Class: Mu::Pcap

Inherits:
Object
  • Object
show all
Defined in:
lib/mu/pcap.rb,
lib/mu/pcap/ip.rb,
lib/mu/pcap/tcp.rb,
lib/mu/pcap/udp.rb,
lib/mu/pcap/ipv4.rb,
lib/mu/pcap/ipv6.rb,
lib/mu/pcap/sctp.rb,
lib/mu/pcap/header.rb,
lib/mu/pcap/packet.rb,
lib/mu/pcap/pkthdr.rb,
lib/mu/pcap/reader.rb,
lib/mu/pcap/io_pair.rb,
lib/mu/pcap/ethernet.rb,
lib/mu/pcap/io_wrapper.rb,
lib/mu/pcap/sctp/chunk.rb,
lib/mu/pcap/sctp/parameter.rb,
lib/mu/pcap/sctp/chunk/data.rb,
lib/mu/pcap/sctp/chunk/init.rb,
lib/mu/pcap/stream_packetizer.rb,
lib/mu/pcap/reader/http_family.rb,
lib/mu/pcap/sctp/chunk/init_ack.rb,
lib/mu/pcap/sctp/parameter/ip_address.rb

Defined Under Namespace

Classes: Ethernet, Header, IOPair, IOWrapper, IP, IPv4, IPv6, Packet, ParseError, Pkthdr, Reader, SCTP, StreamPacketizer, TCP, UDP

Constant Summary collapse

LITTLE_ENDIAN = 
0xd4c3b2a1
BIG_ENDIAN = 
0xa1b2c3d4
DLT_NULL = 
0
DLT_EN10MB = 
1
DLT_RAW =

DLT_LOOP in OpenBSD

12
DLT_LINUX_SLL = 
113

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Constructor Details

#initializePcap

Returns a new instance of Pcap.



23
24
25
26
 
# File 'lib/mu/pcap.rb', line 23

def initialize
    @header = Header.new
    @pkthdrs = []
end

Instance Attribute Details

#headerObject

Returns the value of attribute header.



21
22
23
 
# File 'lib/mu/pcap.rb', line 21

def header
  @header
end

#pkthdrsObject

Returns the value of attribute pkthdrs.



21
22
23
 
# File 'lib/mu/pcap.rb', line 21

def pkthdrs
  @pkthdrs
end

Class Method Details

.assert(cond, msg) ⇒ Object

Assertion used during Pcap parsing



81
82
83
84
85
 
# File 'lib/mu/pcap.rb', line 81

def self.assert cond, msg
    if not cond
        raise ParseError, msg
    end
end

.each_pkthdr(io, decode = true) ⇒ Object

Read PCAP packet headers from IO and return Mu::Pcap::Header. If decode is true, also decode the Pkthdr packet contents to Mu::Pcap objects. Use this for large files when each packet header can processed independently

  • it will perform better.



61
62
63
64
65
66
67
68
69
70
71
 
# File 'lib/mu/pcap.rb', line 61

def self.each_pkthdr io, decode=true
    header = Header.read io
    while not io.eof?
        pkthdr = Pkthdr.read io, header.magic
        if decode
            pkthdr.decode! header.magic, header.linktype
        end
        yield pkthdr
    end
    return header
end

.from_packets(packets) ⇒ Object

Create PCAP from list of packets.



39
40
41
42
43
44
45
46
47
 
# File 'lib/mu/pcap.rb', line 39

def self.from_packets packets
    pcap = Pcap.new
    packets.each do |packet|
        pkthdr = Mu::Pcap::Pkthdr.new
        pkthdr.pkt = packet
        pcap.pkthdrs << pkthdr
    end
    return pcap
end

.read(io, decode = true) ⇒ Object

Read PCAP file from IO and return Mu::Pcap. If decode is true, also decode the Pkthdr packet contents to Mu::Pcap objects.



30
31
32
33
34
35
36
 
# File 'lib/mu/pcap.rb', line 30

def self.read io, decode=true
    pcap = Pcap.new
    pcap.header = each_pkthdr(io, decode) do |pkthdr|
        pcap.pkthdrs << pkthdr
    end
    return pcap
end

.read_packets(io, decode = true) ⇒ Object

Read packets from PCAP



74
75
76
77
78
 
# File 'lib/mu/pcap.rb', line 74

def self.read_packets io, decode=true
    packets = []
    each_pkthdr(io) { |pkthdr| packets << pkthdr.pkt }
    return packets
end

.warning(msg) ⇒ Object

Warnings from Pcap parsing are printed using this method.



88
89
90
 
# File 'lib/mu/pcap.rb', line 88

def self.warning msg
    $stderr.puts "WARNING: #{msg}"
end

Instance Method Details

#==(other) ⇒ Object 



92
93
94
95
96
 
# File 'lib/mu/pcap.rb', line 92

def == other
    return self.class == other.class &&
        self.header   == other.header &&
        self.pkthdrs  == other.pkthdrs
end

#write(io) ⇒ Object

Write PCAP file to IO. Uses big-endian and linktype EN10MB.



50
51
52
53
54
55
 
# File 'lib/mu/pcap.rb', line 50

def write io
    @header.write io
    @pkthdrs.each do |pkthdr|
        pkthdr.write io
    end
end