_platform_require
  begin
    require 'pcaprub'
  rescue LoadError
    return false
  end
  @pcaprub_loaded = true 
end

.remove_packet_class(klass) ⇒ Object

Presumably, there may be a time where you'd like to remove a packet class.


86
87
88
89
90
91
92
# File 'lib/packetfu.rb', line 86

def self.remove_packet_class(klass)
  raise "Need a class" unless klass.kind_of? Class
  @packet_classes ||= []
  @packet_classes.delete klass
  self.clear_packet_groups
  @packet_classes 
end

.require_protos(cwd) ⇒ Object

Picks up all the protocols defined in the protos subdirectory


17
18
19
20
21
22
23
24
25
26
27
# File 'lib/packetfu.rb', line 17

def self.require_protos(cwd)
  protos_dir = File.join(cwd, "packetfu", "protos")
  Dir.new(protos_dir).each do |fname|
    next unless fname[/\.rb$/]
    begin 
      require File.join(protos_dir,fname)
    rescue
      warn "Warning: Could not load `#{fname}'. Skipping."
    end
  end
end

.reset_packet_groupsObject


124
125
126
127
128
# File 'lib/packetfu.rb', line 124

def self.reset_packet_groups
	@packet_class_prefixes = @packet_classes.map {|p| p.to_s.split("::").last.to_s.downcase.gsub(/packet$/,"")}
  @packet_classes_by_layer = @packet_classes.sort_by { |pclass| pclass.layer }.reverse
  @packet_classes_by_layer_without_application = @packet_classes_by_layer.reject { |pclass| pclass.layer_symbol == :application }
end

.versionObject

Returns PacketFu::VERSION


8
9
10
# File 'lib/packetfu/version.rb', line 8

def self.version
  VERSION
end

Instance Method Details

#toggle_inspectObject

Switches inspect styles in a round-robin fashion between :dissect, :default, and :hex


153
154
155
156
157
158
159
160
161
162
163
164
# File 'lib/packetfu.rb', line 153

def toggle_inspect
  case @inspect_style
  when :hex, :pretty
    @inspect_style = :dissect
  when :dissect, :verbose
    @inspect_style = :default
  when :default, :ugly
    @inspect_style = :hex
  else
    @inspect_style = :dissect
  end
end