pcap_simple 0.2.0
Sign up to get free protection for your applications and to get access to all the features.
- data/.document +5 -0
- data/.rspec +1 -0
- data/Gemfile +14 -0
- data/LICENSE.txt +20 -0
- data/README.rdoc +19 -0
- data/Rakefile +47 -0
- data/VERSION +1 -0
- data/lib/pcap_simple.rb +126 -0
- data/spec/pcap_simple_spec.rb +7 -0
- data/spec/spec_helper.rb +12 -0
- metadata +187 -0
data/.document
ADDED
data/.rspec
ADDED
@@ -0,0 +1 @@
|
|
1
|
+
--color
|
data/Gemfile
ADDED
@@ -0,0 +1,14 @@
|
|
1
|
+
source "http://rubygems.org"
|
2
|
+
# Add dependencies required to use your gem here.
|
3
|
+
# Example:
|
4
|
+
# gem "activesupport", ">= 2.3.5"
|
5
|
+
|
6
|
+
# Add dependencies to develop your gem here.
|
7
|
+
# Include everything needed to run rake, tests, features, etc.
|
8
|
+
group :development do
|
9
|
+
gem "rspec", "~> 2.3.0"
|
10
|
+
gem "bundler", "~> 1.0.0"
|
11
|
+
gem "jeweler", "~> 1.5.2"
|
12
|
+
gem "rcov", ">= 0"
|
13
|
+
gem "bit-struct", "~> 0.13.6"
|
14
|
+
end
|
data/LICENSE.txt
ADDED
@@ -0,0 +1,20 @@
|
|
1
|
+
Copyright (c) 2011 Ryan Breed
|
2
|
+
|
3
|
+
Permission is hereby granted, free of charge, to any person obtaining
|
4
|
+
a copy of this software and associated documentation files (the
|
5
|
+
"Software"), to deal in the Software without restriction, including
|
6
|
+
without limitation the rights to use, copy, modify, merge, publish,
|
7
|
+
distribute, sublicense, and/or sell copies of the Software, and to
|
8
|
+
permit persons to whom the Software is furnished to do so, subject to
|
9
|
+
the following conditions:
|
10
|
+
|
11
|
+
The above copyright notice and this permission notice shall be
|
12
|
+
included in all copies or substantial portions of the Software.
|
13
|
+
|
14
|
+
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
15
|
+
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
16
|
+
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
|
17
|
+
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
|
18
|
+
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
|
19
|
+
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
|
20
|
+
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
data/README.rdoc
ADDED
@@ -0,0 +1,19 @@
|
|
1
|
+
= pcap_simple
|
2
|
+
|
3
|
+
Basic pcap file reader. API is gawky.
|
4
|
+
|
5
|
+
== Contributing to pcap_simple
|
6
|
+
|
7
|
+
* Check out the latest master to make sure the feature hasn't been implemented or the bug hasn't been fixed yet
|
8
|
+
* Check out the issue tracker to make sure someone already hasn't requested it and/or contributed it
|
9
|
+
* Fork the project
|
10
|
+
* Start a feature/bugfix branch
|
11
|
+
* Commit and push until you are happy with your contribution
|
12
|
+
* Make sure to add tests for it. This is important so I don't break it in a future version unintentionally.
|
13
|
+
* Please try not to mess with the Rakefile, version, or history. If you want to have your own version, or is otherwise necessary, that is fine, but please isolate to its own commit so I can cherry-pick around it.
|
14
|
+
|
15
|
+
== Copyright
|
16
|
+
|
17
|
+
Copyright (c) 2011 Ryan Breed. See LICENSE.txt for
|
18
|
+
further details.
