Class: PacketFu::ARPPacket

Inherits:

Packet

• Object
• Packet
• PacketFu::ARPPacket

Includes:

ARPHeaderMixin, EthHeaderMixin

Defined in:

lib/packetfu/protos/arp.rb

Overview

ARPPacket is used to construct ARP packets. They contain an EthHeader and an ARPHeader.

Example

require 'packetfu'
arp_pkt = PacketFu::ARPPacket.new(:flavor => "Windows")
arp_pkt.arp_saddr_mac="00:1c:23:44:55:66"  # Your hardware address
arp_pkt.arp_saddr_ip="10.10.10.17"  # Your IP address
arp_pkt.arp_daddr_ip="10.10.10.1"  # Target IP address
arp_pkt.arp_opcode=1  # Request

arp_pkt.to_w('eth0')	# Inject on the wire. (requires root)
arp_pkt.to_f('/tmp/arp.pcap') # Write to a file.

Parameters

:flavor
 Sets the "flavor" of the ARP packet. Choices are currently:
   :windows, :linux, :hp_deskjet
:eth
 A pre-generated EthHeader object. If not specified, a new one will be created.
:arp
 A pre-generated ARPHeader object. If not specificed, a new one will be created.
:config
 A hash of return address details, often the output of Utils.whoami?

Instance Attribute Summary

• #arp_header ⇒ Object

  Returns the value of attribute arp_header.

• #eth_header ⇒ Object

  Returns the value of attribute eth_header.

Attributes inherited from Packet

#flavor, #headers, #iface, #inspect_style

Class Method Summary

• .can_parse?(str) ⇒ Boolean

Instance Method Summary

• #initialize(args = {}) ⇒ ARPPacket constructor

  A new instance of ARPPacket.

• #peek_format ⇒ Object

  Generates summary data for ARP packets.

• #recalc(args = {}) ⇒ Object

  While there are lengths in ARPPackets, there’s not much to do with them.

Methods included from ARPHeaderMixin

#arp_daddr_ip, #arp_daddr_ip=, #arp_daddr_mac, #arp_daddr_mac=, #arp_dst_ip, #arp_dst_ip=, #arp_dst_ip_readable, #arp_dst_mac, #arp_dst_mac=, #arp_dst_mac_readable, #arp_hw, #arp_hw=, #arp_hw_len, #arp_hw_len=, #arp_opcode, #arp_opcode=, #arp_proto, #arp_proto=, #arp_proto_len, #arp_proto_len=, #arp_proto_readable, #arp_saddr_ip, #arp_saddr_ip=, #arp_saddr_mac, #arp_saddr_mac=, #arp_src_ip, #arp_src_ip=, #arp_src_ip_readable, #arp_src_mac, #arp_src_mac=, #arp_src_mac_readable

Methods included from EthHeaderMixin

#eth_daddr, #eth_daddr=, #eth_dst, #eth_dst=, #eth_dst_readable, #eth_proto, #eth_proto=, #eth_proto_readable, #eth_saddr, #eth_saddr=, #eth_src, #eth_src=, #eth_src_readable

Methods inherited from Packet

#==, #clone, #dissect, #dissection_table, force_binary, #handle_is_identity, #hexify, inherited, #inspect, #inspect_hex, #kind_of?, layer, #layer, #layer_symbol, layer_symbol, #method_missing, #orig_kind_of?, parse, #payload, #payload=, #peek, #proto, #read, #respond_to?, #size, #to_f, #to_pcap, #to_s, #to_w, #write

Constructor Details

#initialize(args = {}) ⇒ ARPPacket

Returns a new instance of ARPPacket.

# File 'lib/packetfu/protos/arp.rb', line 47

def initialize(args={})
  @eth_header = EthHeader.new(args).read(args[:eth])
  @arp_header = ARPHeader.new(args).read(args[:arp])
  @eth_header.eth_proto = "\x08\x06"
  @eth_header.body=@arp_header

  # Please send more flavors to todb+packetfu@planb-security.net.
  # Most of these initial fingerprints come from one (1) sample.
  case (args[:flavor].nil?) ? :nil : args[:flavor].to_s.downcase.to_sym
  when :windows; @arp_header.body = "\x00" * 64				# 64 bytes of padding
  when :linux; @arp_header.body = "\x00" * 4 +				# 32 bytes of padding
    "\x00\x07\x5c\x14" + "\x00" * 4 +
    "\x00\x0f\x83\x34" + "\x00\x0f\x83\x74" +
    "\x01\x11\x83\x78" + "\x00\x00\x00\x0c" +
    "\x00\x00\x00\x00"
  when :hp_deskjet; 																	# Pads up to 60 bytes.
    @arp_header.body = "\xe0\x90\x0d\x6c" +
    "\xff\xff\xee\xee" + "\x00" * 4 +
    "\xe0\x8f\xfa\x18\x00\x20"
  else; @arp_header.body = "\x00" * 18								# Pads up to 60 bytes.
  end

  @headers = [@eth_header, @arp_header]
  super
end

Dynamic Method Handling

This class handles dynamic methods through the method_missing method in the class PacketFu::Packet

Instance Attribute Details

#arp_header ⇒ Object

Returns the value of attribute arp_header.

# File 'lib/packetfu/protos/arp.rb', line 38

def arp_header
  @arp_header
end

#eth_header ⇒ Object

Returns the value of attribute eth_header.

# File 'lib/packetfu/protos/arp.rb', line 38

def eth_header
  @eth_header
end

Class Method Details

.can_parse?(str) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/packetfu/protos/arp.rb', line 40

def self.can_parse?(str)
  return false unless EthPacket.can_parse? str
  return false unless str.size >= 28
  return false unless str[12,2] == "\x08\x06"
  true
end

Instance Method Details

#peek_format ⇒ Object

Generates summary data for ARP packets.

# File 'lib/packetfu/protos/arp.rb', line 74

def peek_format
  peek_data = ["A  "]
  peek_data << "%-5d" % self.to_s.size
  peek_data << arp_saddr_mac
  peek_data << "(#{arp_saddr_ip})"
  peek_data << "->"
  peek_data << case arp_daddr_mac
                when "00:00:00:00:00:00"; "Bcast00"
                when "ff:ff:ff:ff:ff:ff"; "BcastFF"
                else; arp_daddr_mac
                end
  peek_data << "(#{arp_daddr_ip})"
  peek_data << ":"
  peek_data << case arp_opcode
                when 1; "Requ"
                when 2; "Repl"
                when 3; "RReq"
                when 4; "RRpl"
                when 5; "IReq"
                when 6; "IRpl"
                else; "0x%02x" % arp_opcode
                end
  peek_data.join
end

#recalc(args = {}) ⇒ Object

While there are lengths in ARPPackets, there’s not much to do with them.

# File 'lib/packetfu/protos/arp.rb', line 101

def recalc(args={})
  @headers[0].inspect
end