Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/usr/bin/env ruby
- require 'socket'
- require 'pcaprub'
- require 'packetfu'
- IDENTIFY_TTL = 105
- interface = 'eth0'
- DUPS = 1 # number of duplicated packet(s)
- SIOCGIFINDEX = 0x8933
- rsock = Socket.new(Socket::AF_PACKET, Socket::SOCK_RAW, Socket::IPPROTO_RAW)
- ifreq = [interface.dup].pack('a32')
- rsock.ioctl(SIOCGIFINDEX, ifreq)
- rsock.bind([Socket::AF_PACKET].pack('s') + [Socket::IPPROTO_RAW].pack('n') + ifreq[16..20]+ ("\x00" * 12)) #let's blame ruby
- localaddrs = Socket.ip_address_list.select{|intf| intf.ipv4? or intf.ipv4_private? and !intf.ipv4_loopback? and !intf.ipv4_multicast? }
- capture = PCAPRUB::Pcap.open_live(interface, 65535, true, 0)
- filter = localaddrs.map{|addr| "src host #{addr.ip_address}" }.join(' or ') + ' and tcp'
- capture.setfilter(filter)
- begin
- capture.each do |pkt|
- pktf = PacketFu::IPPacket.parse pkt
- if pktf.ip_ttl != IDENTIFY_TTL
- pktf.ip_ttl = IDENTIFY_TTL
- begin
- DUPS.times { rsock.sendmsg_nonblock pktf.to_s }
- rescue => e
- p e
- end
- end
- end
- ensure
- capture.close
- rsock.close
- end
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
