[ANN] packetgen 1.0.0 released

ruby-talk
1

packetgen 1.0.0 has been released.

* home: <https://github.com/sdaubert/packetgen>
* bugs: <https://github.com/sdaubert/packetgen/issues>
* doc: <http://www.rubydoc.info/gems/packetgen>

PacketGen provides simple ways to generate, send and capture network
packets easily.

Compared to PacketFu, PacketGen:
- make easy building of packets, not class-defined as PacketFu
- may handle tunneled packets
- will encapsulate and/or decapsulate packets (TODO)
- parse packets bottom-up, so correctly guess lower protocols
- send packets at IP/IPv6 layers

# Create packets:
pkt = PacketGen.gen('Eth').add('IP')
pkt = PacketGen.gen('IP', src: '192.168.1.2', dst:
'192.168.1.3').add('UDP', dport: 53, sport: 45657)

# Manipulate packets:
pkt.is? 'Eth' # => true
pkt.eth.dst = '00:00:01:02:03:04'
pkt.ip.sum = 0xffff

# Get packet binary data:
pkt.to_s

# Send packet on wire:
pkt.to_w # send on eth0
pkt.to_w('eth1')

# Capture packets from wire
PacketGen.capture('eth0') do |packet|
  do_stuffs_with_packet
end
packets = PacketGen.capture('eth0', max: 6) # Get 6 packets
packets = PacketGen.capture('eth0', timeout: 10, filter: 'ip') # Get
all IP packets during 10 seconds

# Read/write packets from/to file
packets = PacketNG::Packet.read('file.pcapng')
pkt.to_f('file.pcapng')
PacketNG::Packet.write('another_file.pcapng', ary_of_packets)

# Parse a string:
pkt = PacketGen.parse(str)

Changes:

### 1.0.0 / 2016-12-18

* all headers: use RFC names as attributes
  * breaks compatibility with previous versions
  * defines some aliases
* add support for TCP protocol
  * TCP header
  * supports TCP options
* add doc for all header classes
* add a mechanism to declare bit fields in header:
  * IP:
    * replace #version and #ihl by bitfiel versions
    * add pseudo-attributes for frag flags (#flag_rsv, #flag_df and
#flag_mf)
    * add #fragment_offset pseudo-attribute
  * IPv6:
    * replace #version, #traffic_class and #flow_label by bitfield
pseudo-attributes
* Packet#inspect now uses headers' #inspect method (by default
Header::HeaderMethods#inspect)
* a new module Inspect is used to centralize helpers for #inspect
* bug fixes:
  * PacketGen.parse crashes. A kwarg was passes as a positional argument

2

Waw, that's awesome, Do you've a plan to make it protocol aware like *scapy* in
python? Since everyone most of hackers have started learning python because
of *scapy* which shocked me.

BTW, I'll have a deeper look and I may add this to the Rubyfu book
(Rubyfu.net). What you think?

···

On 18 December 2016 at 21:01, Sylvain Daubert <sylvain.daubert@laposte.net> wrote:

packetgen 1.0.0 has been released.

* home: <https://github.com/sdaubert/packetgen&gt;
* bugs: <https://github.com/sdaubert/packetgen/issues&gt;
* doc: <http://www.rubydoc.info/gems/packetgen&gt;

PacketGen provides simple ways to generate, send and capture network
packets easily.

Compared to PacketFu, PacketGen:
- make easy building of packets, not class-defined as PacketFu
- may handle tunneled packets
- will encapsulate and/or decapsulate packets (TODO)
- parse packets bottom-up, so correctly guess lower protocols
- send packets at IP/IPv6 layers

# Create packets:
pkt = PacketGen.gen('Eth').add('IP')
pkt = PacketGen.gen('IP', src: '192.168.1.2', dst:
'192.168.1.3').add('UDP', dport: 53, sport: 45657)

