Class: Mu::Pcap

Inherits:

Object

• Object
• Mu::Pcap

Defined in:

lib/diy/parser/pcap.rb,
lib/diy/parser/mu/pcap/ip.rb,
lib/diy/parser/mu/pcap/tcp.rb,
lib/diy/parser/mu/pcap/udp.rb,
lib/diy/parser/mu/pcap/ipv4.rb,
lib/diy/parser/mu/pcap/ipv6.rb,
lib/diy/parser/mu/pcap/sctp.rb,
lib/diy/parser/mu/pcap/header.rb,
lib/diy/parser/mu/pcap/packet.rb,
lib/diy/parser/mu/pcap/pkthdr.rb,
lib/diy/parser/mu/pcap/reader.rb,
lib/diy/parser/mu/pcap/io_pair.rb,
lib/diy/parser/mu/pcap/ethernet.rb,
lib/diy/parser/mu/pcap/io_wrapper.rb,
lib/diy/parser/mu/pcap/sctp/chunk.rb,
lib/diy/parser/mu/pcap/sctp/parameter.rb,
lib/diy/parser/mu/pcap/sctp/chunk/data.rb,
lib/diy/parser/mu/pcap/sctp/chunk/init.rb,
lib/diy/parser/mu/pcap/stream_packetizer.rb,
lib/diy/parser/mu/pcap/reader/http_family.rb,
lib/diy/parser/mu/pcap/sctp/chunk/init_ack.rb,
lib/diy/parser/mu/pcap/sctp/parameter/ip_address.rb

Defined Under Namespace

Classes: Ethernet, Header, IOPair, IOWrapper, IP, IPv4, IPv6, Packet, ParseError, Pkthdr, Reader, SCTP, StreamPacketizer, TCP, UDP

Constant Summary

LITTLE_ENDIAN =

0xd4c3b2a1

BIG_ENDIAN =

0xa1b2c3d4

DLT_NULL =

0

DLT_EN10MB =

1

DLT_RAW =

DLT_LOOP in OpenBSD

12

DLT_LINUX_SLL =

113

Instance Attribute Summary

• #header ⇒ Object

  Returns the value of attribute header.

• #pkthdrs ⇒ Object

  Returns the value of attribute pkthdrs.

Class Method Summary

• .assert(cond, msg) ⇒ Object

  Assertion used during Pcap parsing.

• .each_pkthdr(io, decode = true) ⇒ Object

  Read PCAP packet headers from IO and return Mu::Pcap::Header.

• .from_packets(packets) ⇒ Object

  Create PCAP from list of packets.

• .read(io, decode = true) ⇒ Object

  Read PCAP file from IO and return Mu::Pcap.

• .read_packets(io, decode = true) ⇒ Object

  Read packets from PCAP.

• .warning(msg) ⇒ Object

  Warnings from Pcap parsing are printed using this method.

Instance Method Summary

• #==(other) ⇒ Object
• #initialize ⇒ Pcap constructor

  A new instance of Pcap.

• #write(io) ⇒ Object

  Write PCAP file to IO.

Constructor Details

#initialize ⇒ Pcap

Returns a new instance of Pcap.

# File 'lib/diy/parser/pcap.rb', line 26

def initialize
    @header = Header.new
    @pkthdrs = []
end

Instance Attribute Details

#header ⇒ Object

Returns the value of attribute header.

# File 'lib/diy/parser/pcap.rb', line 24

def header
  @header
end

#pkthdrs ⇒ Object

Returns the value of attribute pkthdrs.

# File 'lib/diy/parser/pcap.rb', line 24

def pkthdrs
  @pkthdrs
end

Class Method Details

.assert(cond, msg) ⇒ Object

Assertion used during Pcap parsing

# File 'lib/diy/parser/pcap.rb', line 84

def self.assert cond, msg
    if not cond
        raise ParseError, msg
    end
end

.each_pkthdr(io, decode = true) ⇒ Object

Read PCAP packet headers from IO and return Mu::Pcap::Header. If decode is true, also decode the Pkthdr packet contents to Mu::Pcap objects. Use this for large files when each packet header can processed independently

• it will perform better.

# File 'lib/diy/parser/pcap.rb', line 64

def self.each_pkthdr io, decode=true
    header = Header.read io
    while not io.eof?
        pkthdr = Pkthdr.read io, header.magic
        if decode
            pkthdr.decode! header.magic, header.linktype
        end
        yield pkthdr
    end
    return header
end

.from_packets(packets) ⇒ Object

Create PCAP from list of packets.

# File 'lib/diy/parser/pcap.rb', line 42

def self.from_packets packets
    pcap = Pcap.new
    packets.each do |packet|
        pkthdr = Mu::Pcap::Pkthdr.new
        pkthdr.pkt = packet
        pcap.pkthdrs << pkthdr
    end
    return pcap
end

.read(io, decode = true) ⇒ Object

Read PCAP file from IO and return Mu::Pcap. If decode is true, also decode the Pkthdr packet contents to Mu::Pcap objects.

# File 'lib/diy/parser/pcap.rb', line 33

def self.read io, decode=true
    pcap = Pcap.new
    pcap.header = each_pkthdr(io, decode) do |pkthdr|
        pcap.pkthdrs << pkthdr
    end
    return pcap
end

.read_packets(io, decode = true) ⇒ Object

Read packets from PCAP

# File 'lib/diy/parser/pcap.rb', line 77

def self.read_packets io, decode=true
    packets = []
    each_pkthdr(io) { |pkthdr| packets << pkthdr.pkt }
    return packets
end

.warning(msg) ⇒ Object

Warnings from Pcap parsing are printed using this method.

# File 'lib/diy/parser/pcap.rb', line 91

def self.warning msg
    $stderr.puts "WARNING: #{msg}"
end

Instance Method Details

#==(other) ⇒ Object

# File 'lib/diy/parser/pcap.rb', line 95

def == other
    return self.class == other.class &&
        self.header   == other.header &&
        self.pkthdrs  == other.pkthdrs
end

#write(io) ⇒ Object

Write PCAP file to IO. Uses big-endian and linktype EN10MB.

# File 'lib/diy/parser/pcap.rb', line 53

def write io
    @header.write io
    @pkthdrs.each do |pkthdr|
        pkthdr.write io
    end
end