ruby-pcaprub 0.12.4-1build2 / usr / share / doc / ruby-pcaprub / USAGE.rdoc

This file is indexed.

/usr/share/doc/ruby-pcaprub/USAGE.rdoc is in ruby-pcaprub 0.12.4-1build2.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below. 

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
= Usage of Pcaprub

Pcaprub is a ruby wrapper to the libpcap libary. It provides a common method to access the c bindings defined in libpcap. 

Many of the methods require the Pcap instance to be "ready". 

 - "Ready" is defined as being initiated with open_live open_dead or open_offline.
 
== Basics of Pcaprub  

  require "rubygems"
  require "pcaprub"

  mypcap = PCAPRUB::Pcap.new  
  
== Backwards Compatibility

Pcaprub is included automatically upon load. This mixes in ::Pcap for backwards compatibility.

  require "rubygems"
  require "pcaprub"

  mypcap = ::Pcap.new  


== Setting up a live Capture

  dev = PCAPRUB::Pcap.lookupdev

  snaplength = 65535
  promiscous_mode = true 
  timeout = 0 
  
  system("ifconfig", dev, "up")
  
  capture = ::Pcap.open_live(dev, snaplength, promiscous_mode, timeout)  
  
== Open an existing pcap file
  
  pcapfile = File.dirname(__FILE__) + "/foo.pcap"
  
  if(not File.exists?(pcapfile))
    raise RuntimeError, "The PCAP file #{pcapfile} could not be found"
  end
  
  capture = ::Pcap.open_offline(pcapfile)
  
== Setting a BPF Filter
  
  bpf = "ip and not net 10.0.0.0/8"
  
  capture.setfilter(bpf)

== Reading Capture Statistics

Packets Received 
  capture.stats['recv']

Packets Dropped  
	capture.stats['drop']

Packets Dropped by Interface
	capture.stats['ifdrop']

== Running the Capture

Sniffing a set number of packets and also letting the user Interrupt Early

  capture_packets = 100
  
  begin
    capture.each do |packet|
      p packet 
      # Handling the number of packets to process
      capture_packets -= 1
      if capture_packets == 0
        break
      end
    end
    
  # ^C to stop sniffing
  rescue Interrupt
    puts "\nPacket Capture stopped by interrupt signal."
    
  rescue Exception => e
    puts "\nERROR: #{e}"
    retry
  end
	
== Examining the DataLink

Ethernet or Linux loopback
  if capture.datalink == PCAPRUB::Pcap::DLT_EN10MB
    puts "Ethernet 10MB Link detected"
  end

== Examining Packet Internals

Sniffing and yielding Packet Objects using "each_packet"

  require 'pcaprub'
  SNAPLENGTH = 65535
  capture = PCAPRUB::Pcap.open_live('wlan0', SNAPLENGTH, true, 0)
  capture.setfilter('port 80')

  capture_packets = 10
  capture.each_packet do |packet|
    puts packet.class
    puts Time.at(packet.time)
    puts "micro => #{packet.microsec}"
    puts "Packet Length => #{packet.length}"
    p packet.data
    
    capture_packets -= 1
    if capture_packets == 0
      break
    end
  end  

  
== Using the Packet Dump Capabilities
Write to file Example.pcap the first 10 packets on eth0.

  require 'pcaprub'
  SNAPLENGTH = 65535
  capture = PCAPRUB::Pcap.open_live('eth0', SNAPLENGTH, true, 0)
  dumper = capture.dump_open('./Example.pcap')

  capture_packets = 10
  capture.each do |packet|
    capture.dump(packet.length, packet.length, packet)
    capture_packets -= 1
    if capture_packets == 0
      break
    end
  end
  
  capture.dump_close

APT Browse - Built by Thomas Orozco.