1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
|
= FAQ
Enough already! How does this work by example!?
#!/usr/bin/env ruby
require "rubygems"
require "pcaprub"
class CaptureExample
def initialize()
#interface configuration
@dev = ::Pcap.lookupdev
#promiscous_mode = true
@promiscous_mode = false
@timeout = 0
#packet information
@capture_packets = 100
@snaplength = 65535
@bpf = "ip and not dst net 110.0.0.0/8"
end
def getpackets
system("ifconfig", @dev, "up")
capture = ::Pcap.open_live(@dev, @snaplength, @promiscous_mode, @timeout)
capture.setfilter(@bpf)
begin
puts "Started capture..(#{@dev} => \"#{@bpf}\")"
capture.each do |packet|
# Handling the number of packets to process
@capture_packets -= 1
if @capture_packets == 0
break
end
end
# ^C to stop sniffing
rescue Interrupt
puts "\nPacket Capture stopped by interrupt signal."
rescue Exception => e
puts "\nERROR: #{e}"
retry
end
puts "Captured #{100 - @capture_packets} packets"
return capture
end
end
mycapture = CaptureExample.new()
packet_capture = mycapture.getpackets
puts "capture.stats['recv'] = #{packet_capture.stats['recv']}"
puts "capture.stats['drop'] = #{packet_capture.stats['drop']}"
|
