Class: Spcap::Stream

Inherits:

Object

• Object
• Spcap::Stream

Defined in:

lib/spcap/stream.rb

Direct Known Subclasses

Scopy

Constant Summary

MagicNumber =

File format : File header

4 Magic number
2,2  Major version	Minor version
4  Time zone offset always set to 0
4  Time stamp accuracy always set to 0
4  Snapshot length
4  Link-layer header type

["A1B2C3D4"].pack("H*")

Instance Method Summary

• #close ⇒ Object
• #each ⇒ Object

  Packets header 4 Time stamp, seconds value 4 Time stamp, microseconds value 4 Length of captured packet data 4 Un-truncated length of the packet data.

• #eof? ⇒ Boolean
• #initialize(istream) ⇒ Stream constructor

  A new instance of Stream.

• #next ⇒ Object
• #read(size) ⇒ Object
• #read16 ⇒ Object
• #read32 ⇒ Object

Constructor Details

#initialize(istream) ⇒ Stream

Returns a new instance of Stream.

Raises:

• (InitializeException)

# File 'lib/spcap/stream.rb', line 14

def initialize(istream)
  @istream = istream
  @magic_number = read(4)
  if @magic_number == MagicNumber
    @unpack_16 = "n"
    @unpack_32 = "N"
  else
    @unpack_16 = "v"
    @unpack_32 = "V"
  end
  @major_version, @minor_version = read16, read16
  read(8) # flush unused  time_zone_offset_always_0, timestamp_accuracy_always_0,
  @snapshot_length = read32
  @linklayer_header_type = read32
  # if header type is not ethernet raise an error !!
  raise InitializeException, "Not PCAP ethernet stream is not supported"if @linklayer_header_type != 1
  
end

Instance Method Details

#close ⇒ Object

# File 'lib/spcap/stream.rb', line 32

def close
  @istream.close
end

#each ⇒ Object

Packets header

4 Time stamp, seconds value
4 Time stamp, microseconds value
4 Length of captured packet data
4 Un-truncated length of the packet data

# File 'lib/spcap/stream.rb', line 54

def each
  until(@istream.eof?)
    p = self.next
    yield p unless p.nil?
  end
end

#eof? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/spcap/stream.rb', line 61

def eof? ; @istream.eof? ; end

#next ⇒ Object

# File 'lib/spcap/stream.rb', line 63

def next
  time = Time.at(read32,read32)
  caplen = read32
  len = read32
  # TODO : move Ethernet parsing in Packet class constructor
  src_mac_address = read(6)
  dst_mac_address = read(6)
  protocol_type = read(2).unpack("n").first
  raw_data = read(caplen-14)
  if protocol_type == 0x0800
    p = Factory.get_packet(time,raw_data,len,@linklayer_header_type)
    if p.nil?
      Logger.warn "Spcap::Factory return nil packet"
    else
      return p
    end
  else
    # ignore non IPv4 packets
    Logger.info "Non-IPv4 packets are ignored Protocol = #{protocol_type}"
  end
  return nil      
end

#read(size) ⇒ Object

# File 'lib/spcap/stream.rb', line 35

def read(size)
  buf = @istream.read(size)
  return buf
end

#read16 ⇒ Object

# File 'lib/spcap/stream.rb', line 40

def read16 
  buf = read(2)
  buf.unpack(@unpack_16).first
end

#read32 ⇒ Object

# File 'lib/spcap/stream.rb', line 45

def read32 
  buf = read(4)
  buf.unpack(@unpack_32).first
end