Class: Unified2::Packet

Inherits:

Object

• Object
• Unified2::Packet

Defined in:

lib/unified2/packet.rb

Overview

Packet

Instance Attribute Summary

• #event_id ⇒ Object readonly

  Build method defaults.

• #event_timestamp ⇒ Object readonly

  Build method defaults.

• #length ⇒ Object readonly

  Build method defaults.

• #link_type ⇒ Object readonly

  Build method defaults.

• #microsecond ⇒ Object readonly

  Build method defaults.

• #packet ⇒ Object readonly

  Build method defaults.

• #raw ⇒ String readonly

  Raw.

• #timestamp ⇒ Object readonly

  Build method defaults.

Instance Method Summary

• #blank? ⇒ true, false

  Blank?.

• #checksum ⇒ String

  Checksum.

• #dump(options = {}) {|index, hex_segment, print_segment| ... } ⇒ nil

  Dump.

• #eth? ⇒ true, false (also: #ethernet?)

  Ehternet.

• #hex(include_header = true) ⇒ String

  Hex.

• #hexdump(options = {}) ⇒ Object

  Hexdump.

• #initialize(packet) ⇒ Packet constructor

  Initialize packet Object.

• #ip_header ⇒ Hash

  IP Header.

• #ipv4? ⇒ true, false (also: #ip?)

  IP Version 4.

• #ipv6? ⇒ true, false

  IP Version 6.

• #payload ⇒ Payload

  Payload.

• #protocol ⇒ Protocol

  Protocol.

• #to_file(filename, mode) ⇒ Object

  Output to file.

• #to_h ⇒ Object
• #to_pcap ⇒ Object

  Convert to libpcap format.

• #to_s ⇒ String

  String.

• #valid? ⇒ true, false

  Valid.

Constructor Details

#initialize(packet) ⇒ Packet

Initialize packet Object

Parameters:

• Packet (Hash) —

  Packet hash

# File 'lib/unified2/packet.rb', line 26

def initialize(packet)
  @raw = packet
  @link_type = packet[:linktype]
  @microsecond = packet[:packet_microsecond]

  @event_timestamp = Time.at(packet[:timestamp])
  @timestamp = Time.at(packet[:packet_timestamp])
  @length = packet[:packet_length].to_i
  @event_id = packet[:event_id]

  @packet ||= PacketFu::Packet.parse(packet[:packet])
  @protocol = @packet.protocol.last.to_sym
end

Instance Attribute Details

#event_id ⇒ Object (readonly)

Build method defaults

# File 'lib/unified2/packet.rb', line 17

def event_id
  @event_id
end

#event_timestamp ⇒ Object (readonly)

Build method defaults

# File 'lib/unified2/packet.rb', line 17

def event_timestamp
  @event_timestamp
end

#length ⇒ Object (readonly)

Build method defaults

# File 'lib/unified2/packet.rb', line 17

def length
  @length
end

#link_type ⇒ Object (readonly)

Build method defaults

# File 'lib/unified2/packet.rb', line 17

def link_type
  @link_type
end

#microsecond ⇒ Object (readonly)

Build method defaults

# File 'lib/unified2/packet.rb', line 17

def microsecond
  @microsecond
end

#packet ⇒ Object (readonly)

Build method defaults

# File 'lib/unified2/packet.rb', line 17

def packet
  @packet
end

#raw ⇒ String (readonly)

Raw

Returns:

• (String) —

  Raw binary payload

# File 'lib/unified2/packet.rb', line 17

def raw
  @raw
end

#timestamp ⇒ Object (readonly)

Build method defaults

# File 'lib/unified2/packet.rb', line 17

def timestamp
  @timestamp
end

Instance Method Details

#blank? ⇒ true, false

Blank?

Returns:

• (true, false) —

  Check is payload is blank

# File 'lib/unified2/packet.rb', line 149

def blank?
  return true unless @packet
  false
end

#checksum ⇒ String

Checksum

Create a unique payload checksum

Returns:

• (String) —

  Payload checksum

# File 'lib/unified2/packet.rb', line 271

def checksum
  Digest::MD5.hexdigest(hex(false))
end

#dump(options = {}) {|index, hex_segment, print_segment| ... } ⇒ nil

Note:

Please view the hexdump documentation for more information. Hexdump is a great lib by @postmodern. (github.com/postmodern/hexdump)

Dump

Parameters:

• options (options) (defaults to: {}) —

  Hash of options for Hexdump#dump

Options Hash (options):

• :width (Integer) — default: 16 —

  The number of bytes to dump for each line.

• :base (Symbol, Integer) — default: :hexadecimal —

  The base to print bytes in. Supported bases include, ‘:hexadecimal`, `:hex`, `16, `:decimal`, `:dec`, `10, `:octal`, `:oct`, `8`, `:binary`, `:bin` and `2`.

