#!/bin/sh
# The ARP Scanner (arp-scan) is Copyright (C) 2005-2011 Roy Hills,
# NTA Monitor Ltd.
#
# This file is part of arp-scan.
#
# arp-scan is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# arp-scan is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with arp-scan.  If not, see <http://www.gnu.org/licenses/>.
#
# $Id: check-decode 18136 2011-02-25 21:29:45Z rsh $
#
# check-decode - Shell script to test arp-scan packet decoding
#
# Author: Roy Hills
# Date: 30 January 2011
#
# This script checks that arp-scan decodes and displays ARP response packets
# correctly. It uses the undocumented arp-scan option --readpktfromfile to
# read the packet from a file rather than from the network.
#

ARPSCANOUTPUT=/tmp/arp-scan-output.$$.tmp
EXAMPLEOUTPUT=/tmp/example-output.$$.tmp
#
SAMPLE01="$srcdir/pkt-simple-response.pcap"
SAMPLE02="$srcdir/pkt-padding-response.pcap"
SAMPLE03="$srcdir/pkt-vlan-response.pcap"
SAMPLE04="$srcdir/pkt-llc-response.pcap"
SAMPLE05="$srcdir/pkt-net1921681-response.pcap"
SAMPLE06="$srcdir/pkt-trailer-response.pcap"
SAMPLE07="$srcdir/pkt-vlan-llc-response.pcap"

# Simple ARP response packet
echo "Checking simple ARP response packet decode using $SAMPLE01 ..."
cat >$EXAMPLEOUTPUT <<_EOF_
127.0.0.1	08:00:2b:06:07:08	DIGITAL EQUIPMENT CORPORATION

_EOF_
ARPARGS="--retry=1 --ouifile=$srcdir/ieee-oui.txt --iabfile=$srcdir/ieee-iab.txt --macfile=$srcdir/mac-vendor.txt"
$srcdir/arp-scan $ARPARGS --readpktfromfile=$SAMPLE01 127.0.0.1 | grep -v '^Starting arp-scan ' | grep -v '^Interface: ' | grep -v '^Ending arp-scan ' | grep -v '^[0-9]* packets received ' > $ARPSCANOUTPUT 2>&1
if test $? -ne 0; then
   rm -f $ARPSCANOUTPUT
   rm -f $EXAMPLEOUTPUT
   echo "FAILED"
   exit 1
fi
cmp -s $ARPSCANOUTPUT $EXAMPLEOUTPUT
if test $? -ne 0; then
   rm -f $ARPSCANOUTPUT
   rm -f $EXAMPLEOUTPUT
   echo "FAILED"
   exit 1
fi
echo "ok"
rm -f $ARPSCANOUTPUT
rm -f $EXAMPLEOUTPUT

# Simple ARP response packet with non zero padding
echo "Checking padded ARP response packet decode using $SAMPLE02 ..."
cat >$EXAMPLEOUTPUT <<_EOF_
127.0.0.1	08:00:2b:06:07:08	DIGITAL EQUIPMENT CORPORATION	Padding=55aa55aa55aa55aa55aa55aa55aa55aa55aa

_EOF_
ARPARGS="--retry=1 --ouifile=$srcdir/ieee-oui.txt --iabfile=$srcdir/ieee-iab.txt --macfile=$srcdir/mac-vendor.txt --verbose"
$srcdir/arp-scan $ARPARGS --readpktfromfile=$SAMPLE02 127.0.0.1 | grep -v '^Starting arp-scan ' | grep -v '^Interface: ' | grep -v '^Ending arp-scan ' | grep -v '^[0-9]* packets received ' > $ARPSCANOUTPUT 2>&1
if test $? -ne 0; then
   rm -f $ARPSCANOUTPUT
   rm -f $EXAMPLEOUTPUT
   echo "FAILED"
   exit 1
fi
cmp -s $ARPSCANOUTPUT $EXAMPLEOUTPUT
if test $? -ne 0; then
   rm -f $ARPSCANOUTPUT
   rm -f $EXAMPLEOUTPUT
   echo "FAILED"
   exit 1
fi
echo "ok"
rm -f $ARPSCANOUTPUT
rm -f $EXAMPLEOUTPUT

# ARP response packet with 802.1Q VLAN tag
echo "Checking 802.1Q ARP response packet decode using $SAMPLE03 ..."
cat >$EXAMPLEOUTPUT <<_EOF_
127.0.0.1	08:00:2b:06:07:08	DIGITAL EQUIPMENT CORPORATION (802.1Q VLAN=4095)

