Class: PacketGen::Capture

Inherits:

Object

• Object
• PacketGen::Capture

Defined in:

lib/packetgen/capture.rb

Overview

Capture packets from wire

Author:

• Sylvain Daubert

Constant Summary

DEFAULT_SNAPLEN =

Default snaplen to use if :snaplen option not defined

0xffff

Instance Attribute Summary

• #packets ⇒ Array<Packets> readonly

  Get captured packets.

• #raw_packets ⇒ Array<String> readonly

  Get captured packet raw data.

Instance Method Summary

• #initialize(iface, options = {}) ⇒ Capture constructor

  A new instance of Capture.

• #start(options = {}) {|packet| ... } ⇒ Object

  Start capture.

• #stop ⇒ void

  Stop capture.

Constructor Details

#initialize(iface, options = {}) ⇒ Capture

Returns a new instance of Capture.

Parameters:

• iface (String) —

  interface on which capture packets

• options (Hash) (defaults to: {})

Options Hash (options):

• :max (Integer) —

  maximum number of packets to capture

• :timeout (Integer) —

  maximum number of seconds before end of capture. Default: nil (no timeout)

• :filter (String) —

  bpf filter

• :promiscuous (Boolean) — default: default: +false+
• :parse (Boolean) —

  parse raw data to generate packets before yielding. Default: true

• :snaplen (Integer) —

  maximum number of bytes to capture for each packet

# File 'lib/packetgen/capture.rb', line 29

def initialize(iface, options={})
  @packets = []
  @raw_packets = []
  @iface = iface
  set_options options
end

Instance Attribute Details

#packets ⇒ Array<Packets> (readonly)

Get captured packets

Returns:

• (Array<Packets>)

# File 'lib/packetgen/capture.rb', line 12

def packets
  @packets
end

#raw_packets ⇒ Array<String> (readonly)

Get captured packet raw data

Returns:

• (Array<String>)

# File 'lib/packetgen/capture.rb', line 16

def raw_packets
  @raw_packets
end

Instance Method Details

#start(options = {}) {|packet| ... } ⇒ Object

Start capture

Parameters:

• options (Hash) (defaults to: {}) —

  complete see #initialize.

Yield Parameters:

• packet (Packet, String) —

  if a block is given, yield each captured packet (Packet or raw data String, depending on :parse)

# File 'lib/packetgen/capture.rb', line 40

def start(options={})
  set_options options
  @pcap = PCAPRUB::Pcap.open_live(@iface, @snaplen, @promisc, 1)
  set_filter

  @cap_thread = Thread.new do
    @pcap.each do |packet_data|
      @raw_packets << packet_data
      if @parse
        packet = Packet.parse(packet_data)
        @packets << packet
        yield packet if block_given?
      else
        yield packet_data if block_given?
      end
      if @max
        break if @raw_packets.size >= @max
      end
    end
  end
  @cap_thread.join(@timeout)
end

#stop ⇒ void

This method returns an undefined value.

Stop capture. Should be used from another thread, as #start blocs.

BEWARE: multiple capture should not be started in different threads. No effort has been made to make Capture nor PacketGen thread-safe.

# File 'lib/packetgen/capture.rb', line 68

def stop
  @cap_thread.kill
end