pcaprub 0.11.3 → 0.12.0

checksums.yaml

@@ -0,0 +1,15 @@
+---
+!binary "U0hBMQ==":
+  metadata.gz: !binary |-
+    YTM1M2U0NmViOTRlNDVkNDk3ZWU5Yzk5NDI4OTk5MmQ0ZDE5ZWJlMg==
+  data.tar.gz: !binary |-
+    MzcyNDk3YTY1YjUzNGE2ZDQyYTQ1MTU4YTk3YjcyOGY3NGIxODIxMg==
+SHA512:
+  metadata.gz: !binary |-
+    OGYwOWYxMTM1Y2VjOTE0NzBlOTA1NTljMzJkNmFlZWEyOWQ2MTI2MDE0ODVh
+    NDJkNjgxOTM3ODk4YzRhMjFlMDMwYTcxZjM3Mzk4OTJiNTI5ODhiOTU5NmVm
+    MTBhNGQxNTI0ZDMyNGJmMmRhNzJlYmUzNjZhZGEzNjFiYjAyMTA=
+  data.tar.gz: !binary |-
+    ODc3OGFhY2RjZmEwNzIzM2IwNGQ1OGNiMTQ5MzhmY2JiMDUyNDA5NDAxYTZm
+    MGJmZDJmNGVkNmM4YjY4MjMwZTYwODI2NTc3OGE4MTNmZDAyZTE3MGM3Y2Qy
+    YzBhNTcyYTMxOTZkZTQ4YmIzY2Y2ZWQyYmZkOWQ5Mjc1MWYxODE=

data/.travis.yml

@@ -0,0 +1,11 @@
+language: ruby
+before_install:
+ - sudo apt-get install libpcap-dev -qq
+rvm:
+  - 1.8.7
+  - 1.9.3
+  - 2.0.0
+  - 2.1.0
+#  - ruby-head
+script:
+  - rvmsudo bundle exec rake

data/Gemfile

@@ -0,0 +1,20 @@
+source 'https://rubygems.org'
+
+# No more static spec file
+
+platforms :ruby_18 do
+    gem 'rdoc'
+end
+
+group :development, :test do
+  # Prevent occasions where minitest is not bundled in packaged versions of ruby (see #3826)
+  gem 'minitest', '~> 4.7.0'
+  gem 'shoulda-context', '~> 1.1.6'
+  platforms :ruby_19, :ruby_20, :ruby_21 do
+    gem 'coveralls', :require => false
+  end
+end
+
+gem 'rake', '>= 0.9.2'
+gem 'rake-compiler', '>= 0.6.0'
+gem 'rubygems-tasks'

data/README.rdoc

@@ -1,18 +1,36 @@
 = pcaprub
 
+{<img src="https://travis-ci.org/pcaprub/pcaprub.png" alt="Build Status" />}[https://travis-ci.org/pcaprub/pcaprub]
+{<img src="https://codeclimate.com/github/pcaprub/pcaprub.png" />}[https://codeclimate.com/github/pcaprub/pcaprub]
+{<img src="https://badge.fury.io/rb/pcaprub.png" alt="Gem Version" />}[http://badge.fury.io/rb/pcaprub]
+{<img src="https://gemnasium.com/pcaprub/pcaprub.svg" alt="Dependency Status" />}[https://gemnasium.com/pcaprub/pcaprub]
+
 This goal of this project is to provide a consistent interface 
-to LBL's libpcap packet capture library. This project was created 
-because the currently available ruby-pcap library is poorly designed 
-and has been unmaintained since 2000. 
+to LBL's libpcap packet capture library. 
+
+== Limitations
 
 This does not provide packet processing functionality, it simply provides 
 the interface for capturing packets, and passing yielding those packets. 
 
-For true packet processing capability look at PCAPFU PCAPLET etc..
+For packet processing capability look at ruby gems PCAPFU, PCAPLET, etc..
+
+== Requirements
+
+MRI POSIX Ruby (Native compilation)
+  Ruby 1.8.7  (EOL June 2014)
+  Ruby 1.9.3 or higher
+  Ruby 2.x or higher
 
-Requirements:
   libpcap - http://www.tcpdump.org
 
+MRI Windows Ruby (Native compilation)
+  Ruby 1.8.7 (EOL June 2014)
+  Ruby 1.9.3 or higher
+  Ruby 2.x or higher
+
+  WinPcap - http://www.winpcap.org
+
 == Installation  
 
   gem install pcaprub  
@@ -26,10 +44,12 @@ Requirements:
 
 == Current Repository for Gemcutter source
 
-The Git Repo on Github @shadowbq is forked from the Metasploit SVN repo
-  git clone git://github.com/shadowbq/pcaprub.git
+The Git Repo on Github @pcaprub is forked from the Metasploit SVN repo
+  git clone git://github.com/pcaprub/pcaprub.git
+
+== Additionals
 
-== Notes on 11.x series and beyond.
+=== Notes on 0.11.x series and beyond.
 
