File: file_cap.rb

package info (click to toggle)
ruby-pcaprub 0.13.3-1
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid, trixie
  • size: 244 kB
  • sloc: ansic: 846; ruby: 308; makefile: 2
file content (31 lines) | stat: -rwxr-xr-x 794 bytes parent folder | download | duplicates (4) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
 
#!/usr/bin/env ruby
# -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
#Example Output 
#>> nohup sudo simple_cap.rb &
#>> ping www.google.com
# -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
#{"recv"=>0, "drop"=>0, "idrop"=>0}
#{"recv"=>0, "drop"=>0, "idrop"=>0}
#{"recv"=>0, "drop"=>0, "idrop"=>0}
#{"recv"=>2, "drop"=>0, "idrop"=>0}
#captured packet
#{"recv"=>4, "drop"=>0, "idrop"=>0}
#captured packet
#{"recv"=>6, "drop"=>0, "idrop"=>0}
#captured packet 
#....^c
# -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

require 'rubygems'
require 'pcaprub'
require 'pp'

# Show me all SYN packets:
bpffilter = "tcp[13] & 2 != 0"

filename = './telnet-raw.pcap'
capture = PCAPRUB::Pcap.open_offline(filename)
puts "PCAP.h Version #{capture.pcap_major_version}.#{capture.pcap_minor_version}"

capture.setfilter(bpffilter)
pp capture