Module: PcapParser

Defined in:
lib/pcap_parser.rb,
lib/pcap_parser/proto.rb,
lib/pcap_parser/stream.rb,
lib/pcap_parser/packet.rb,
lib/pcap_parser/version.rb,
lib/pcap_parser/linktype.rb,
lib/pcap_parser/ethertype.rb,
lib/pcap_parser/proto/udp.rb,
lib/pcap_parser/proto/tcp.rb,
lib/pcap_parser/save_file.rb,
lib/pcap_parser/proto/icmp.rb,
lib/pcap_parser/ethertype/ipv4.rb,
lib/pcap_parser/linktype/ethernet.rb

Overview

Simple library to parse libpcap format files with pure ruby.

Defined Under Namespace

Modules: Ethertype, Linktype, Proto Classes: EtherTypeNotSupported, InvalidPcapFile, LinkTypeNotSupported, Packet, PcapFileTooShort, ProtoNotSupported, SaveFile, Stream

Constant Summary collapse

PROTO =

Protocols supported

{
  0x01 => Proto::ICMP,
  0x06 => Proto::TCP,
  0x11 => Proto::UDP,
}
VERSION =

Gem version

"0.0.2"
{
  1 => Linktype::Ethernet
}
ETHER_TYPE =
{
  0x0800 => Ethertype::IPv4
}

Class Method Summary collapse

Class Method Details

.read(file) ⇒ Object

Read packets from pcap file. Expects block to process each packet.

Parameters:

  • file (String)

    pcap file path


30
31
32
33
34
# File 'lib/pcap_parser.rb', line 30

def self.read(file)
  SaveFile.new(file).each_packet do |packet|
    yield packet
  end
end