Commit f55e601c authored by Tails developers's avatar Tails developers
Browse files

Add a basic sniffer feature.

parent 982f68fd
......@@ -3,6 +3,11 @@ Given /^a freshly started Tails$/ do
@screen.wait('WelcometoTai-1.png', 500)
Given /^the network traffic is sniffed$/ do
@sniffer ="TestSniffer", "virbr0", "")
When /^I log in a new session$/ do'Logln.png')
......@@ -10,3 +15,8 @@ end
Then /^I should see YourbrowserT\.png$/ do
@screen.wait('YourbrowserT.png', 300)
Then /^the network traffic should flow only through Tor$/ do
puts "Got #{@sniffer.packets.count} packets"
......@@ -3,7 +3,9 @@ Feature: Iceweasel must be torified.
Given a freshly started Tails
And the network traffic is sniffed
Scenario: See check.torproject green page on session startup
When I log in a new session
Then I should see YourbrowserT.png
And the network traffic should flow only through Tor
# There should be a way to tests against network traffic. Possible pathes
# are the use of the pcap gem, use of iptables, or maybe the most promising:
# use the nfqueue gem to be able to inspect packets directly.
# Sniffer is a very dumb wrapper to start and stop tcpdumps instances, possibly
# with customized filters. Captured traffic is stored in files whose name
# depends on the sniffer name. The resulting captured packets for each sniffers
# can be accessed as an array through its `packets` method.
# Use of more jrubyish internal ways to sniff a network like with pcap-able gems
# is waaay to much resource consumming, notmuch reliable and soooo slow. Let's
# not bother too much with that. :)
# Scenario: Iceweasel should connect only through Tor
# Given I open Iceweasel
# When I browse to http://any.url
# Then the network traffic should flow only through Tor
# Should put all that in a Module.
require 'packetfu'
class Sniffer
attr_reader :name, :pcap_file, :pid
# TODO: some parameters here should rather be variables from the VM class
# (iface, ip)
def initialize(name, br_iface, ip)
@name = name
@br_iface = br_iface
@ip = ip
@pcap_file = "#{ENV['PWD']}/#{name}.pcap"
def capture(filter="tcp and src host #{@ip}")
# TODO: Eventually find a more quiet on exit app than tcpdump.
job = IO.popen("tcpdump -i #{@br_iface} -w #{@pcap_file} -U #{filter}")
@pid =
def stop
Process.kill("TERM", @pid)
# Return an array of PacketFu packets from @pcap_file ready to be parsed.
def packets
p = => @pcap_file)
pkts = []
p.each {|packet| pkts << PacketFu::Packet.parse(packet)}
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment