Class: PacketFu::PcapPackets

Inherits:

Array

• Object
• Array
• PacketFu::PcapPackets

Includes:

StructFu

Defined in:

lib/packetfu/pcap.rb

Overview

PcapPackets is a collection of PcapPacket objects.

Instance Attribute Summary

• #endian ⇒ Object

  probably ought to be read-only but who am i.

Instance Method Summary

• #force_binary(str) ⇒ Object
• #initialize(args = {}) ⇒ PcapPackets constructor

  A new instance of PcapPackets.

• #read(str) ⇒ Object

  Reads a string to populate the object.

• #to_s ⇒ Object

Methods included from StructFu

#body=, #clone, #set_endianness, #sz, #typecast

Constructor Details

#initialize(args = {}) ⇒ PcapPackets

Returns a new instance of PcapPackets.

# File 'lib/packetfu/pcap.rb', line 192

def initialize(args={})
  @endian = args[:endian] || :little
end

Instance Attribute Details

#endian ⇒ Object

probably ought to be read-only but who am i.

# File 'lib/packetfu/pcap.rb', line 190

def endian
  @endian
end

Instance Method Details

#force_binary(str) ⇒ Object

# File 'lib/packetfu/pcap.rb', line 196

def force_binary(str)
  str.force_encoding Encoding::BINARY if str.respond_to? :force_encoding
end

#read(str) ⇒ Object

Reads a string to populate the object. Note, this read takes in the whole pcap file, since we need to see the magic to know what endianness we’re dealing with.

# File 'lib/packetfu/pcap.rb', line 203

def read(str)
  force_binary(str)
  return self if str.nil?
  if str[0,4] == PcapHeader::MAGIC_BIG
    @endian = :big
  elsif str[0,4] == PcapHeader::MAGIC_LITTLE
    @endian = :little
  else
    raise ArgumentError, "Unknown file format for #{self.class}"
  end
  body = str[24,str.size]
  while body.size > 16 # TODO: catch exceptions on malformed packets at end
    p = PcapPacket.new(:endian => @endian)
    p.read(body)
    self<<p
    body = body[p.sz,body.size]
  end
self
end

#to_s ⇒ Object

# File 'lib/packetfu/pcap.rb', line 223

def to_s
  self.join
end