 The gem is now a module. The module is autoincluded, but this helps with name collisions and additional growth.
 
@@ -42,7 +62,7 @@ The file handling in dumper is now attached to the Capture Class and not the Mod
     { ... }
   capture.dump_close
   
-== Timstamps from the PCAP Header 
+=== Timstamps from the PCAP Header 
 
 Timestamps are now available when yeilding packets instead of strings
 
@@ -52,7 +72,29 @@ Timestamps are now available when yeilding packets instead of strings
     puts "micro => #{packet.microsec}"
   end
     
-=== Notes on other repositories
+=== Ruby 1.8.7 & WinPcap
+
+On Ruby 1.8 with winpcap, rb_thread_polling pauses for 100 milliseconds between reads. This may mean some packets are missed. 
+
+  
+== LICENSE
+
+GNU Lesser General Public License v2.1 (LGPL-2.1)
+
+https://www.tldrlegal.com/l/lgpl2
+
+See LICENCE for details
+
+Copyright © 2010 - 2014 
+
+=== Notes on other repositories in compliance with LGPL-2.1
+
+All original code maintains its copyright from its original authors and licensing.
+
+On March 2014 this project was migrated to https://github.com/pcaprub/pcaprub from https://github.com/shadowbq/pcaprub
+
+The Git Repo on Github @pcaprub is a forked merge from the Metasploit SVN repo
+  git clone git://github.com/shadowbq/pcaprub.git (moved)
 
 The Metasploit Project also provides a Subversion repository: (0.9-dev)
   svn checkout http://metasploit.com/svn/framework3/trunk/external/pcaprub/
@@ -60,14 +102,16 @@ The Metasploit Project also provides a Subversion repository: (0.9-dev)
 Packetfu Project also provides a listing (0.9-dev) 
   http://code.google.com/p/packetfu/source/browse/#svn/trunk/pcaprub_linux
   
-The Outdate RubyForge svn version can be obtained from Subversion: (0.7-dev)
+The Marshall Beddoe's Outdate RubyForge svn version can be obtained from Subversion: (0.7-dev)
   svn checkout http://pcaprub.rubyforge.org/svn/trunk/
   http download Public Rubyforge (0.6)
+  https://github.com/unmarshal/pcaprub
 
 SourceForge Masaki Fukushima 2000 (0.6) -- Object Creation Heavy Implementation (PCAPLET integrated)
   http://sourceforge.net/apps/trac/rubypcap/
   
 Additonal Github Repos
-  github.com/dxoigmn/pcaprub (0.8-dev)
-  github.com/spox /pcaprub-spox  (0.8-dev+)
+  https://github.com/dxoigmn/pcaprub (0.8-dev)
+  https://github.com/spox /pcaprub-spox  (0.8-dev+)
+
   

data/Rakefile

@@ -1,56 +1,67 @@
-require 'rubygems'
-require 'rake'
-require 'rake/clean'
-require './lib/pcaprub/version'
+#require "bundler/gem_tasks"
+require './lib/pcaprub/version.rb'
 
-desc "Build the extension:"
-task :compile => %W[ext/pcaprub/Makefile ext/pcaprub/pcaprub.c]
+def java?
+  /java/ === RUBY_PLATFORM
+end
 
+ENV['LANG'] = "en_US.UTF-8" 
 
-file "ext/pcaprub/Makefile" => ["ext/pcaprub/extconf.rb"] do
-  Dir.chdir("ext/pcaprub") do 
-    ruby "extconf.rb"
-    sh "make"
-  end
-  cp "ext/pcaprub/pcaprub.so", "lib"  
-end
 
