Class: PacketFu::PcapPackets

Inherits:
Array
  • Object
show all
Includes:
StructFu
Defined in:
lib/packetfu/pcap.rb

Overview

PcapPackets is a collection of PcapPacket objects.

Instance Attribute Summary collapse

Instance Method Summary collapse

Methods included from StructFu

#body=, #clone, #set_endianness, #sz, #typecast

Constructor Details

#initialize(args = {}) ⇒ PcapPackets

Returns a new instance of PcapPackets


191
192
193
# File 'lib/packetfu/pcap.rb', line 191

def initialize(args={})
  @endian = args[:endian] || :little
end

Instance Attribute Details

#endianObject

probably ought to be read-only but who am i.


189
190
191
# File 'lib/packetfu/pcap.rb', line 189

def endian
  @endian
end

Instance Method Details

#force_binary(str) ⇒ Object


195
196
197
# File 'lib/packetfu/pcap.rb', line 195

def force_binary(str)
  str.force_encoding Encoding::BINARY if str.respond_to? :force_encoding
end

#read(str) ⇒ Object

Reads a string to populate the object. Note, this read takes in the whole pcap file, since we need to see the magic to know what endianness we're dealing with.


202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
# File 'lib/packetfu/pcap.rb', line 202

def read(str)
  force_binary(str)
  return self if str.nil?
  if str[0,4] == PcapHeader::MAGIC_BIG
    @endian = :big
  elsif str[0,4] == PcapHeader::MAGIC_LITTLE
    @endian = :little
  else
    raise ArgumentError, "Unknown file format for #{self.class}"
  end
  body = str[24,str.size]
  while body.size > 16 # TODO: catch exceptions on malformed packets at end
    p = PcapPacket.new(:endian => @endian)
    p.read(body)
    self<<p
    body = body[p.sz,body.size]
  end
self
end

#to_sObject


222
223
224
# File 'lib/packetfu/pcap.rb', line 222

def to_s
  self.join
end