Class: PacketFu::ARPPacket

Inherits:
Packet
  • Object
show all
Includes:
ARPHeaderMixin, EthHeaderMixin
Defined in:
lib/packetfu/protos/arp.rb

Overview

ARPPacket is used to construct ARP packets. They contain an EthHeader and an ARPHeader.

Example

require 'packetfu'
arp_pkt = PacketFu::ARPPacket.new(:flavor => "Windows")
arp_pkt.arp_saddr_mac="00:1c:23:44:55:66"  # Your hardware address
arp_pkt.arp_saddr_ip="10.10.10.17"  # Your IP address
arp_pkt.arp_daddr_ip="10.10.10.1"  # Target IP address
arp_pkt.arp_opcode=1  # Request

arp_pkt.to_w('eth0')	# Inject on the wire. (requires root)
arp_pkt.to_f('/tmp/arp.pcap') # Write to a file.

Parameters

:flavor
 Sets the "flavor" of the ARP packet. Choices are currently:
   :windows, :linux, :hp_deskjet 
:eth
 A pre-generated EthHeader object. If not specified, a new one will be created.
:arp
 A pre-generated ARPHeader object. If not specificed, a new one will be created.
:config
 A hash of return address details, often the output of Utils.whoami?

Instance Attribute Summary collapse

Attributes inherited from Packet

#flavor, #headers, #iface, #inspect_style

Class Method Summary collapse

Instance Method Summary collapse

Methods included from ARPHeaderMixin

#arp_daddr_ip, #arp_daddr_ip=, #arp_daddr_mac, #arp_daddr_mac=, #arp_dst_ip, #arp_dst_ip=, #arp_dst_ip_readable, #arp_dst_mac, #arp_dst_mac=, #arp_dst_mac_readable, #arp_hw, #arp_hw=, #arp_hw_len, #arp_hw_len=, #arp_opcode, #arp_opcode=, #arp_proto, #arp_proto=, #arp_proto_len, #arp_proto_len=, #arp_proto_readable, #arp_saddr_ip, #arp_saddr_ip=, #arp_saddr_mac, #arp_saddr_mac=, #arp_src_ip, #arp_src_ip=, #arp_src_ip_readable, #arp_src_mac, #arp_src_mac=, #arp_src_mac_readable

Methods included from EthHeaderMixin

#eth_daddr, #eth_daddr=, #eth_dst, #eth_dst=, #eth_dst_readable, #eth_proto, #eth_proto=, #eth_proto_readable, #eth_saddr, #eth_saddr=, #eth_src, #eth_src=, #eth_src_readable

Methods inherited from Packet

#==, #clone, #dissect, #dissection_table, force_binary, #handle_is_identity, #hexify, inherited, #inspect, #inspect_hex, #kind_of?, #layer, layer, #layer_symbol, layer_symbol, #method_missing, #orig_kind_of?, parse, #payload, #payload=, #peek, #proto, #respond_to?, #size, #to_f, #to_pcap, #to_s, #to_w, #write

Constructor Details

#initialize(args = {}) ⇒ ARPPacket

Returns a new instance of ARPPacket


54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
# File 'lib/packetfu/protos/arp.rb', line 54

def initialize(args={})
  @eth_header = EthHeader.new(args).read(args[:eth])
  @arp_header = ARPHeader.new(args).read(args[:arp]) 
  @eth_header.eth_proto = "\x08\x06"
  @eth_header.body=@arp_header

  # Please send more flavors to [email protected]
  # Most of these initial fingerprints come from one (1) sample.
  case (args[:flavor].nil?) ? :nil : args[:flavor].to_s.downcase.intern
  when :windows; @arp_header.body = "\x00" * 64				# 64 bytes of padding 
  when :linux; @arp_header.body = "\x00" * 4 +				# 32 bytes of padding 
    "\x00\x07\x5c\x14" + "\x00" * 4 +
    "\x00\x0f\x83\x34" + "\x00\x0f\x83\x74" +
    "\x01\x11\x83\x78" + "\x00\x00\x00\x0c" + 
    "\x00\x00\x00\x00"
  when :hp_deskjet; 																	# Pads up to 60 bytes.
    @arp_header.body = "\xe0\x90\x0d\x6c" + 
    "\xff\xff\xee\xee" + "\x00" * 4 + 
    "\xe0\x8f\xfa\x18\x00\x20"	
  else; @arp_header.body = "\x00" * 18								# Pads up to 60 bytes.
  end

  @headers = [@eth_header, @arp_header]
  super
end

Dynamic Method Handling

This class handles dynamic methods through the method_missing method in the class PacketFu::Packet

Instance Attribute Details

#arp_headerObject

Returns the value of attribute arp_header


38
39
40
# File 'lib/packetfu/protos/arp.rb', line 38

def arp_header
  @arp_header
end

#eth_headerObject

Returns the value of attribute eth_header


38
39
40
# File 'lib/packetfu/protos/arp.rb', line 38

def eth_header
  @eth_header
end

Class Method Details

.can_parse?(str) ⇒ Boolean

Returns:

  • (Boolean)

40
41
42
43
44
45
# File 'lib/packetfu/protos/arp.rb', line 40

def self.can_parse?(str)
  return false unless EthPacket.can_parse? str
  return false unless str.size >= 28
  return false unless str[12,2] == "\x08\x06"
  true
end

Instance Method Details

#peek_formatObject

Generates summary data for ARP packets.


81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
# File 'lib/packetfu/protos/arp.rb', line 81

def peek_format
  peek_data = ["A  "]
  peek_data << "%-5d" % self.to_s.size
  peek_data << arp_saddr_mac
  peek_data << "(#{arp_saddr_ip})"
  peek_data << "->"
  peek_data << case arp_daddr_mac
                when "00:00:00:00:00:00"; "Bcast00"
                when "ff:ff:ff:ff:ff:ff"; "BcastFF"
                else; arp_daddr_mac
                end
  peek_data << "(#{arp_daddr_ip})"
  peek_data << ":"
  peek_data << case arp_opcode
                when 1; "Requ"
                when 2; "Repl"
                when 3; "RReq"
                when 4; "RRpl"
                when 5; "IReq"
                when 6; "IRpl"
                else; "0x%02x" % arp_opcode
                end
  peek_data.join
end

#read(str = nil, args = {}) ⇒ Object


47
48
49
50
51
52
# File 'lib/packetfu/protos/arp.rb', line 47

def read(str=nil,args={})
  raise "Cannot parse `#{str}'" unless self.class.can_parse?(str)
  @eth_header.read(str)
  super(args)
  self
end

#recalc(args = {}) ⇒ Object

While there are lengths in ARPPackets, there's not much to do with them.


108
109
110
# File 'lib/packetfu/protos/arp.rb', line 108

def recalc(args={})
  @headers[0].inspect
end