• :ascii (Boolean) — default: false —

  Print ascii characters when possible.

• :output (#<<) — default: STDOUT —

  The output to print the hexdump to.

Yields:

• (index, hex_segment, print_segment) —

  The given block will be passed the hexdump break-down of each segment.

Yield Parameters:

• index (Integer) —

  The index of the hexdumped segment.

• hex_segment (Array<String>) —

  The hexadecimal-byte representation of the segment.

• print_segment (Array<String>) —

  The print-character representation of the segment.

Returns:

• (nil)

Raises:

• (ArgumentError) —

  The given data does not define the ‘#each_byte` method, or

# File 'lib/unified2/packet.rb', line 237

def dump(options={})
  packet = if options[:header]
             @raw[:packet]
           else
             @packet.payload
           end

  Hexdump.dump(packet, options)
end

#eth? ⇒ true, false Also known as: ethernet?

Ehternet

Returns:

• (true, false) —

  Ethernet packet

# File 'lib/unified2/packet.rb', line 79

def eth?
  @packet.is_eth?
end

#hex(include_header = true) ⇒ String

Hex

Returns:

• (String) —

  Convert payload to hex

# File 'lib/unified2/packet.rb', line 184

def hex(include_header=true)
  packet = if include_header
             @packet.to_s
           else
             @packet.payload.to_s
           end

  hex = packet.unpack('H*')
  return hex.first if hex
  nil
end

#hexdump(options = {}) ⇒ Object

Hexdump

Examples:

packet.hexdump(:width => 16)

See Also:

• #dump

# File 'lib/unified2/packet.rb', line 255

def hexdump(options={})
  hexdump = options[:output] ||= ""
  options[:width] ||= 30
  options[:header] ||= true

  dump(options)
  hexdump
end

#ip_header ⇒ Hash

IP Header

Returns:

• (Hash) —

  IP header

# File 'lib/unified2/packet.rb', line 45

def ip_header
  if @packet.is_ip?
    ip_header = {
      :ip_ver => @packet.ip_header.ip_v,
      :ip_hlen => @packet.ip_header.ip_hl,
      :ip_tos => @packet.ip_header.ip_tos,
      :ip_len => @packet.ip_header.ip_len,
      :ip_id => @packet.ip_header.ip_id,
      :ip_frag => @packet.ip_header.ip_frag,
      :ip_ttl => @packet.ip_header.ip_ttl,
      :ip_proto => @packet.ip_header.ip_proto,
      :ip_csum => @packet.ip_header.ip_sum
    }
  else
    ip_header = {}
  end

  ip_header
end

#ipv4? ⇒ true, false Also known as: ip?

IP Version 4

Returns:

• (true, false)

# File 'lib/unified2/packet.rb', line 89

def ipv4?
  @packet.is_ip?
end

#ipv6? ⇒ true, false

IP Version 6

Returns:

• (true, false)

# File 'lib/unified2/packet.rb', line 99

def ipv6?
  @packet.is_ipv6?
end

#payload ⇒ Payload

Payload

Returns:

• (Payload) —

  Event payload object

# File 'lib/unified2/packet.rb', line 140

def payload
  @packet.payload
end

#protocol ⇒ Protocol

Protocol

Returns:

• (Protocol) —

  packet protocol object

# File 'lib/unified2/packet.rb', line 108

def protocol
  @proto ||= Protocol.new(@protocol, @packet)
end

#to_file(filename, mode) ⇒ Object

Output to file

# File 'lib/unified2/packet.rb', line 131

def to_file(filename, mode)
  @packet.to_f(filename, mode)
end

#to_h ⇒ Object

# File 'lib/unified2/packet.rb', line 163

def to_h
  @to_hash = {
    :event_timestamp => event_timestamp.to_s,
    :timestamp => timestamp.to_s,
    :length => length,
    :microsecond => microsecond,
    :hex => hex,
    :hexdump => hexdump,
    :checksum => checksum,
    :payload => payload,
    :link_type => link_type,
    :protocol => protocol.to_h,
    :ip_header => ip_header
  }
end

#to_pcap ⇒ Object

Convert to libpcap format

# File 'lib/unified2/packet.rb', line 124

def to_pcap
  @packet.to_pcap
end

#to_s ⇒ String

String

Returns:

• (String) —

  Signature name

# File 'lib/unified2/packet.rb', line 117

def to_s
  payload.to_s
end

#valid? ⇒ true, false

Valid

Returns:

• (true, false) —

  Is this a valid packet

# File 'lib/unified2/packet.rb', line 70

def valid?
  !@packet.is_invalid?
end