-CLEAN.include 'ext/**/Makefile'
-CLEAN.include 'ext/**/*.o'
-CLEAN.include 'ext/**/mkmf.log'
-CLEAN.include 'ext/**/*.so'
-CLEAN.include 'lib/**/*.so'
+@gemspec = Gem::Specification.new do |spec|
+  spec.name          = "pcaprub"
+  spec.version       = PCAPRUB::Pcap.version
+  spec.authors       = ["shadowbq", "crondaemon", "jmcavinee", "unmarshal"]
+  spec.email         = "shadowbq@gmail.com"
+  spec.description   = "libpcap bindings for ruby with Ruby1.8, Ruby1.9, Ruby 2.x"
+  spec.summary       = "libpcap bindings for ruby"
+  spec.homepage      = "https://github.com/pcaprub/pcaprub"
+  spec.requirements  = "libpcap"
+  spec.license       = "LGPL-2.1"
 
-begin
-  require 'jeweler'
-  jeweler_tasks = Jeweler::Tasks.new do |gem|
-    gem.name = "pcaprub"
-    gem.summary = "libpcap bindings for ruby"
-    gem.description = "libpcap bindings for ruby compat with JRUBY Ruby1.8 Ruby1.9"
-    gem.email = "shadowbq@gmail.com"
-    gem.homepage = "http://github.com/shadowbq/pcaprub"
-    gem.authors = ["shadowbq"]
-    gem.extensions = FileList['ext/**/extconf.rb']
-    gem.rubyforge_project   = 'pcaprub'
-    gem.version = PCAPRUB::VERSION::STRING
-    gem.files.include('lib/pcaprub.*') # add native stuff
-    gem.extra_rdoc_files = FileList['README*', 'ChangeLog*', 'LICENSE*', 'FAQ*', 'USAGE*', 'ext/**/*.c']
-  end
-  
-  $gemspec          = jeweler_tasks.gemspec
-  $gemspec.version  = jeweler_tasks.jeweler.version
-  
-  Jeweler::GemcutterTasks.new
-rescue LoadError
-  puts "Jeweler (or a dependency) not available. Install it with: gem install jeweler"
-end
+  spec.files = [
+    ".document",
+    ".travis.yml",
+    "FAQ.rdoc",
+    "Gemfile",
+    "LICENSE",
+    "README.rdoc",
+    "Rakefile",
+    "USAGE.rdoc",
+    "examples/dead_cap.rb",
+    "examples/file_cap.rb",
+    "examples/simple_cap.rb",
+    "examples/telnet-raw.pcap",
+    "ext/pcaprub_c/extconf.rb",
+    "ext/pcaprub_c/pcaprub.c",
+    "lib/pcaprub.rb",
+    "lib/pcaprub/common.rb",
+    "lib/pcaprub/ext.rb",
+    "lib/pcaprub/version.rb",
+    "test/helper.rb",
+    "test/test_pcaprub.rb",
+    "test/test_pcaprub_unit.rb"
+  ]
 
-require "rubygems/package_task"
-Gem::PackageTask.new($gemspec) do |package|
-  package.need_zip = false
-  package.need_tar = false
-end
+  spec.extra_rdoc_files = [
+    "FAQ.rdoc",
+    "LICENSE",
+    "README.rdoc",
+    "USAGE.rdoc",
+    "ext/pcaprub_c/pcaprub.c"
+  ]
+  spec.extensions = FileList["ext/**/extconf.rb"]
+  spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
+  spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
+  spec.require_paths = ["lib"]
+
+  spec.add_development_dependency "bundler", "~> 1.3"
+  spec.add_development_dependency "rake", '>= 0.9.2'
+  spec.add_development_dependency "rake-compiler", '>= 0.6.0'
+  spec.add_development_dependency "shoulda-context", '~> 1.1.6'
+  spec.add_development_dependency "minitest", '~> 4.7.0'
 
+end
 
 require 'rake/testtask'
 Rake::TestTask.new(:test) do |test|
@@ -72,13 +83,21 @@ rescue LoadError
   end
 end
 
-task :test => :check_dependencies
+task :test
 
-task :default => %w[clean compile test]
+require 'rubygems/package_task'
+Gem::PackageTask.new(@gemspec) do |pkg|
+  pkg.need_zip = false
+  pkg.need_tar = false
+end
+
+require 'rake/extensiontask'
+Rake::ExtensionTask.new('pcaprub_c', @gemspec)
+
+task :default => [:compile, :test]
 
 require 'rdoc/task'
 RDoc::Task.new do |rdoc|
-  
   version = PCAPRUB::VERSION::STRING
   rdoc.rdoc_dir = 'rdoc'
   rdoc.title = "pcaprub #{version}"
@@ -88,3 +107,6 @@ RDoc::Task.new do |rdoc|
   rdoc.rdoc_files.include('lib/**/*.rb')
   rdoc.rdoc_files.include('ext/**/*.c')
 end
+
+require 'rubygems/tasks'
+Gem::Tasks.new

