Class: Mu::Xtractr::Service

Inherits:

Object

• Object
• Mu::Xtractr::Service

Defined in:

lib/mu/xtractr/service.rb,
lib/mu/xtractr/test/tc_service.rb

Overview

others like ARP (all non-IP, layer2 services) are only available in packets.

Defined Under Namespace

Classes: Test

Instance Attribute Summary

• #name ⇒ Object readonly

  Return the name of the service.

• #xtractr ⇒ Object readonly

  :nodoc:.

Instance Method Summary

• #clients(q = nil) ⇒ Object

  Get a unique list of clients for this service xtractr.service(‘http’).clients.

• #flows(q = nil) ⇒ Object

  Return an iterator that can yield all flows that have this service and matches the query xtractr.service(“DNS”).flows(“AAAA”).each { |flow| … }.

• #initialize(xtractr, name) ⇒ Service constructor

  :nodoc:.

• #inspect ⇒ Object

  :nodoc:.

• #packets(q = nil) ⇒ Object

  Return an iterator that can yield all packets that have this service and matches the query xtractr.service(“DNS”).packets(“mu”).each { |pkt| … }.

• #servers(q = nil) ⇒ Object

  Get a unique list of servers for this service xtractr.service(‘http’).servers.

Constructor Details

#initialize(xtractr, name) ⇒ Service

:nodoc:

# File 'lib/mu/xtractr/service.rb', line 33

def initialize xtractr, name # :nodoc:
    @xtractr = xtractr
    @name = name
end

Instance Attribute Details

#name ⇒ Object (readonly)

Return the name of the service

# File 'lib/mu/xtractr/service.rb', line 31

def name
  @name
end

#xtractr ⇒ Object (readonly)

:nodoc:

# File 'lib/mu/xtractr/service.rb', line 28

def xtractr
  @xtractr
end

Instance Method Details

#clients(q = nil) ⇒ Object

Get a unique list of clients for this service

xtractr.service('http').clients

# File 'lib/mu/xtractr/service.rb', line 40

def clients q=nil
    _q = "flow.service:\"#{name}\""
    _q << " #{q}" if q
    Flows.new(xtractr, :q => _q).count('flow.src')
end

#flows(q = nil) ⇒ Object

Return an iterator that can yield all flows that have this service and matches the query

xtractr.service("DNS").flows("AAAA").each { |flow| ... }

# File 'lib/mu/xtractr/service.rb', line 66

def flows q=nil
    _q = "flow.service:\"#{name}\""
    _q << " #{q}" if q
    return Flows.new(xtractr, :q => _q)
end

#inspect ⇒ Object

:nodoc:

# File 'lib/mu/xtractr/service.rb', line 72

def inspect # :nodoc:
    "#<service:#{name}>"
end

#packets(q = nil) ⇒ Object

Return an iterator that can yield all packets that have this service and matches the query

xtractr.service("DNS").packets("mu").each { |pkt| ... }

# File 'lib/mu/xtractr/service.rb', line 57

def packets q=nil
    _q = "pkt.service:\"#{name}\""
    _q << " #{q}" if q
    return Packets.new(xtractr, :q => _q)
end

#servers(q = nil) ⇒ Object

Get a unique list of servers for this service

xtractr.service('http').servers

# File 'lib/mu/xtractr/service.rb', line 48

def servers q=nil
    _q = "flow.service:\"#{name}\""
    _q << " #{q}" if q
    Flows.new(xtractr, :q => _q).count('flow.dst')
end