# Manipulate packets:
pkt.is? 'Eth' # => true
pkt.eth.dst = '00:00:01:02:03:04'
pkt.ip.sum = 0xffff

# Get packet binary data:
pkt.to_s

# Send packet on wire:
pkt.to_w # send on eth0
pkt.to_w('eth1')

# Capture packets from wire
PacketGen.capture('eth0') do |packet|
  do_stuffs_with_packet
end
packets = PacketGen.capture('eth0', max: 6) # Get 6 packets
packets = PacketGen.capture('eth0', timeout: 10, filter: 'ip') # Get
all IP packets during 10 seconds

# Read/write packets from/to file
packets = PacketNG::Packet.read('file.pcapng')
pkt.to_f('file.pcapng')
PacketNG::Packet.write('another_file.pcapng', ary_of_packets)

# Parse a string:
pkt = PacketGen.parse(str)

Changes:

### 1.0.0 / 2016-12-18

* all headers: use RFC names as attributes
  * breaks compatibility with previous versions
  * defines some aliases
* add support for TCP protocol
  * TCP header
  * supports TCP options
* add doc for all header classes
* add a mechanism to declare bit fields in header:
  * IP:
    * replace #version and #ihl by bitfiel versions
    * add pseudo-attributes for frag flags (#flag_rsv, #flag_df and
#flag_mf)
    * add #fragment_offset pseudo-attribute
  * IPv6:
    * replace #version, #traffic_class and #flow_label by bitfield
pseudo-attributes
* Packet#inspect now uses headers' #inspect method (by default
Header::HeaderMethods#inspect)
* a new module Inspect is used to centralize helpers for #inspect
* bug fixes:
  * PacketGen.parse crashes. A kwarg was passes as a positional argument

Unsubscribe: <mailto:ruby-talk-request@ruby-lang.org?subject=unsubscribe>
<http://lists.ruby-lang.org/cgi-bin/mailman/options/ruby-talk&gt;

--

*Senior Information Security Engineer OSCE, GWAPT, **CEH, **OSCP, **RHCE, *
*CCNA, **MCITP-EA*

3

Hi,

All binary protcols may be included. For now, i have plan to add ESP/IKE
protocols. DNS should be great also but i have no knowledge for the
latter. And others protocols may be added (PR are welcome).

About Rubyfu book: i did not known it. This is a great book. Feel free
to add PacketGen.

···

Le 19/12/2016 à 00:57, KING SABRI a écrit :

Waw, that's awesome, Do you've a plan to make it protocol aware like
*scapy* in python? Since everyone most of hackers have started learning
python because of *scapy* which shocked me.

BTW, I'll have a deeper look and I may add this to the Rubyfu book
(Rubyfu.net). What you think?

On 18 December 2016 at 21:01, Sylvain Daubert > <sylvain.daubert@laposte.net <mailto:sylvain.daubert@laposte.net>> wrote:

    packetgen 1.0.0 has been released.

    * home: <GitHub - sdaubert/packetgen: Ruby library to easily generate and capture network packets
    <https://github.com/sdaubert/packetgen&gt;&gt;
    * bugs: <Issues · sdaubert/packetgen · GitHub
    <https://github.com/sdaubert/packetgen/issues&gt;&gt;
    * doc: <File: README — Documentation for packetgen (3.3.1)
    <http://www.rubydoc.info/gems/packetgen&gt;&gt;

    PacketGen provides simple ways to generate, send and capture network
    packets easily.