data/ext/{pcaprub → pcaprub_c}/extconf.rb

@@ -1,27 +1,29 @@
 require 'mkmf'
-extension_name = 'pcaprub'
+extension_name = 'pcaprub_c'
 
 puts "\n[*] Running checks for #{extension_name} code..."
 puts("platform is #{RUBY_PLATFORM}")
 
 if /i386-mingw32/ =~ RUBY_PLATFORM
-	
-	unless  have_library("ws2_32" ) and 
-		have_library("iphlpapi") and 
-		have_header("windows.h") and 
-		have_header("winsock2.h") and 
-		have_header("iphlpapi.h")
-			puts "\nNot all dependencies are satisfied for #{RUBY_PLATFORM} platform requirements"
-			exit
-	end
-	
-	pcap_dir        = with_config("pcap-dir", "C:/WpdPack")
+
+  unless  have_library("ws2_32" ) and
+    have_library("iphlpapi") and
+    have_header("windows.h") and
+    have_header("winsock2.h") and
+    have_header("iphlpapi.h")
+    puts "\nNot all dependencies are satisfied for #{RUBY_PLATFORM} platform requirements"
+    exit
+  end
+
+  pcap_dir        = with_config("pcap-dir", "C:/WpdPack")
   pcap_includedir = with_config("pcap-includedir", pcap_dir + "/include")
   pcap_libdir     = with_config("pcap-libdir", pcap_dir + "/lib")
-
+  $CFLAGS  = "-DWIN32 -I#{pcap_includedir}"
+  $LDFLAGS = "-L#{pcap_libdir}"
+  
   have_library("wpcap", "pcap_open_live")
-	have_library("wpcap", "pcap_setnonblock")
-	
+  have_library("wpcap", "pcap_setnonblock")
+
 elsif /i386-mswin32/ =~ RUBY_PLATFORM
   pcap_dir        = with_config("pcap-dir", "C:\\WpdPack")
   pcap_includedir = with_config("pcap-includedir", pcap_dir + "\\include")
@@ -30,18 +32,10 @@ elsif /i386-mswin32/ =~ RUBY_PLATFORM
   $CFLAGS  = "-DWIN32 -I#{pcap_includedir}"
   $LDFLAGS = "/link /LIBPATH:#{pcap_libdir}"
   have_library("wpcap", "pcap_open_live")
-	have_library("wpcap", "pcap_setnonblock")
+  have_library("wpcap", "pcap_setnonblock")
 else
-  have_library("pcap", "pcap_open_live")
-	have_library("pcap", "pcap_setnonblock")
+  have_library("pcap", "pcap_open_live", ["pcap.h"])
+  have_library("pcap", "pcap_setnonblock", ["pcap.h"])
 end
 
-if ( RUBY_VERSION =~ /^1\.8/ && !defined?(JRUBY_VERSION) )
-	$CFLAGS += " -DMAKE_TRAP"
-end
-
-
-dir_config(extension_name)
 create_makefile(extension_name)
-
-

data/ext/{pcaprub → pcaprub_c}/pcaprub.c

@@ -6,6 +6,9 @@
 
 
 #include <pcap.h>
+#if defined(WIN32)
+#include <Win32-Extensions.h>
+#endif
 
 #if !defined(WIN32)
  #include <netinet/in.h>
@@ -17,6 +20,10 @@ static VALUE mPCAP;
 static VALUE rb_cPcap, rb_cPkt;
 static VALUE ePCAPRUBError, eDumperError, eBindingError, eBPFilterError;
 
+#if defined(WIN32)
+static VALUE rbpcap_thread_wait_handle(HANDLE fno);
+#endif
+
 // Now defined in Native Ruby
 // #define PCAPRUB_VERSION "*.*.*"
 
@@ -25,8 +32,8 @@ static VALUE ePCAPRUBError, eDumperError, eBindingError, eBPFilterError;
 
 #if !defined(PCAP_NETMASK_UNKNOWN)
 /*
-* Version of libpcap < 1.1 
-* Value to pass to pcap_compile() as the netmask if you dont know what the netmask is. 
+* Version of libpcap < 1.1
+* Value to pass to pcap_compile() as the netmask if you dont know what the netmask is.
 */
 #define PCAP_NETMASK_UNKNOWN  0xffffffff
 #endif
@@ -46,7 +53,7 @@ typedef struct rbpcapjob {
 } rbpcapjob_t;
 
 typedef struct rbpacket {
-  struct pcap_pkthdr* hdr;
+  struct pcap_pkthdr hdr;
   u_char* pkt;
 } rbpacket_t;
 
