nfrb

Nfrb is a very simple yet fast gem that can be used to parse nfcapd files.

Installation

Via Github, for development

~# git clone git://github.com/dguerri/nfrb.git
~# cd nfrb
~# bundle install
~# rake install

Via Rubygems

~# gem install nfrb

Bundler

gem "nfrb", "~> 0.1.2"

Usage

Sample code

nfrb-bech.rb:

require 'nfrb'

raise ArgumentError, "Missing nfcapd files" if ARGV.count < 1

nfparser = NfRb::NfReader.new

i=0
start_t = Time.now

nfparser.process_files(ARGV) do |flow|
# puts flow.inspect(); 
  i+=1 
end

stop_t = Time.now

puts "#{i} flows processed in #{stop_t - start_t} seconds."
puts "Flows per seconds = #{i / (stop_t - start_t)}"

Sample output benchmark (3.4 Ghz Intel Core i7)

# bundle exec ruby nfrb-bech.rb nfcapd.201112181720 
325602 flows processed in 0.67114 seconds.
Flows per seconds = 488513.404029311

Copyright

Copyright © 2011-2012 Davide Guerri. See LICENSE.txt for further details.