    Compared to PacketFu, PacketGen:
    - make easy building of packets, not class-defined as PacketFu
    - may handle tunneled packets
    - will encapsulate and/or decapsulate packets (TODO)
    - parse packets bottom-up, so correctly guess lower protocols
    - send packets at IP/IPv6 layers

    # Create packets:
    pkt = PacketGen.gen('Eth').add('IP')
    pkt = PacketGen.gen('IP', src: '192.168.1.2', dst:
    '192.168.1.3').add('UDP', dport: 53, sport: 45657)

    # Manipulate packets:
    pkt.is <http://pkt.is>? 'Eth' # => true
    pkt.eth.dst = '00:00:01:02:03:04'
    pkt.ip.sum = 0xffff

    # Get packet binary data:
    pkt.to_s

    # Send packet on wire:
    pkt.to_w # send on eth0
    pkt.to_w('eth1')

    # Capture packets from wire
    PacketGen.capture('eth0') do |packet|
      do_stuffs_with_packet
    end
    packets = PacketGen.capture('eth0', max: 6) # Get 6 packets
    packets = PacketGen.capture('eth0', timeout: 10, filter: 'ip') # Get
    all IP packets during 10 seconds

    # Read/write packets from/to file
    packets = PacketNG::Packet.read('file.pcapng')
    pkt.to_f('file.pcapng')
    PacketNG::Packet.write('another_file.pcapng', ary_of_packets)

    # Parse a string:
    pkt = PacketGen.parse(str)

    Changes:

    ### 1.0.0 / 2016-12-18

    * all headers: use RFC names as attributes
      * breaks compatibility with previous versions
      * defines some aliases
    * add support for TCP protocol
      * TCP header
      * supports TCP options
    * add doc for all header classes
    * add a mechanism to declare bit fields in header:
      * IP:
        * replace #version and #ihl by bitfiel versions
        * add pseudo-attributes for frag flags (#flag_rsv, #flag_df and
    #flag_mf)
        * add #fragment_offset pseudo-attribute
      * IPv6:
        * replace #version, #traffic_class and #flow_label by bitfield
    pseudo-attributes
    * Packet#inspect now uses headers' #inspect method (by default
    Header::HeaderMethods#inspect)
    * a new module Inspect is used to centralize helpers for #inspect
    * bug fixes:
      * PacketGen.parse crashes. A kwarg was passes as a positional argument

    Unsubscribe: <mailto:ruby-talk-request@ruby-lang.org
    <mailto:ruby-talk-request@ruby-lang.org>?subject=unsubscribe>
    <http://lists.ruby-lang.org/cgi-bin/mailman/options/ruby-talk
    <http://lists.ruby-lang.org/cgi-bin/mailman/options/ruby-talk&gt;&gt;

--

*Senior Information Security Engineer
OSCE, GWAPT, **CEH, **OSCP, **RHCE, **CCNA, **MCITP-EA*

Unsubscribe: <mailto:ruby-talk-request@ruby-lang.org?subject=unsubscribe>
<http://lists.ruby-lang.org/cgi-bin/mailman/options/ruby-talk&gt;

4

Hi
That's cool, I hope you can make it a modular base like ppl can add a new
protocol as a module. It's easy to understand and contribute

Thanks for your feedback to the book. I'm trying hard to make all
rubies hackers' efforts get recoginsed with the book and twitter.

···

On 19 December 2016 at 11:47, Sylvain Daubert <sylvain.daubert@laposte.net> wrote:

Hi,

All binary protcols may be included. For now, i have plan to add ESP/IKE
protocols. DNS should be great also but i have no knowledge for the
latter. And others protocols may be added (PR are welcome).

About Rubyfu book: i did not known it. This is a great book. Feel free
to add PacketGen.