|
19
|
+
|
data/Rakefile
ADDED
@@ -0,0 +1,47 @@
|
|
1
|
+
require 'rubygems'
|
2
|
+
require 'bundler'
|
3
|
+
begin
|
4
|
+
Bundler.setup(:default, :development)
|
5
|
+
rescue Bundler::BundlerError => e
|
6
|
+
$stderr.puts e.message
|
7
|
+
$stderr.puts "Run `bundle install` to install missing gems"
|
8
|
+
exit e.status_code
|
9
|
+
end
|
10
|
+
require 'rake'
|
11
|
+
|
12
|
+
require 'jeweler'
|
13
|
+
Jeweler::Tasks.new do |gem|
|
14
|
+
gem.name = "pcap_simple"
|
15
|
+
gem.homepage = "http://github.com/ryanbreed/pcap_simple"
|
16
|
+
gem.license = "MIT"
|
17
|
+
gem.summary = %Q{ Simplified pcap file reader }
|
18
|
+
gem.description = %Q{ A pure ruby BitStruct implementation of a pcap file reader}
|
19
|
+
gem.email = "opensource@breed.org"
|
20
|
+
gem.authors = ["Ryan Breed"]
|
21
|
+
gem.add_runtime_dependency 'bit-struct', '~> 0.13.6'
|
22
|
+
gem.add_development_dependency 'rspec', '~> 2.3.0'
|
23
|
+
end
|
24
|
+
Jeweler::RubygemsDotOrgTasks.new
|
25
|
+
|
26
|
+
require 'rspec/core'
|
27
|
+
require 'rspec/core/rake_task'
|
28
|
+
RSpec::Core::RakeTask.new(:spec) do |spec|
|
29
|
+
spec.pattern = FileList['spec/**/*_spec.rb']
|
30
|
+
end
|
31
|
+
|
32
|
+
RSpec::Core::RakeTask.new(:rcov) do |spec|
|
33
|
+
spec.pattern = 'spec/**/*_spec.rb'
|
34
|
+
spec.rcov = true
|
35
|
+
end
|
36
|
+
|
37
|
+
task :default => :spec
|
38
|
+
|
39
|
+
require 'rake/rdoctask'
|
40
|
+
Rake::RDocTask.new do |rdoc|
|
41
|
+
version = File.exist?('VERSION') ? File.read('VERSION') : ""
|
42
|
+
|
43
|
+
rdoc.rdoc_dir = 'rdoc'
|
44
|
+
rdoc.title = "pcap_simple #{version}"
|
45
|
+
rdoc.rdoc_files.include('README*')
|
46
|
+
rdoc.rdoc_files.include('lib/**/*.rb')
|
47
|
+
end
|
data/VERSION
ADDED
@@ -0,0 +1 @@
|
|
1
|
+
0.2.0
|
data/lib/pcap_simple.rb
ADDED
@@ -0,0 +1,126 @@
|
|
1
|
+
# DATE: Feb 9, 2011
|
2
|
+
# CREATED BY RYAN BREED
|
3
|
+
#
|
4
|
+
require 'rubygems'
|
5
|
+
require 'bit-struct'
|
6
|
+
|
7
|
+
module PcapSimple
|
8
|
+
PCAP_HEADER_LEN= ((5*32 + 2*16)/8)
|
9
|
+
PACKET_HEADER_LEN= ((4*32)/8)
|
10
|
+
VERSION=File.read(File.join(File.expand_path(File.dirname(__FILE__)),'..','VERSION'))
|
11
|
+
|
12
|
+
class PcapFile
|
13
|
+
attr_accessor :file_name
|
14
|
+
attr_reader :file, :header
|
15
|
+
include Enumerable
|
16
|
+
def initialize(*args)
|
17
|
+
Hash[*args].each {|k,v| self.send("%s="%k,v)}
|
18
|
+
raise ArgumentError, "need to specify file_name" if file_name.nil?
|
19
|
+
@file=File.open(file_name,"r")
|
20
|
+
@header=PcapHeader.new(file.read(PCAP_HEADER_LEN))
|
21
|
+
end
|
22
|
+
def each(&block)
|
23
|
+
file.seek(PCAP_HEADER_LEN)
|
24
|
+
loop do
|
25
|
+
header_data=file.read(PACKET_HEADER_LEN)
|
26
|
+
break if (header_data.nil? || header_data.length < PACKET_HEADER_LEN)
|
27
|
+
header=PcapRecord.new(header_data)
|
28
|
+
raw=file.read(header.incl_len)
|
29
|
+
break if (raw.nil? || raw.length < header.incl_len)
|
30
|
+
packet=Packet.new(:raw_data=>raw,:header=>header)
|
31
|
+
|
32
|
+
yield packet unless packet.datagram.nil?
