[lnkForumImage]
TotalShareware - Download Free Software
Confronta i prezzi di migliaia di prodotti.
Asp Forum
 Home | Login | Register | Search 


 

Forums >

comp.lang.ruby

bit-struct and constructing ARP messages.

Kevin Waters

7/25/2006 1:02:00 AM

Hello all.

I have been trying to write a ARP packet injector script for Ruby
and did quite a bit of research on how to construct ARP Reply datagrams
and what not, and now that I think I have an idea how to construct them
but also I'd like to transmit them to a host.

Courtesy of bit-struct I am able to craft and fill in the headers of an
IPv4 datagram with ease, but transmitting this information is not so
easy. What I'd like to know is is there some specific syntax using
Socket#new for just transmitting packets not to any specific TCP port?,
this is a snippet from the script:

------------------------------------------------------------------------------
class IP < BitStruct
unsigned :ip_v, 4, "Version"
unsigned :ip_hl, 4, "Header length"
unsigned :ip_tos, 8, "TOS"
unsigned :ip_len, 16, "Length"
unsigned :ip_id, 16, "ID"
unsigned :ip_off, 16, "Frag offset"
unsigned :ip_ttl, 8, "TTL"
unsigned :ip_p, 8, "Protocol"
unsigned :ip_sum, 16, "Checksum"
octets :ip_src, 32, "Source addr"
octets :ip_dst, 32, "Dest addr"
rest :body, "Body of message"

note " rest is application defined message body"

initial_value.ip_v = 4
initial_value.ip_hl = 5
end

def mk_dgram(src_ip,dst_ip,src_h,dst_h)
arp_msg = ['1', '0x800', '6', '4', '2', src_h, src_ip, dst_h,
dst_ip]

ip = IP.new
ip.ip_tos = 0
ip.ip_len = 0
ip.ip_id = 0
ip.ip_off = 0
ip.ip_ttl = 255
ip.ip_p = 255
ip.ip_sum = 0
ip.ip_src = src_ip
ip.ip_dst = dst_ip
ip.body = arp_msg.to_s
ip.ip_len = ip.length
puts ip.inspect_detailed

# TRANSMISSION CODE WOULD GO HERE
# .....
end
-----------------------------------------------------------------------------

Now I'm stuck with transmitting this datagram, any idea how I would
implement this?. Also I'm just taking a guess there as how to craft an
ARP Message encapsulated in an IP datagram so if you know the correct
way of doing that too your feedback is much appreciated.

I apologize in advance if this was not an appropriate place to post this
subject .


--
Posted via http://www.ruby-....
3 Answers

Gyoung-Yoon Noh

7/25/2006 4:18:00 AM

0

You can achieve the goal using Array#pack / String#unpack by
hand. But there are already good libraries supporting C function
calling and type conversion in Ruby: ruby-dl2[1], ruby-dlx[2].

[1]: http://rubyforge.org/cgi-bin/viewvc.cgi/ruby-dl2/doc/struct.txt?revision=1.2&root=ruby-dl2&v...
[2]: http://ruby-dlx.ruby...