Le 19/12/2016 à 00:57, KING SABRI a écrit :
> Waw, that's awesome, Do you've a plan to make it protocol aware like
> *scapy* in python? Since everyone most of hackers have started learning
> python because of *scapy* which shocked me.
>
> BTW, I'll have a deeper look and I may add this to the Rubyfu book
> (Rubyfu.net). What you think?
>
> On 18 December 2016 at 21:01, Sylvain Daubert > > <sylvain.daubert@laposte.net <mailto:sylvain.daubert@laposte.net>> > wrote:
>
> packetgen 1.0.0 has been released.
>
> * home: <GitHub - sdaubert/packetgen: Ruby library to easily generate and capture network packets
> <https://github.com/sdaubert/packetgen&gt;&gt;
> * bugs: <Issues · sdaubert/packetgen · GitHub
> <https://github.com/sdaubert/packetgen/issues&gt;&gt;
> * doc: <File: README — Documentation for packetgen (3.3.1)
> <http://www.rubydoc.info/gems/packetgen&gt;&gt;
>
>
> PacketGen provides simple ways to generate, send and capture network
> packets easily.
>
> Compared to PacketFu, PacketGen:
> - make easy building of packets, not class-defined as PacketFu
> - may handle tunneled packets
> - will encapsulate and/or decapsulate packets (TODO)
> - parse packets bottom-up, so correctly guess lower protocols
> - send packets at IP/IPv6 layers
>
> # Create packets:
> pkt = PacketGen.gen('Eth').add('IP')
> pkt = PacketGen.gen('IP', src: '192.168.1.2', dst:
> '192.168.1.3').add('UDP', dport: 53, sport: 45657)
>
> # Manipulate packets:
> pkt.is <http://pkt.is>? 'Eth' # => true
> pkt.eth.dst = '00:00:01:02:03:04'
> pkt.ip.sum = 0xffff
>
> # Get packet binary data:
> pkt.to_s
>
> # Send packet on wire:
> pkt.to_w # send on eth0
> pkt.to_w('eth1')
>
> # Capture packets from wire
> PacketGen.capture('eth0') do |packet|
> do_stuffs_with_packet
> end
> packets = PacketGen.capture('eth0', max: 6) # Get 6 packets
> packets = PacketGen.capture('eth0', timeout: 10, filter: 'ip') # Get
> all IP packets during 10 seconds
>
> # Read/write packets from/to file
> packets = PacketNG::Packet.read('file.pcapng')
> pkt.to_f('file.pcapng')
> PacketNG::Packet.write('another_file.pcapng', ary_of_packets)
>
> # Parse a string:
> pkt = PacketGen.parse(str)
>
>
> Changes:
>
> ### 1.0.0 / 2016-12-18
>
> * all headers: use RFC names as attributes
> * breaks compatibility with previous versions
> * defines some aliases
> * add support for TCP protocol
> * TCP header
> * supports TCP options
> * add doc for all header classes
> * add a mechanism to declare bit fields in header:
> * IP:
> * replace #version and #ihl by bitfiel versions
> * add pseudo-attributes for frag flags (#flag_rsv, #flag_df and
> #flag_mf)
> * add #fragment_offset pseudo-attribute
> * IPv6:
> * replace #version, #traffic_class and #flow_label by bitfield
> pseudo-attributes
> * Packet#inspect now uses headers' #inspect method (by default
> Header::HeaderMethods#inspect)
> * a new module Inspect is used to centralize helpers for #inspect
> * bug fixes:
> * PacketGen.parse crashes. A kwarg was passes as a positional
argument
>
> Unsubscribe: <mailto:ruby-talk-request@ruby-lang.org
> <mailto:ruby-talk-request@ruby-lang.org>?subject=unsubscribe>
> <http://lists.ruby-lang.org/cgi-bin/mailman/options/ruby-talk
> <http://lists.ruby-lang.org/cgi-bin/mailman/options/ruby-talk&gt;&gt;
>
>
>
>
> --
>
> *Senior Information Security Engineer
> OSCE, GWAPT, **CEH, **OSCP, **RHCE, **CCNA, **MCITP-EA*
>
>
>
> Unsubscribe: <mailto:ruby-talk-request@ruby-lang.org?subject=
>
> <http://lists.ruby-lang.org/cgi-bin/mailman/options/ruby-talk&gt;
>

Unsubscribe: <mailto:ruby-talk-request@ruby-lang.org?subject=unsubscribe>
<http://lists.ruby-lang.org/cgi-bin/mailman/options/ruby-talk&gt;

--

*Senior Information Security Engineer OSCE, GWAPT, **CEH, **OSCP, **RHCE, *
*CCNA, **MCITP-EA*