_EOF_
ARPARGS="--retry=1 --ouifile=$srcdir/ieee-oui.txt --iabfile=$srcdir/ieee-iab.txt --macfile=$srcdir/mac-vendor.txt"
$srcdir/arp-scan $ARPARGS --readpktfromfile=$SAMPLE03 127.0.0.1 | grep -v '^Starting arp-scan ' | grep -v '^Interface: ' | grep -v '^Ending arp-scan ' | grep -v '^[0-9]* packets received ' > $ARPSCANOUTPUT 2>&1
if test $? -ne 0; then
   rm -f $ARPSCANOUTPUT
   rm -f $EXAMPLEOUTPUT
   echo "FAILED"
   exit 1
fi
cmp -s $ARPSCANOUTPUT $EXAMPLEOUTPUT
if test $? -ne 0; then
   rm -f $ARPSCANOUTPUT
   rm -f $EXAMPLEOUTPUT
   echo "FAILED"
   exit 1
fi
echo "ok"
rm -f $ARPSCANOUTPUT
rm -f $EXAMPLEOUTPUT

# ARP response packet with 802.2 LLC/SNAP encapsulation
echo "Checking LLC/SNAP ARP response packet decode using $SAMPLE04 ..."
cat >$EXAMPLEOUTPUT <<_EOF_
127.0.0.1	08:00:2b:06:07:08	DIGITAL EQUIPMENT CORPORATION (802.2 LLC/SNAP)

_EOF_
ARPARGS="--retry=1 --ouifile=$srcdir/ieee-oui.txt --iabfile=$srcdir/ieee-iab.txt --macfile=$srcdir/mac-vendor.txt"
$srcdir/arp-scan $ARPARGS --readpktfromfile=$SAMPLE04 127.0.0.1 | grep -v '^Starting arp-scan ' | grep -v '^Interface: ' | grep -v '^Ending arp-scan ' | grep -v '^[0-9]* packets received ' > $ARPSCANOUTPUT 2>&1
if test $? -ne 0; then
   rm -f $ARPSCANOUTPUT
   rm -f $EXAMPLEOUTPUT
   echo "FAILED"
   exit 1
fi
cmp -s $ARPSCANOUTPUT $EXAMPLEOUTPUT
if test $? -ne 0; then
   rm -f $ARPSCANOUTPUT
   rm -f $EXAMPLEOUTPUT
   echo "FAILED"
   exit 1
fi
echo "ok"
rm -f $ARPSCANOUTPUT
rm -f $EXAMPLEOUTPUT