|
33
|
+
end
|
34
|
+
end
|
35
|
+
end
|
36
|
+
class Packet
|
37
|
+
attr_accessor :raw_data, :header
|
38
|
+
attr_reader :ethernet, :ip, :datagram
|
39
|
+
|
40
|
+
def initialize(*args)
|
41
|
+
Hash[*args].each {|k,v| self.send("%s="%k,v)}
|
42
|
+
raise ArgumentError, "need to specify raw_data" if raw_data.nil?
|
43
|
+
@ethernet=Ethernet.new(raw_data)
|
44
|
+
@ip =IP.new(@ethernet.data)
|
45
|
+
case ip.ip_p
|
46
|
+
when 17
|
47
|
+
@datagram=UDP.new(ip.data)
|
48
|
+
end
|
49
|
+
end
|
50
|
+
def udp_data
|
51
|
+
datagram.data
|
52
|
+
end
|
53
|
+
def src
|
54
|
+
ip.ip_src
|
55
|
+
end
|
56
|
+
def dst
|
57
|
+
ip.ip_dst
|
58
|
+
end
|
59
|
+
def ip_id
|
60
|
+
ip.ip_id
|
61
|
+
end
|
62
|
+
def sport
|
63
|
+
datagram.sport
|
64
|
+
end
|
65
|
+
def dport
|
66
|
+
datagram.dport
|
67
|
+
end
|
68
|
+
def time
|
69
|
+
Time.at(header.ts_sec)
|
70
|
+
end
|
71
|
+
end
|
72
|
+
class PcapHeader < BitStruct
|
73
|
+
default_options :endian=>:native
|
74
|
+
unsigned :magic_number, 32, "Magic Number"
|
75
|
+
unsigned :version_major, 16, "Major Version Number"
|
76
|
+
unsigned :version_minor, 16, "Minor Version Number"
|
77
|
+
signed :thiszone, 32, "GMT to local offset"
|
78
|
+
unsigned :sigfigs, 32, "Timestamp Accuracy"
|
79
|
+
unsigned :snaplen, 32, "max octets per captured packet"
|
80
|
+
unsigned :network, 32, "Datalink Capture Type"
|
81
|
+
end
|
82
|
+
|
83
|
+
class PcapRecord < BitStruct
|
84
|
+
default_options :endian=>:native
|
85
|
+
unsigned :ts_sec, 32, "Timestamp Seconds"
|
86
|
+
unsigned :ts_usec, 32, "Timestamp Microseconds"
|
87
|
+
unsigned :incl_len, 32, "Octets included in file"
|
88
|
+
unsigned :orig_len, 32, "Octets in original packet"
|
89
|
+
end
|
90
|
+
|
91
|
+
class Ethernet < BitStruct
|
92
|
+
hex_octets :mac_dst, 48, "Source MAC"
|
93
|
+
hex_octets :mac_src, 48, "Destination MAC"
|
94
|
+
unsigned :ethertype,16, "Ethertype or length"
|
95
|
+
rest :data
|
96
|
+
end
|
97
|
+
|
98
|
+
class IP < BitStruct
|
99
|
+
unsigned :ip_v, 4, "Version"
|
100
|
+
unsigned :ip_hl, 4, "Header length"
|
101
|
+
unsigned :ip_tos, 8, "TOS"
|
102
|
+
unsigned :ip_len, 16, "Length"
|
103
|
+
unsigned :ip_id, 16, "ID"
|
104
|
+
unsigned :ip_off, 16, "Frag offset"
|
105
|
+
unsigned :ip_ttl, 8, "TTL"
|
106
|
+
unsigned :ip_p, 8, "Protocol"
|
107
|
+
unsigned :ip_sum, 16, "Checksum"
|
108
|
+
octets :ip_src, 32, "Source addr"
|
109
|
+
octets :ip_dst, 32, "Dest addr"
|
110
|
+
rest :data, "Body of message"
|
111
|
+
|
112
|
+
note " rest is application defined message body"
|
113
|
+
|
114
|
+
initial_value.ip_v = 4
|
115
|
+
initial_value.ip_hl = 5
|
116
|
+
end
|
117
|
+
|
118
|
+
class UDP < BitStruct
|
119
|
+
unsigned :sport, 16, "Source Port"
|
120
|
+
unsigned :dport, 16, "Destination Port"
|
121
|
+
unsigned :length, 16, "Datagram Length"
|
122
|
+
unsigned :checksum,16, "Datagram Checksum"
|
123
|
+
rest :data, "UDP Data"
|
124
|
+
end
|
125
|
+
|
126
|
+
end
|
data/spec/spec_helper.rb
ADDED
@@ -0,0 +1,12 @@
|
|
1
|
+
$LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..', 'lib'))
|
2
|
+
$LOAD_PATH.unshift(File.dirname(__FILE__))
|
3
|
+
require 'rspec'
|
4
|
+
require 'pcap_simple'
