File: arp.rb

package info (click to toggle)
ruby-packetfu 2.0.0-2
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid, trixie
  • size: 3,520 kB
  • sloc: ruby: 8,344; makefile: 2
file content (60 lines) | stat: -rw-r--r-- 2,114 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
 
# -*- coding: binary -*-
# This is a somewhat contrived and verbose demonstration of how to implement ARP manually.
#
# It's contrived because this is really how PacketFu::Utils got born; something similiar
# (and a wee bit cleaner) is already available as Packet::Utils::arp, since knowing the
# MAC address of a target IP turns out to be pretty useful day-to-day.

# Path setting slight of hand:
$: << File.expand_path("../../lib", __FILE__)
require 'packetfu'

def usage
  if ARGV[0].nil?
    raise ArgumentError, "You need an IP address to start with."
  elsif !Process.euid.zero?
    raise SecurityError, "You need to be root to run this."
  end
end

usage unless target_ip = ARGV[0]		# Need a target IP.
usage unless Process.euid.zero?			# Need to be root.
IPAddr.new(target_ip)								# Check to see it's really an IP address, and not a herring or something.

$packetfu_default = PacketFu::Config.new(PacketFu::Utils.whoami?).config

def arp(target_ip)

  arp_pkt = PacketFu::ARPPacket.new(:flavor => "Windows")
  arp_pkt.eth_saddr = arp_pkt.arp_saddr_mac = $packetfu_default[:eth_saddr]
  arp_pkt.eth_daddr = "ff:ff:ff:ff:ff:ff"
  arp_pkt.arp_daddr_mac = "00:00:00:00:00:00"

  arp_pkt.arp_saddr_ip = $packetfu_default[:ip_saddr]
  arp_pkt.arp_daddr_ip = target_ip

  # Stick the Capture object in its own thread.

  cap_thread = Thread.new do
    cap = PacketFu::Capture.new(:start => true,
                                :filter => "arp src #{target_ip} and ether dst #{arp_pkt.eth_saddr}")
    arp_pkt.to_w # Shorthand for sending single packets to the default interface.
    target_mac = nil
    while target_mac.nil?
      if cap.save > 0
        arp_response = PacketFu::Packet.parse(cap.array[0])
        target_mac = arp_response.arp_saddr_mac if arp_response.arp_saddr_ip = target_ip
      end
      sleep 0.1 # Check for a response ten times per second.
    end
    puts "#{target_ip} is-at #{target_mac}"
    # That's all we need.
    exit 0
  end

  # Timeout for cap_thread
  sleep 3; puts "Oh noes! Couldn't get an arp out of #{target_ip}. Maybe it's not here."
  exit 1
end

arp(target_ip)