# 56 ARP responses from a Class-C sized network with various vendors
echo "Checking 192.168.1.0/24 ARP response packet decode using $SAMPLE05 ..."
cat >$EXAMPLEOUTPUT <<_EOF_
192.168.1.3	00:0b:cd:26:aa:78	Hewlett Packard
192.168.1.4	00:08:02:e2:e3:2b	Hewlett Packard
192.168.1.7	00:0b:cd:3d:4f:2a	Hewlett Packard
192.168.1.5	00:02:a5:90:c3:e6	Hewlett Packard
192.168.1.6	00:c0:9f:3f:3d:70	QUANTA COMPUTER, INC.
192.168.1.8	00:02:a5:a9:27:29	Hewlett Packard
192.168.1.9	00:02:a5:f9:33:8d	Hewlett Packard
192.168.1.10	00:08:02:89:b3:cb	Hewlett Packard
192.168.1.11	00:0f:1f:5c:d1:13	WW PCBA Test
192.168.1.12	00:02:a5:de:c2:17	Hewlett Packard
192.168.1.14	00:c0:9f:0b:91:d1	QUANTA COMPUTER, INC.
192.168.1.13	00:08:02:1f:0e:42	Hewlett Packard
192.168.1.16	00:18:8b:7a:fe:28	Dell
192.168.1.17	00:12:3f:d4:41:86	Dell Inc
192.168.1.18	00:21:9b:18:bd:e2	Dell Inc
192.168.1.20	00:21:70:0a:5d:42	Dell Inc
192.168.1.22	00:12:3f:27:bb:ae	Dell Inc
192.168.1.21	00:25:64:e7:ad:e2	Dell Inc.
192.168.1.23	00:21:70:0b:34:c8	Dell Inc
192.168.1.24	00:1a:a0:9e:fd:06	Dell Inc
192.168.1.26	00:08:74:bb:2a:33	Dell Computer Corp.
192.168.1.25	00:25:64:e7:b3:d6	Dell Inc.
192.168.1.28	00:18:8b:7a:fe:82	Dell
192.168.1.31	00:12:3f:d4:41:85	Dell Inc
192.168.1.35	00:12:3f:26:72:eb	Dell Inc
192.168.1.37	00:18:8b:7a:fe:10	Dell
192.168.1.43	00:12:3f:d4:40:ae	Dell Inc
192.168.1.41	00:12:3f:ae:bd:02	Dell Inc
192.168.1.48	00:12:3f:ae:a3:c5	Dell Inc
192.168.1.51	00:08:74:c0:40:ce	Dell Computer Corp.
192.168.1.49	00:0f:1f:5c:c2:ae	WW PCBA Test
192.168.1.68	f0:4d:a2:84:7c:07	Dell Inc.
192.168.1.73	00:11:25:83:92:e9	IBM Corp
192.168.1.89	00:21:9b:18:a4:84	Dell Inc
192.168.1.102	00:25:64:3d:98:5a	Dell Inc.
192.168.1.104	00:0c:29:ec:85:39	VMware, Inc.
192.168.1.105	00:13:72:09:ad:76	Dell Inc.
192.168.1.148	00:90:27:9d:2a:0b	INTEL CORPORATION
192.168.1.154	00:0c:30:85:58:9d	Cisco
192.168.1.155	00:10:db:74:d0:52	Juniper Networks, Inc.
192.168.1.187	00:00:aa:a1:b3:60	XEROX CORPORATION
192.168.1.189	00:14:38:93:93:7e	Hewlett Packard
192.168.1.196	00:15:99:5d:d5:26	Samsung Electronics Co., LTD
192.168.1.195	00:15:99:61:08:30	Samsung Electronics Co., LTD
192.168.1.202	00:d0:b7:25:61:6c	INTEL CORPORATION
192.168.1.204	00:11:43:0f:f2:dd	DELL INC.
192.168.1.205	00:02:b3:91:20:2a	Intel Corporation
192.168.1.207	00:12:3f:ec:cf:a0	Dell Inc
192.168.1.206	00:c0:9f:39:f7:f2	QUANTA COMPUTER, INC.
192.168.1.222	00:90:27:9d:48:90	INTEL CORPORATION
192.168.1.192	00:01:e6:27:27:6e	Hewlett-Packard Company
192.168.1.234	00:c0:9f:0d:00:9a	QUANTA COMPUTER, INC.
192.168.1.245	00:0b:5f:d2:34:21	Cisco Systems
192.168.1.246	00:13:80:53:cd:79	Cisco Systems
192.168.1.250	00:12:00:2f:18:c0	Cisco
192.168.1.251	00:04:27:6a:5d:a1	Cisco Systems, Inc.

_EOF_
ARPARGS="--retry=1 --ouifile=$srcdir/ieee-oui.txt --iabfile=$srcdir/ieee-iab.txt --macfile=$srcdir/mac-vendor.txt"
$srcdir/arp-scan $ARPARGS --readpktfromfile=$SAMPLE05 192.168.1.0/24 | grep -v '^Starting arp-scan ' | grep -v '^Interface: ' | grep -v '^Ending arp-scan ' | grep -v '^[0-9]* packets received ' > $ARPSCANOUTPUT 2>&1
if test $? -ne 0; then
   rm -f $ARPSCANOUTPUT
   rm -f $EXAMPLEOUTPUT
   echo "FAILED"
   exit 1
fi
cmp -s $ARPSCANOUTPUT $EXAMPLEOUTPUT
if test $? -ne 0; then
   rm -f $ARPSCANOUTPUT
   rm -f $EXAMPLEOUTPUT
   echo "FAILED"
   exit 1
fi
echo "ok"
rm -f $ARPSCANOUTPUT
rm -f $EXAMPLEOUTPUT

# Simple ARP response packet using IPstart-IPend target syntax
echo "Checking IP range ARP response packet decode using $SAMPLE01 ..."
cat >$EXAMPLEOUTPUT <<_EOF_
127.0.0.1	08:00:2b:06:07:08	DIGITAL EQUIPMENT CORPORATION

_EOF_
ARPARGS="--retry=1 --ouifile=$srcdir/ieee-oui.txt --iabfile=$srcdir/ieee-iab.txt --macfile=$srcdir/mac-vendor.txt"
$srcdir/arp-scan $ARPARGS --readpktfromfile=$SAMPLE01 127.0.0.1-127.0.0.9 | grep -v '^Starting arp-scan ' | grep -v '^Interface: ' | grep -v '^Ending arp-scan ' | grep -v '^[0-9]* packets received ' > $ARPSCANOUTPUT 2>&1
if test $? -ne 0; then
   rm -f $ARPSCANOUTPUT
   rm -f $EXAMPLEOUTPUT
   echo "FAILED"
   exit 1
fi
cmp -s $ARPSCANOUTPUT $EXAMPLEOUTPUT
if test $? -ne 0; then
   rm -f $ARPSCANOUTPUT
   rm -f $EXAMPLEOUTPUT
   echo "FAILED"
   exit 1
fi
echo "ok"
rm -f $ARPSCANOUTPUT
rm -f $EXAMPLEOUTPUT

