Sunday, March 2, 2008

Racket -- Ruby Raw Packet Fun

This is one of those projects that I've been sitting on for a good 6+ months. Only over the last 2-3 have things really started to come together. I am happy to release Racket, a Ruby gem designed for crafting and analyzing raw packets.

Towards the end of the initial development of Racket, I caught wind of Scruby because that is what Metasploit 3 is using for much (most?) of its raw packet duties. In the TMTOWTDI spirit, I kept up development and actually think that Racket's purpose is a bit different than that of Scruby.

Installation is fairly simple:

gem install --source http://spoofed.org/files/racket racket

Documentation and examples are published but need some touching up. Among some of the more amusing/useful examples are:

  • cdp-spew: exactly what it sounds like. Creates and floods the network with random Cisco Discovery Protocol (CDP) packets
  • hsrp_takeover: passively listens for and actively performs "takeovers" for all discovered Hot Standby Router Protocol (HSRP) instances
  • tcp2udp: Listens for any tcp traffic and turns the packet back around, sending it back at the source as a UDP datagram. No point

Racket requires that you have Joel VanderWerf's BitStruct and Marshall Beddoe's PcapRub installed.

Enjoy! Comments or suggestions are welcomed.

2 comments:

Chaz6 said...

$ ruby
require 'rubygems'
require 'racket'
^D

/usr/lib/ruby/gems/bit-struct-0.13.6/lib/bit-struct/bit-struct.rb:169:in `add_field': Field length is already defined as a method. (BitStruct::FieldNameError)
from /usr/lib/ruby/gems/bit-struct-0.13.6/lib/bit-struct/fields.rb:208:in `unsigned'
from /usr/lib/ruby/gems/racket-1.0.0/lib/l2/eightotwodotthree.rb:35:in `<class:EightOTwoDotThree>'

Anonymous said...

I realize I'm a bit behind the times here with my comment but I got the same error. I was able to solve it by switching my ruby version back to 1.8.7 ... yayyy for RVM.