Class: PacketFu::TCPPacket

TCPPacket is used to construct TCP packets. They contain an EthHeader, an IPHeader, and a TCPHeader.

Example

   tcp_pkt = PacketFu::TCPPacket.new
   tcp_pkt.tcp_flags.syn=1
   tcp_pkt.tcp_dst=80
   tcp_pkt.tcp_win=5840
   tcp_pkt.tcp_options="mss:1460,sack.ok,ts:#{rand(0xffffffff)};0,nop,ws:7"

   tcp_pkt.ip_saddr=[rand(0xff),rand(0xff),rand(0xff),rand(0xff)].join('.')
   tcp_pkt.ip_daddr=[rand(0xff),rand(0xff),rand(0xff),rand(0xff)].join('.')

   tcp_pkt.recalc
   tcp_pkt.to_f('/tmp/tcp.pcap')

Parameters

 :eth
   A pre-generated EthHeader object.
 :ip
   A pre-generated IPHeader object.
 :flavor
   TODO: Sets the "flavor" of the TCP packet. This will include TCP options and the initial window
   size, per stack. There is a lot of variety here, and it's one of the most useful methods to
   remotely fingerprint devices. :flavor will span both ip and tcp for consistency.
  :type
   TODO: Set up particular types of packets (syn, psh_ack, rst, etc). This can change the initial flavor.
 :config
  A hash of return address details, often the output of Utils.whoami?

Methods

new peek tcp_calc_flavor tcp_calc_sum tcp_recalc

Attributes

 eth_header
 headers
 ip_header
 tcp_header

Public Class methods

new(args={})

Public Instance methods

peek(args={})

Peek provides summary data on packet contents.

tcp_calc_flavor(str)

Sets the correct flavor for TCP Packets. Recognized flavors are:

  windows, linux, freebsd

tcp_calc_sum()

tcp_calc_sum() computes the TCP checksum, and is called upon intialization. It usually should be called just prior to dropping packets to a file or on the wire.

tcp_recalc(arg=:all)

Recalculates various fields of the TCP packet.

Parameters

  :all
    Recomputes all calculated fields.
  :tcp_sum
    Recomputes the TCP checksum.
  :tcp_hlen
    Recomputes the TCP header length. Useful after options are added.