using ruby packetfu to send raw TCP packet- need destination MAC address?

Question

I'm using Ruby packetfu library to construct and send raw packets. I can get it working, but there is something that I think I'm doing wrong. (btw, ruby+packetfu really get the whole raw packet manipulation easy..)

here's my code: (the MAC addresses were masked a bit)

            packet.eth_saddr = "XX:XX:88:XX:03:BD"
            packet.eth_daddr = "XX:6D:57:AD:XX:A3"

            packet.ip_header.ip_saddr="192.168.0.16"
            packet.ip_header.ip_daddr="192.168.0.13"

and when I call packet.to_w('eth0'), it gets delivered. as you can see it's the MAC address that's causing me to scratch my head. it's really inconvenient to having to figure out the destination MAC address every time you need to send a packet... I've tested that the source MAC address is not so important, it will still work without it. but the destination MAC address is a must(the packet won't go out without it).

and I don't recall having to do this in C with raw sockets... and it would suck if i need to do an ARP before I put the packet on the wire, and worse, do a DNS query or something if I'm sending the packet to the internet....

I think I'm missing something here, like a one-liner i need to call.. but I can't figure it out after reading through the code and docs of packetfu....

anyone?

Answer 1

PacketFu doesn't maintain a state table or anything like that. So, determining a destination address is going to require some arp-like functionality that you will need to implement yourself where it's appropriate. PacketFu::Utils.arp("192.168.0.13") is usually enough to get going.

If you are replying to a packet you've seen, another technique is to simply copy out the MAC address of that packet.

Finally, if you know for sure that your destination is beyond the local network, and, like most networks, you have a single gateway, you can just use your gateway's mac address. PacketFu::Utils.whoami? can help you get that information.