Class: PacketFu::PcapPacket

Inherits:

Struct

• Object
• Struct
• PacketFu::PcapPacket

Includes:

StructFu

Defined in:

lib/packetfu/pcap.rb

Overview

PcapPacket defines how individual packets are stored in a libpcap-formatted file.

Header Definition

Timestamp :timestamp Int32 :incl_len Int32 :orig_len String :data

Instance Attribute Summary

• #data ⇒ Object

  Returns the value of attribute data.

• #endian ⇒ Object

  Returns the value of attribute endian.

• #incl_len ⇒ Object

  Returns the value of attribute incl_len.

• #orig_len ⇒ Object

  Returns the value of attribute orig_len.

• #timestamp ⇒ Object

  Returns the value of attribute timestamp.

Instance Method Summary

• #init_fields(args = {}) ⇒ Object

  Called by initialize to set the initial fields.

• #initialize(args = {}) ⇒ PcapPacket constructor

  A new instance of PcapPacket.

• #read(str) ⇒ Object

  Reads a string to populate the object.

• #to_s ⇒ Object

  Returns the object in string form.

Methods included from StructFu

#body=, #clone, #set_endianness, #sz, #typecast

Methods inherited from Struct

#force_binary

Constructor Details

#initialize(args = {}) ⇒ PcapPacket

Returns a new instance of PcapPacket.

# File 'lib/packetfu/pcap.rb', line 152

def initialize(args={})
  set_endianness(args[:endian] ||= :little)
  init_fields(args)
  super(args[:endian], args[:timestamp], args[:incl_len],
       args[:orig_len], args[:data])
end

Instance Attribute Details

#data ⇒ Object

Returns the value of attribute data

Returns:

• (Object) —

  the current value of data

# File 'lib/packetfu/pcap.rb', line 149

def data
  @data
end

#endian ⇒ Object

Returns the value of attribute endian

Returns:

• (Object) —

  the current value of endian

# File 'lib/packetfu/pcap.rb', line 149

def endian
  @endian
end

#incl_len ⇒ Object

Returns the value of attribute incl_len

Returns:

• (Object) —

  the current value of incl_len

# File 'lib/packetfu/pcap.rb', line 149

def incl_len
  @incl_len
end

#orig_len ⇒ Object

Returns the value of attribute orig_len

Returns:

• (Object) —

  the current value of orig_len

# File 'lib/packetfu/pcap.rb', line 149

def orig_len
  @orig_len
end

#timestamp ⇒ Object

Returns the value of attribute timestamp

Returns:

• (Object) —

  the current value of timestamp

# File 'lib/packetfu/pcap.rb', line 149

def timestamp
  @timestamp
end

Instance Method Details

#init_fields(args = {}) ⇒ Object

Called by initialize to set the initial fields.

# File 'lib/packetfu/pcap.rb', line 160

def init_fields(args={})
  args[:timestamp] = Timestamp.new(:endian => args[:endian]).read(args[:timestamp])
  args[:incl_len] = args[:incl_len].nil? ? @int32.new(args[:data].to_s.size) : @int32.new(args[:incl_len])
  args[:orig_len] = @int32.new(args[:orig_len])
  args[:data] = StructFu::String.new.read(args[:data])
end

#read(str) ⇒ Object

Reads a string to populate the object.

# File 'lib/packetfu/pcap.rb', line 173

def read(str)
  return unless str
  force_binary(str)
  self[:timestamp].read str[0,8]
  self[:incl_len].read str[8,4]
  self[:orig_len].read str[12,4]
  self[:data].read str[16,self[:incl_len].to_i]
  self
end

#to_s ⇒ Object

Returns the object in string form.

# File 'lib/packetfu/pcap.rb', line 168

def to_s
  self.to_a[1,4].map {|x| x.to_s}.join
end