Module: PcapTools::Parser

Defined in:: lib/pcap_parser.rb

Defined Under Namespace

Modules: HasParent Classes: Ethernet, IPAddr, IP_PDU, LinuxCookedCapture, MacAddr, PcapFile, TCP_PDU, UDP_PDU

Constant Summary collapse

IPV4 =

0x0800

Class Method Summary collapse

.load_file(f) ⇒ Object

Class Method Details

.load_file(f) ⇒ `Object`

# File 'lib/pcap_parser.rb', line 192

def load_file f
  packets = []
  File.open(f, 'rb') do |io|
    content = PcapFile.read(io)
    raise 'Wrong endianess' unless content.header.magic.to_i.to_s(16) == "a1b2c3d4"
    content.packets.each do |original_packet|
      packet = case content.header.linktype
      when 113 then LinuxCookedCapture.read(original_packet.data)
      when 1 then Ethernet.read(original_packet.data)
      else raise "Unknown network #{content.header.linktype}"
      end
      packet.parent = original_packet
      while packet.respond_to?(:payload) && packet.payload.is_a?(BinData::Choice)
        packet.payload.parent = packet
        packet = packet.payload
      end
      packets << packet
    end
  end
  packets
end

Module: PcapTools::Parser

Defined Under Namespace

Constant Summary collapse

Class Method Summary collapse

Class Method Details

.load_file(f) ⇒ Object

.load_file(f) ⇒ `Object`