Hello all. Glad to be new here on ruby-forum.com. I was hoping to get
some information regarding packetfu. I’m trying to write a scanner using
packetfu and it requires not only injecting packets over the wire, which
is obviously easy enough with packetfu, but it also requires that I see
the responses(or lack thereof) to the packets being sent. I realize I
can use PacketFu::Capture to see incoming packets, but I don’t know how
to look specifically for things like RST packets, SYN ACK packets, or no
packets being sent back.
Captured packets are instances of related classes, so you can access its
values by unified interface.
require ‘packetfu’
include PacketFu
pks = PcapFile.read_packets ‘out.pcap’
pks.first.class # PacketFu::TCPPacket
pks.first.tcp_ack # 0 => RST
etc.
pks.first.local_methods
=> [:dissect, :dissection_table, :eth_daddr, :eth_daddr=, :eth_dst,
:eth_dst=, :eth_dst_readable, :eth_header, :eth_header=, :eth_proto,
:eth_proto=, :eth_proto_readable, :eth_saddr, :eth_saddr=, :eth_src,
:eth_src=, :eth_src_readable, :flavor, :handle_is_identity, :headers,
:headers=, :hexify, :iface, :iface=, :inspect_hex, :inspect_style,
:inspect_style=, :ip_calc_id, :ip_calc_len, :ip_calc_sum, :ip_daddr,
:ip_daddr=, :ip_dst, :ip_dst=, :ip_dst_readable, :ip_frag, :ip_frag=,
:ip_header, :ip_header=, :ip_hl, :ip_hl=, :ip_hlen, :ip_id, :ip_id=,
:ip_id_readable, :ip_len, :ip_len=, :ip_proto, :ip_proto=, :ip_recalc,
:ip_saddr, :ip_saddr=, :ip_src, :ip_src=, :ip_src_readable, :ip_sum,
:ip_sum=, :ip_sum_readable, :ip_tos, :ip_tos=, :ip_ttl, :ip_ttl=, :ip_v,
:ip_v=, :length, :method_missing, :orig_kind_of?, :payload, :payload=,
:peek, :peek_format, :proto, :protocol, :read, :recalc, :size, :tcp_ack,
:tcp_ack=, :tcp_ack_readable, :tcp_calc_flavor, :tcp_calc_hlen,
:tcp_calc_seq, :tcp_calc_src, :tcp_calc_sum, :tcp_dport, :tcp_dport=,
:tcp_dst, :tcp_dst=, :tcp_ecn, :tcp_ecn=, :tcp_flags, :tcp_flags=,
:tcp_flags_dotmap, :tcp_flags_readable, :tcp_header, :tcp_header=,
:tcp_hlen, :tcp_hlen=, :tcp_options, :tcp_options=, :tcp_opts,
:tcp_opts=, :tcp_opts_len, :tcp_opts_readable, :tcp_recalc,
:tcp_reserved, :tcp_reserved=, :tcp_seq, :tcp_seq=, :tcp_seq_readable,
:tcp_sport, :tcp_sport=, :tcp_src, :tcp_src=, :tcp_sum, :tcp_sum=,
:tcp_sum_readable, :tcp_urg, :tcp_urg=, :tcp_win, :tcp_win=, :to_f,
:to_pcap, :to_w, :write]
for each supported protocol/layer you may find corresponding definitions
here
I’m sorry I might be misunderstanding your response. I’m not sure how
this applies to seeing whether a returned packet is RST or SYN ACK or
not returned at all. Could you please clarify?
Thanks.