Class: PacketFu::PcapPacket

Inherits:
Struct
  • Object
show all
Includes:
StructFu
Defined in:
lib/packetfu/pcap.rb

Overview

PcapPacket defines how individual packets are stored in a libpcap-formatted file.

Header Definition

Timestamp :timestamp Int32 :incl_len Int32 :orig_len String :data

Instance Attribute Summary collapse

Instance Method Summary collapse

Methods included from StructFu

#body=, #clone, #set_endianness, #sz, #typecast

Methods inherited from Struct

#force_binary

Constructor Details

#initialize(args = {}) ⇒ PcapPacket

Returns a new instance of PcapPacket


151
152
153
154
155
156
# File 'lib/packetfu/pcap.rb', line 151

def initialize(args={})
  set_endianness(args[:endian] ||= :little)
  init_fields(args)
  super(args[:endian], args[:timestamp], args[:incl_len],
       args[:orig_len], args[:data])
end

Instance Attribute Details

#dataObject

Returns the value of attribute data

Returns:

  • (Object)

    the current value of data


148
149
150
# File 'lib/packetfu/pcap.rb', line 148

def data
  @data
end

#endianObject

Returns the value of attribute endian

Returns:

  • (Object)

    the current value of endian


148
149
150
# File 'lib/packetfu/pcap.rb', line 148

def endian
  @endian
end

#incl_lenObject

Returns the value of attribute incl_len

Returns:

  • (Object)

    the current value of incl_len


148
149
150
# File 'lib/packetfu/pcap.rb', line 148

def incl_len
  @incl_len
end

#orig_lenObject

Returns the value of attribute orig_len

Returns:

  • (Object)

    the current value of orig_len


148
149
150
# File 'lib/packetfu/pcap.rb', line 148

def orig_len
  @orig_len
end

#timestampObject

Returns the value of attribute timestamp

Returns:

  • (Object)

    the current value of timestamp


148
149
150
# File 'lib/packetfu/pcap.rb', line 148

def timestamp
  @timestamp
end

Instance Method Details

#init_fields(args = {}) ⇒ Object

Called by initialize to set the initial fields.


159
160
161
162
163
164
# File 'lib/packetfu/pcap.rb', line 159

def init_fields(args={})
  args[:timestamp] = Timestamp.new(:endian => args[:endian]).read(args[:timestamp])
  args[:incl_len] = args[:incl_len].nil? ? @int32.new(args[:data].to_s.size) : @int32.new(args[:incl_len])
  args[:orig_len] = @int32.new(args[:orig_len])
  args[:data] = StructFu::String.new.read(args[:data])
end

#read(str) ⇒ Object

Reads a string to populate the object.


172
173
174
175
176
177
178
179
180
# File 'lib/packetfu/pcap.rb', line 172

def read(str)
  return unless str
  force_binary(str)
  self[:timestamp].read str[0,8]
  self[:incl_len].read str[8,4]
  self[:orig_len].read str[12,4]
  self[:data].read str[16,self[:incl_len].to_i]
  self
end

#to_sObject

Returns the object in string form.


167
168
169
# File 'lib/packetfu/pcap.rb', line 167

def to_s
  self.to_a[1,4].map {|x| x.to_s}.join
end