HTH,

On 7/25/06, Kevin Waters <ooberyoozer@gmail.com> wrote:
> Hello all.
>
> I have been trying to write a ARP packet injector script for Ruby
> and did quite a bit of research on how to construct ARP Reply datagrams
> and what not, and now that I think I have an idea how to construct them
> but also I'd like to transmit them to a host.
>
> Courtesy of bit-struct I am able to craft and fill in the headers of an
> IPv4 datagram with ease, but transmitting this information is not so
> easy. What I'd like to know is is there some specific syntax using
> Socket#new for just transmitting packets not to any specific TCP port?,
> this is a snippet from the script:
>
> ------------------------------------------------------------------------------
> class IP < BitStruct
> unsigned :ip_v, 4, "Version"
> unsigned :ip_hl, 4, "Header length"
> unsigned :ip_tos, 8, "TOS"
> unsigned :ip_len, 16, "Length"
> unsigned :ip_id, 16, "ID"
> unsigned :ip_off, 16, "Frag offset"
> unsigned :ip_ttl, 8, "TTL"
> unsigned :ip_p, 8, "Protocol"
> unsigned :ip_sum, 16, "Checksum"
> octets :ip_src, 32, "Source addr"
> octets :ip_dst, 32, "Dest addr"
> rest :body, "Body of message"
>
> note " rest is application defined message body"
>
> initial_value.ip_v = 4
> initial_value.ip_hl = 5
> end
>
> def mk_dgram(src_ip,dst_ip,src_h,dst_h)
> arp_msg = ['1', '0x800', '6', '4', '2', src_h, src_ip, dst_h,
> dst_ip]
>
> ip = IP.new
> ip.ip_tos = 0
> ip.ip_len = 0
> ip.ip_id = 0
> ip.ip_off = 0
> ip.ip_ttl = 255
> ip.ip_p = 255
> ip.ip_sum = 0
> ip.ip_src = src_ip
> ip.ip_dst = dst_ip
> ip.body = arp_msg.to_s
> ip.ip_len = ip.length
> puts ip.inspect_detailed
>
> # TRANSMISSION CODE WOULD GO HERE
> # .....
> end
> -----------------------------------------------------------------------------
>
> Now I'm stuck with transmitting this datagram, any idea how I would
> implement this?. Also I'm just taking a guess there as how to craft an
> ARP Message encapsulated in an IP datagram so if you know the correct
> way of doing that too your feedback is much appreciated.
>
> I apologize in advance if this was not an appropriate place to post this
> subject .
>
>
> --
> Posted via http://www.ruby-....
>
>


--
http://nohmad.su...

Kevin Waters

7/25/2006 7:34:00 PM

0

Gyoung-Yoon Noh wrote:
> You can achieve the goal using Array#pack / String#unpack by
> hand. But there are already good libraries supporting C function
> calling and type conversion in Ruby: ruby-dl2[1], ruby-dlx[2].
>
> [1]:
> http://rubyforge.org/cgi-bin/viewvc.cgi/ruby-dl2/doc/struct.txt?revision=1.2&root=ruby-dl2&v...
> [2]: http://ruby-dlx.ruby...
>
> HTH,

Array#pack / Array#unpack is useful for packaging the datagram yes, what
I want to know is what Class#method would I use to transmit an ARP
message contained in a datagram since it's not going to any TCP port,
it's just a broadcast arp message.

--
Posted via http://www.ruby-....

Gyoung-Yoon Noh

7/27/2006 2:09:00 AM

0

Sorry for misreading you post.

I'd like to say that I haven't done such a thing before.
However, I just found that arping[1] uses the libnet[2] library,
which also has Ruby binding[3].
Sorry for telling without doing.

[1]: http://www.habets.pp.se/synscan/programs.php?p...
[2]: http://www.packetfactory.n...
[3]: http://www.shmoo.com/~bmc/soft...

Regards,


On 7/26/06, Kevin Waters <ooberyoozer@gmail.com> wrote:
> Gyoung-Yoon Noh wrote:
> > You can achieve the goal using Array#pack / String#unpack by
> > hand. But there are already good libraries supporting C function
> > calling and type conversion in Ruby: ruby-dl2[1], ruby-dlx[2].
> >
> > [1]:
> > http://rubyforge.org/cgi-bin/viewvc.cgi/ruby-dl2/doc/struct.txt?revision=1.2&root=ruby-dl2&v...
> > [2]: http://ruby-dlx.ruby...
> >
> > HTH,
>
> Array#pack / Array#unpack is useful for packaging the datagram yes, what
> I want to know is what Class#method would I use to transmit an ARP
> message contained in a datagram since it's not going to any TCP port,
> it's just a broadcast arp message.
>
> --
> Posted via http://www.ruby-....
>
>


--
http://nohmad.su...