Class: Mu::Pcap::Header

Inherits:
Object
  • Object
show all
Defined in:
lib/diy/parser/mu/pcap/header.rb

Constant Summary collapse

BIG_ENDIAN_FORMAT =
'nnNNNN'
LITTLE_ENDIAN_FORMAT =
'vvVVVV'
UNSUPPORTED_FORMATS =
{ 
    0x474D4255 => "NetMon", # "GMBU"
    0x5452534E => "NA Sniffer (DOS)" # Starts with "TRSNIFF data"
}

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initializeHeader

Returns a new instance of Header.



20
21
22
23
24
25
26
27
28
# File 'lib/diy/parser/mu/pcap/header.rb', line 20

def initialize
    @magic = BIG_ENDIAN
    @version_major = 2
    @version_minor = 4
    @thiszone = 0
    @sigfigs = 0
    @snaplen = 1500
    @linktype = DLT_NULL
end

Instance Attribute Details

#linktypeObject

Returns the value of attribute linktype.



9
10
11
# File 'lib/diy/parser/mu/pcap/header.rb', line 9

def linktype
  @linktype
end

#magicObject

Returns the value of attribute magic.



9
10
11
# File 'lib/diy/parser/mu/pcap/header.rb', line 9

def magic
  @magic
end

#sigfigsObject

Returns the value of attribute sigfigs.



9
10
11
# File 'lib/diy/parser/mu/pcap/header.rb', line 9

def sigfigs
  @sigfigs
end

#snaplenObject

Returns the value of attribute snaplen.



9
10
11
# File 'lib/diy/parser/mu/pcap/header.rb', line 9

def snaplen
  @snaplen
end

#thiszoneObject

Returns the value of attribute thiszone.



9
10
11
# File 'lib/diy/parser/mu/pcap/header.rb', line 9

def thiszone
  @thiszone
end

#version_majorObject

Returns the value of attribute version_major.



9
10
11
# File 'lib/diy/parser/mu/pcap/header.rb', line 9

def version_major
  @version_major
end

#version_minorObject

Returns the value of attribute version_minor.



9
10
11
# File 'lib/diy/parser/mu/pcap/header.rb', line 9

def version_minor
  @version_minor
end

Class Method Details

.read(ios) ⇒ Object



30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
# File 'lib/diy/parser/mu/pcap/header.rb', line 30

def self.read ios
    header = Header.new
    bytes = ios.read 24
    Pcap.assert bytes, 'PCAP header missing'
    Pcap.assert bytes.length == 24, 'Truncated PCAP header: ' +
        "expected 24 bytes, got #{bytes.length} bytes"
    header.magic, _ = bytes[0, 4].unpack 'N'
    if header.magic == BIG_ENDIAN
        format = BIG_ENDIAN_FORMAT
    elsif header.magic == LITTLE_ENDIAN
        format = LITTLE_ENDIAN_FORMAT
    else 
        format = UNSUPPORTED_FORMATS[header.magic]
        if format.nil?
            err = "Unsupported packet capture format. "
        else
            err = "#{format} capture files are not supported. "
        end
        raise ParseError, err
    end
    header.version_major, header.version_minor, header.thiszone,
        header.sigfigs, header.snaplen, header.linktype = 
        bytes[4..-1].unpack format
    return header
end

Instance Method Details

#==(other) ⇒ Object



62
63
64
65
66
67
68
69
70
71
# File 'lib/diy/parser/mu/pcap/header.rb', line 62

def == other
    return self.class      == other.class &&
        self.magic         == other.magic &&
        self.version_major == other.version_major &&
        self.version_minor == other.version_minor &&
        self.thiszone      == other.thiszone &&
        self.sigfigs       == other.sigfigs &&
        self.snaplen       == other.snaplen &&
        self.linktype      == other.linktype
end

#write(io) ⇒ Object



56
57
58
59
60
# File 'lib/diy/parser/mu/pcap/header.rb', line 56

def write io
    bytes = [BIG_ENDIAN, @version_major, @version_minor, @thiszone,
             @sigfigs, @snaplen, DLT_EN10MB].pack('N' + BIG_ENDIAN_FORMAT)
    io.write bytes
end