# Simple ARP response packet using network:mask target syntax
# We use a /22 (255.255.252.0) because this gives more than 1000 hosts, which
# causes the list allocation code to call realloc().
echo "Checking IP net:mask ARP response packet decode using $SAMPLE01 ..."
cat >$EXAMPLEOUTPUT <<_EOF_
127.0.0.1	08:00:2b:06:07:08	DIGITAL EQUIPMENT CORPORATION

_EOF_
ARPARGS="--retry=1 --ouifile=$srcdir/ieee-oui.txt --iabfile=$srcdir/ieee-iab.txt --macfile=$srcdir/mac-vendor.txt"
$srcdir/arp-scan $ARPARGS --readpktfromfile=$SAMPLE01 127.0.0.0:255.255.252.0 | grep -v '^Starting arp-scan ' | grep -v '^Interface: ' | grep -v '^Ending arp-scan ' | grep -v '^[0-9]* packets received ' > $ARPSCANOUTPUT 2>&1
if test $? -ne 0; then
   rm -f $ARPSCANOUTPUT
   rm -f $EXAMPLEOUTPUT
   echo "FAILED"
   exit 1
fi
cmp -s $ARPSCANOUTPUT $EXAMPLEOUTPUT
if test $? -ne 0; then
   rm -f $ARPSCANOUTPUT
   rm -f $EXAMPLEOUTPUT
   echo "FAILED"
   exit 1
fi
echo "ok"
rm -f $ARPSCANOUTPUT
rm -f $EXAMPLEOUTPUT

# Simple ARP response packet with trailer ARP reply.
echo "Checking trailer ARP response packet decode using $SAMPLE06 ..."
cat >$EXAMPLEOUTPUT <<_EOF_
127.0.0.1	08:00:2b:12:34:56	DIGITAL EQUIPMENT CORPORATION
127.0.0.1	08:00:2b:12:34:56	DIGITAL EQUIPMENT CORPORATION (ARP Proto=0x1000) (DUP: 2)

_EOF_
ARPARGS="--retry=1 --ouifile=$srcdir/ieee-oui.txt --iabfile=$srcdir/ieee-iab.txt --macfile=$srcdir/mac-vendor.txt"
$srcdir/arp-scan $ARPARGS --readpktfromfile=$SAMPLE06 127.0.0.1 | grep -v '^Starting arp-scan ' | grep -v '^Interface: ' | grep -v '^Ending arp-scan ' | grep -v '^[0-9]* packets received ' > $ARPSCANOUTPUT 2>&1
if test $? -ne 0; then
   rm -f $ARPSCANOUTPUT
   rm -f $EXAMPLEOUTPUT
   echo "FAILED"
   exit 1
fi
cmp -s $ARPSCANOUTPUT $EXAMPLEOUTPUT
if test $? -ne 0; then
   rm -f $ARPSCANOUTPUT
   rm -f $EXAMPLEOUTPUT
   echo "FAILED"
   exit 1
fi
echo "ok"
rm -f $ARPSCANOUTPUT
rm -f $EXAMPLEOUTPUT

# 802.1Q LLC ARP response packet
echo "Checking 802.1Q LLC ARP response packet decode using $SAMPLE07 ..."
cat >$EXAMPLEOUTPUT <<_EOF_
127.0.0.1	08:00:2b:06:07:08	DIGITAL EQUIPMENT CORPORATION (802.2 LLC/SNAP) (802.1Q VLAN=100)

_EOF_
ARPARGS="--retry=1 --ouifile=$srcdir/ieee-oui.txt --iabfile=$srcdir/ieee-iab.txt --macfile=$srcdir/mac-vendor.txt"
$srcdir/arp-scan $ARPARGS --readpktfromfile=$SAMPLE07 127.0.0.1 | grep -v '^Starting arp-scan ' | grep -v '^Interface: ' | grep -v '^Ending arp-scan ' | grep -v '^[0-9]* packets received ' > $ARPSCANOUTPUT 2>&1
if test $? -ne 0; then
   rm -f $ARPSCANOUTPUT
   rm -f $EXAMPLEOUTPUT
   echo "FAILED"
   exit 1
fi
cmp -s $ARPSCANOUTPUT $EXAMPLEOUTPUT
if test $? -ne 0; then
   rm -f $ARPSCANOUTPUT
   rm -f $EXAMPLEOUTPUT
   echo "FAILED"
   exit 1
fi
echo "ok"
rm -f $ARPSCANOUTPUT
rm -f $EXAMPLEOUTPUT
