| Path: | lib/packetfu.rb |
| Last Update: | Mon Jan 11 19:38:25 -0600 2010 |
A library for reading a writing packets to an interface or to a libpcap-formatted file. It is maintained at code.google.com/p/packetfu
PacketFu is rdoc-compatable. In the same directory as this file, run "rdoc" by itself, and then view doc/index.html with your favored browser. Once that‘s done, navigate at the top, and read up on how to create a Packet or Capture from an interface with show_live or whatever.
PcapRub: www.metasploit.com/svn/framework3/trunk/external/pcaprub
Marshall Beddoe‘s PcapRub is required only for packet reading and writing from a network interfaces (which is a pretty big only). PcapRub itself relies on libpcap 0.9.8 or later for packet injection. PcapRub also requires root privilieges to access the interface directly. PcapRub is provided with this package, but sadly, little support is offered, as network cards, libpcap drivers, and PcapRub combinations can vary wildly from machine to machine.
PacketFu ships with dozens and dozens of tests, built on Test::Unit. These should give good pointers on how you‘re expected to use it. See the /tests directory. Furthermore, PacketFu also ships with packetfu-shell.rb, which should be run via IRB (as root, if you intend to use your interfaces).
PacketFu is maintained primarily by Tod Beardsley <todb@planb-security.net>
Installation is pretty straightforward.
PacketFu requires a slightly hacked version of PcapRub to function effectively.
This distribution provides both pcaprub source (tested on Linux) and a compiled PcapRub for Win32. For Linux, simply cd to pcaprub_linux, and run:
% ruby extconf.rb % make % sudo make install
For Windows, ensure the pcaprub.so file is locatable in your $RUBYPATH (for most systems, C:\ruby\bin should be fine).
For PacketFu proper, simply run
% sudo ruby setup.rb
from the toplevel directory to install.
The easiest way to test the installation is to run PacketFu via irb, using the example shell in the "examples" directory:
% sudo irb -r packetfu-shell.rb
After the banner, you should see something like:
>>> Use $packetfu_default.config for salient networking details. IP: 192.168.1.100 Mac: 00:1d:e0:54:2f:7e Gateway: 00:03:2f:32:a5:3c Net: 192.168.1.0 Iface: wlan0 >>> Packet capturing/injecting enabled. <><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><><>
If not, then Something Went Wrong. It‘s most likely that you have either an older or broken version of pcaprub (try installing the version provided with PacketFu), or you have a very, very old version of libpcap (version 0.9.4 is the oldest tested version, and there‘s really no reason to not be at least on 1.0.0).
If things don‘t work out, please contact todb@planb-security.net, and I‘ll try to get you all sorted out.
Copyright (c) 2008-2010, Tod Beardsley All rights reserved.
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
* Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
* Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
* Neither the name of Tod Beardsley nor the
names of its contributors may be used to endorse or promote products
derived from this software without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY TOD BEARDSLEY ’’AS IS’’ AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL TOD BEARDSLEY BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.