|
5
|
+
|
6
|
+
# Requires supporting files with custom matchers and macros, etc,
|
7
|
+
# in ./support/ and its subdirectories.
|
8
|
+
Dir["#{File.dirname(__FILE__)}/support/**/*.rb"].each {|f| require f}
|
9
|
+
|
10
|
+
RSpec.configure do |config|
|
11
|
+
|
12
|
+
end
|
metadata
ADDED
@@ -0,0 +1,187 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: pcap_simple
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
hash: 23
|
5
|
+
prerelease:
|
6
|
+
segments:
|
7
|
+
- 0
|
8
|
+
- 2
|
9
|
+
- 0
|
10
|
+
version: 0.2.0
|
11
|
+
platform: ruby
|
12
|
+
authors:
|
13
|
+
- Ryan Breed
|
14
|
+
autorequire:
|
15
|
+
bindir: bin
|
16
|
+
cert_chain: []
|
17
|
+
|
18
|
+
date: 2011-02-20 00:00:00 -06:00
|
19
|
+
default_executable:
|
20
|
+
dependencies:
|
21
|
+
- !ruby/object:Gem::Dependency
|
22
|
+
name: rspec
|
23
|
+
version_requirements: &id001 !ruby/object:Gem::Requirement
|
24
|
+
none: false
|
25
|
+
requirements:
|
26
|
+
- - ~>
|
27
|
+
- !ruby/object:Gem::Version
|
28
|
+
hash: 3
|
29
|
+
segments:
|
30
|
+
- 2
|
31
|
+
- 3
|
32
|
+
- 0
|
33
|
+
version: 2.3.0
|
34
|
+
prerelease: false
|
35
|
+
type: :development
|
36
|
+
requirement: *id001
|
37
|
+
- !ruby/object:Gem::Dependency
|
38
|
+
name: bundler
|
39
|
+
version_requirements: &id002 !ruby/object:Gem::Requirement
|
40
|
+
none: false
|
41
|
+
requirements:
|
42
|
+
- - ~>
|
43
|
+
- !ruby/object:Gem::Version
|
44
|
+
hash: 23
|
45
|
+
segments:
|
46
|
+
- 1
|
47
|
+
- 0
|
48
|
+
- 0
|
49
|
+
version: 1.0.0
|
50
|
+
prerelease: false
|
51
|
+
type: :development
|
52
|
+
requirement: *id002
|
53
|
+
- !ruby/object:Gem::Dependency
|
54
|
+
name: jeweler
|
55
|
+
version_requirements: &id003 !ruby/object:Gem::Requirement
|
56
|
+
none: false
|
57
|
+
requirements:
|
58
|
+
- - ~>
|
59
|
+
- !ruby/object:Gem::Version
|
60
|
+
hash: 7
|
61
|
+
segments:
|
62
|
+
- 1
|
63
|
+
- 5
|
64
|
+
- 2
|
65
|
+
version: 1.5.2
|
66
|
+
prerelease: false
|
67
|
+
type: :development
|
68
|
+
requirement: *id003
|
69
|
+
- !ruby/object:Gem::Dependency
|
70
|
+
name: rcov
|
71
|
+
version_requirements: &id004 !ruby/object:Gem::Requirement
|
72
|
+
none: false
|
73
|
+
requirements:
|
74
|
+
- - ">="
|
75
|
+
- !ruby/object:Gem::Version
|
76
|
+
hash: 3
|
77
|
+
segments:
|
78
|
+
- 0
|
79
|
+
version: "0"
|
80
|
+
prerelease: false
|
81
|
+
type: :development
|
82
|
+
requirement: *id004
|
83
|
+
- !ruby/object:Gem::Dependency
|
84
|
+
name: bit-struct
|
85
|
+
version_requirements: &id005 !ruby/object:Gem::Requirement
|
86
|
+
none: false
|
87
|
+
requirements:
|
88
|
+
- - ~>
|
89
|
+
