Module: TcpdumpParser

Defined in:
lib/tcpdump_parser.rb,
lib/tcpdump_parser/version.rb

Constant Summary collapse

VERSION = 
"1.0"

Class Method Summary collapse

Class Method Details

.listen_to(interface, tcp_dump_path = nil, use_sudo = true) ⇒ Object 



45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
 
# File 'lib/tcpdump_parser.rb', line 45

def TcpdumpParser.listen_to(interface, tcp_dump_path=nil, use_sudo=true)
  tcp_dump_path = "tcpdump" if tcp_dump_path.nil?
  
  args = []
  args << "sudo" if use_sudo
  args << tcp_dump_path
  args << "-i" << interface << "-n" << "-e" << "-t" << "4"
  
  stdin, stdout, stderr = Open3.popen3(*args)

  while line = stdout.gets
    if not yield(parse_line(line))
      break
    end
  end
  
  stdin.close
  stdout.close
  stderr.close
end

.parse_line(line) ⇒ Object 



25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
 
# File 'lib/tcpdump_parser.rb', line 25

def TcpdumpParser.parse_line(line)
  res = TCPDUMP_REGEX.match(line.chomp)

  if res.nil?
    return nil
  end

  date_time = DateTime.strptime(res[:date_time], "%Y-%m-%d %H:%M:%S").to_time
  utc_date_time = date_time - date_time.utc_offset

  return {
    date_time: utc_date_time,
    mac_addr_to: res[:mac_addr_to].upcase,
    ip_addr_to: res[:ip_addr_to],
    mac_addr_from: res[:mac_addr_from].upcase,
    ip_addr_from: res[:ip_addr_from],
    length: res[:length_1].to_i
  }  
end