Lone Star Ruby Conf 2008: Packet-Fu with Ruby
Packet-Fu is geared towards attendees with some experience with implementing scripts using Python’s Scapy and Perl’s Net::RawIP, and provides a gentle introduction to low-level socket programming with Ruby and PcapRub using object-oriented design concepts.
Since the Ruby reimplementation of Metasploit in 2007, Ruby has become an essential scripting language for security professionals, yet Ruby’s packet inspection, generation, and manipulation capabilities have remained fairly occult and under-documented. With the release of “Scooby,” a honeypot demasking application, Tod hopes to convert a few Python/Perl coders to Ruby by virtue of a reasonably stable and well-documented reference implementation of Ruby packet-fu.
Major areas of focus include:
- “Yet Another Packet Factory” : Design considerations for Scooby as an alternative to Scruby
- “An IDS in Five Lines or Less” : Packet sniffing a la ngrep/Snort/etc.
- “Irb is the new Hping” : Interactive packet injection with irb
- “Unmasking Honeypots” : Applied remote OS fingerprinting