- !ruby/object:Gem::Version
|
90
|
+
hash: 39
|
91
|
+
segments:
|
92
|
+
- 0
|
93
|
+
- 13
|
94
|
+
- 6
|
95
|
+
version: 0.13.6
|
96
|
+
prerelease: false
|
97
|
+
type: :development
|
98
|
+
requirement: *id005
|
99
|
+
- !ruby/object:Gem::Dependency
|
100
|
+
name: bit-struct
|
101
|
+
version_requirements: &id006 !ruby/object:Gem::Requirement
|
102
|
+
none: false
|
103
|
+
requirements:
|
104
|
+
- - ~>
|
105
|
+
- !ruby/object:Gem::Version
|
106
|
+
hash: 39
|
107
|
+
segments:
|
108
|
+
- 0
|
109
|
+
- 13
|
110
|
+
- 6
|
111
|
+
version: 0.13.6
|
112
|
+
prerelease: false
|
113
|
+
type: :runtime
|
114
|
+
requirement: *id006
|
115
|
+
- !ruby/object:Gem::Dependency
|
116
|
+
name: rspec
|
117
|
+
version_requirements: &id007 !ruby/object:Gem::Requirement
|
118
|
+
none: false
|
119
|
+
requirements:
|
120
|
+
- - ~>
|
121
|
+
- !ruby/object:Gem::Version
|
122
|
+
hash: 3
|
123
|
+
segments:
|
124
|
+
- 2
|
125
|
+
- 3
|
126
|
+
- 0
|
127
|
+
version: 2.3.0
|
128
|
+
prerelease: false
|
129
|
+
type: :development
|
130
|
+
requirement: *id007
|
131
|
+
description: " A pure ruby BitStruct implementation of a pcap file reader"
|
132
|
+
email: opensource@breed.org
|
133
|
+
executables: []
|
134
|
+
|
135
|
+
extensions: []
|
136
|
+
|
137
|
+
extra_rdoc_files:
|
138
|
+
- LICENSE.txt
|
139
|
+
- README.rdoc
|
140
|
+
files:
|
141
|
+
- .document
|
142
|
+
- .rspec
|
143
|
+
- Gemfile
|
144
|
+
- LICENSE.txt
|
145
|
+
- README.rdoc
|
146
|
+
- Rakefile
|
147
|
+
- VERSION
|
148
|
+
- lib/pcap_simple.rb
|
149
|
+
- spec/pcap_simple_spec.rb
|
150
|
+
- spec/spec_helper.rb
|
151
|
+
has_rdoc: true
|
152
|
+
homepage: http://github.com/ryanbreed/pcap_simple
|
153
|
+
licenses:
|
154
|
+
- MIT
|
155
|
+
post_install_message:
|
156
|
+
rdoc_options: []
|
157
|
+
|
158
|
+
require_paths:
|
159
|
+
- lib
|
160
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
161
|
+
none: false
|
162
|
+
requirements:
|
163
|
+
- - ">="
|
164
|
+
- !ruby/object:Gem::Version
|
165
|
+
hash: 3
|
166
|
+
segments:
|
167
|
+
- 0
|
168
|
+
version: "0"
|
169
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
170
|
+
none: false
|
171
|
+
requirements:
|
172
|
+
- - ">="
|
173
|
+
- !ruby/object:Gem::Version
|
174
|
+
hash: 3
|
175
|
+
segments:
|
176
|
+
- 0
|
177
|
+
version: "0"
|
178
|
+
requirements: []
|
179
|
+
|
180
|
+
rubyforge_project:
|
181
|
+
rubygems_version: 1.5.2
|
182
|
+
signing_key:
|
183
|
+
specification_version: 3
|
184
|
+
summary: Simplified pcap file reader
|
185
|
+
test_files:
|
186
|
+
- spec/pcap_simple_spec.rb
|
187
|
+
- spec/spec_helper.rb
|