Bycoque

A network library to build network measurement tools.

Purpose

Ever wanted to send a weird packet on the Internet and see what happen? interested in accurate timestamping of these packets?

... Then bycoque might be the tool you need.

In fact, when designing tools to be run from end users computers like it is se case sometimes, you have little control over the machines, the OS and its configuration.

Goals

• Portability: use libpcap
• Accuracy: use libpcap
• Code readability: use Ruby

You can use bycoque for many things, from tracerouting, to port scanning, active or passive monitoring and of course delays measurements.

Bycoque is NOT a protocol implementation, nor it does interpretation of packets (except when you're using the prebuilt probes), it's only a encoder/decoder for data packets.

You are welcome to discuss or comment bycoque, send us patches or bug-reports. In short, help is welcomed.

You can ask for help via email, except if you intent to use bycoque for evil purposes.

Status of the tool

Design features

Current features are:

• Portable
• Sniff and inject packets
• Easy matching of packets
• Easy retrieval of timestamps

Experimental ones are:

• Smart link layer hardware resolution

Missing ones are:

• Many protocols
• Auto documentations of protocols
• Accurate intervals when sending trains of packets
• Path measurement techniques

Protocols

• Ethernet
• ARP
• IPv4 + Options
• ICMP
• TCP + Options
• UDP

Examples

High level

• N `pings' to a server, with ICMP packets of increasing size, and through the `wlan0' interface.

  #!/usr/bin/env ruby
  # bycoqueping.rb
  require 'rubygems'
  require 'bycoque'
  require 'bycoque/probes/ping'
  
  if ARGV.size < 2
    p 'usage: # bycoqueping.rb < iface > < ip > [count=10] [step=10]'
    exit
  end
  iface  = ARGV.shift
  ip     = ARGV.shift
  count  = (ARGV.shift || 10).to_i
  step   = (ARGV.shift || 10).to_i
  
  if (step * count) > 1450
    p "'count * step' should be lower than 1450"
    exit
  end
  
  @bycoque = Bycoque.new iface
  pings = (1 .. count).map{|i| ICMPPing.new( ip, {:size => 50+step*i} ) }
  p @bycoque.perform pings
  

  You can notice that the longest part is the argument parsing, not the one that involve the network, thus you can focus on your tool and not on the packet forging sorcery.
• More in the code and in the examples directory

Low level

Misc

bycoque is a transmutation of the word "bicoque" which means a small, dirty house in French.