Class: PcapParser::SaveFile

Inherits:
Object
  • Object
show all
Defined in:
lib/pcap_parser/save_file.rb

Overview

Top pcap_parser class. Reads libpcap per-file header. Header details: www.tcpdump.org/manpages/pcap-savefile.5.txt

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(filename) ⇒ SaveFile

Open and read pcap file


17
18
19
20
# File 'lib/pcap_parser/save_file.rb', line 17

def initialize(filename)
  @stream = Stream.new(File.open filename, "rb")
  set_file_attr
end

Instance Attribute Details

#ethertypeObject (readonly)

Returns the value of attribute ethertype


13
14
15
# File 'lib/pcap_parser/save_file.rb', line 13

def ethertype
  @ethertype
end

#linktypeObject (readonly)

Returns the value of attribute linktype


12
13
14
# File 'lib/pcap_parser/save_file.rb', line 12

def linktype
  @linktype
end

#networkObject (readonly)

Returns the value of attribute network


10
11
12
# File 'lib/pcap_parser/save_file.rb', line 10

def network
  @network
end

#packetObject (readonly)

Returns the value of attribute packet


11
12
13
# File 'lib/pcap_parser/save_file.rb', line 11

def packet
  @packet
end

#protoObject (readonly)

Returns the value of attribute proto


14
15
16
# File 'lib/pcap_parser/save_file.rb', line 14

def proto
  @proto
end

#snaplenObject (readonly)

Returns the value of attribute snaplen


9
10
11
# File 'lib/pcap_parser/save_file.rb', line 9

def snaplen
  @snaplen
end

#tz_accurObject (readonly)

Returns the value of attribute tz_accur


8
9
10
# File 'lib/pcap_parser/save_file.rb', line 8

def tz_accur
  @tz_accur
end

#tz_offsetObject (readonly)

Returns the value of attribute tz_offset


7
8
9
# File 'lib/pcap_parser/save_file.rb', line 7

def tz_offset
  @tz_offset
end

#versionObject (readonly)

Returns the value of attribute version


6
7
8
# File 'lib/pcap_parser/save_file.rb', line 6

def version
  @version
end

Instance Method Details

#each_packetObject

Loop through all packets in the file. Expects block as an argument. Example: “` SaveFile.each_packet |packet| do

pp packet

end “`


30
31
32
# File 'lib/pcap_parser/save_file.rb', line 30

def each_packet
  yield read_packet until @stream.eof?
end

#read_packetSaveFile

Read whole packet

Returns:


36
37
38
39
40
41
42
43
# File 'lib/pcap_parser/save_file.rb', line 36

def read_packet
  @packet = Packet.new @stream
  linktype.read
  read_ethertype
  read_proto
  read_padding
  self
end