metasploit-framework/lib/packetfu/write.rb

90 lines
2.5 KiB
Ruby
Raw Normal View History

module PacketFu
# The Write class facilitates writing to libpcap files, which is the native file format
# for packet capture utilities such as tcpdump, Wireshark, and PacketFu::PcapFile.
#
# == Example
#
# cap = PacketFu::Capture.new(:start => true)
# sleep 10
# cap.save
# pkt_array = cap.array
# PacketFu::Write.a2f(:file => 'pcaps/my_capture.pcap', :array => pkt_array)
#
# === array_to_file() Arguments
#
# :filename | :file | :out
# The file to write to. If it exists, it will be overwritten. By default, no file will be written.
#
# :array | arr
# The array to read packet data from. Note, these should be strings, and not packet objects!
#
# :ts | :timestamp
# The starting timestamp. By default, it is the result of Time.now.to_i
#
# :ts_inc | :timestamp_increment
# The timestamp increment, in seconds. (Sorry, no usecs yet)
#
# == See Also
#
# Read, Capture
class Write
# Writes an array of binary data to a libpcap file.
def self.array_to_file(args={})
filename = args[:filename] || args[:file] || args[:out] || :nowrite
arr = args[:arr] || args[:array] || []
ts = args[:ts] || args[:timestamp] || Time.now.to_i
ts_inc = args[:ts_inc] || args[:timestamp_increment] || 1
if arr.class != Array
raise ArgumentError, "This needs to be an array."
end
formatted_packets = []
arr.each do |pkt|
this_pkt = PcapPacket.new
this_pkt.data = pkt[0,0xffff]
this_pkt.orig_len = pkt.size # orig_len isn't calc'ed already.
this_pkt.ts_sec = ts += decimal_to_usecs(ts_inc)[0]
formatted_packets << this_pkt.to_s
end
filedata = PcapFile.new
filedata.read(PcapFile.new.to_s + formatted_packets.join) # Like a cat playing the bass.
if filename != :nowrite
out = File.new(filename.to_s, 'w')
out.print filedata
out.close
# Return [filename, file size, # of packets, initial timestamp, timestamp increment]
ret = [filename,filedata.to_s.size,arr.size,ts,ts_inc]
else
ret = [nil,filedata.to_s.size,arr.size,ts,ts_inc]
end
end
# A synonym for array_to_file()
def self.a2f(args={})
self.array_to_file(args)
end
# TODO: Wire this in later to enable incrementing by microseconds.
def self.decimal_to_usecs(decimal)
secs = decimal.to_i
usecs = decimal.to_f.to_s.split('.')[1]
[secs,usecs]
end
# IRB tab-completion hack.
def truth
"Stranger than fiction" ; true
end
#:stopdoc:
alias_method :array_to_file, :truth
alias_method :a2f, :truth
#:startdoc:
end
end