@@ -61,7 +68,7 @@ rbpcap_s_lookupdev(VALUE self)
   char *dev = NULL;
   char eb[PCAP_ERRBUF_SIZE];
   VALUE ret_dev;  /* device string to return */
-#if defined(WIN32)  /* pcap_lookupdev is broken on windows */    
+#if defined(WIN32)  /* pcap_lookupdev is broken on windows */
   pcap_if_t *alldevs;
   pcap_if_t *d;
 
@@ -77,7 +84,7 @@ rbpcap_s_lookupdev(VALUE self)
           break;
       }
   }
-  
+
   if (dev == NULL) {
       rb_raise(eBindingError,"%s","No valid interfaces found, Make sure WinPcap is installed.\n");
   }
@@ -104,7 +111,7 @@ rbpcap_s_lookupnet(VALUE self, VALUE dev)
   struct in_addr addr;
   char eb[PCAP_ERRBUF_SIZE];
 	VALUE list;
-	
+
   Check_Type(dev, T_STRING);
   if (pcap_lookupnet(StringValuePtr(dev), &net, &mask, eb) == -1) {
 	  rb_raise(rb_eRuntimeError, "%s", eb);
@@ -119,7 +126,7 @@ rbpcap_s_lookupnet(VALUE self, VALUE dev)
 }
 
 /*
-* Check if PCAP file or device is bound and loaded 
+* Check if PCAP file or device is bound and loaded
 */
 static int rbpcap_ready(rbpcap_t *rbp) {
 	if(! rbp->pd) {
@@ -130,14 +137,13 @@ static int rbpcap_ready(rbpcap_t *rbp) {
 }
 
 
-
 /*
 * Automated Garbage Collection for Pcap Class
 */
 static void rbpcap_free(rbpcap_t *rbp) {
 	if (rbp->pd)
 		pcap_close(rbp->pd);
-	
+
 	if (rbp->pdt)
 		pcap_dump_close(rbp->pdt);
 
@@ -151,15 +157,11 @@ static void rbpcap_free(rbpcap_t *rbp) {
 */
 static void rbpacket_free(rbpacket_t *rbpacket)
 {
-  
-  if(rbpacket->hdr != NULL) {
-    rbpacket->hdr = NULL;
-  }
-  
+
   if(rbpacket->pkt != NULL) {
     rbpacket->pkt = NULL;
   }
-  
+
   free(rbpacket);
 }
 
@@ -199,16 +201,129 @@ rbpacket_new_s(VALUE class)
   return self;
 }
 
+
+/*
+* call-seq:
+*   setmonitor(true)
+*
+* Set monitor mode for the capture.
+*
+* Returns the object itself.
+*/
+static VALUE
+rbpcap_setmonitor(VALUE self, VALUE mode)
+{
+  rbpcap_t *rbp;
+  int rfmon_mode = 0;
+  Data_Get_Struct(self, rbpcap_t, rbp);
+  if (mode == Qtrue) {
+    rfmon_mode = 1;
+  } else if (mode == Qfalse) {
+    rfmon_mode = 0;
+  } else {
+    rb_raise(rb_eArgError, "Monitor mode must be a boolean");
+  }
+
+#if defined(WIN32)
+  // monitor mode support was disabled in WinPcap 4.0.2
+  rb_raise(ePCAPRUBError, "set monitor mode not supported in WinPcap");
+#else
+  if (pcap_set_rfmon(rbp->pd, rfmon_mode) == 0) {
+    return self;
+  } else {
+    rb_raise(ePCAPRUBError, "unable to set monitor mode");
+  }
+#endif
+}
+
+/*
+* call-seq:
+*   settimeout(1234)
+*
+* Set timeout for the capture.
+*
+* Returns the object itself.
+*/
+static VALUE
+rbpcap_settimeout(VALUE self, VALUE timeout)
+{
+  rbpcap_t *rbp;
+  Data_Get_Struct(self, rbpcap_t, rbp);
+
+  if(TYPE(timeout) != T_FIXNUM)
+    rb_raise(rb_eArgError, "timeout must be a fixnum");
+
+  if (pcap_set_timeout(rbp->pd, NUM2INT(timeout)) == 0) {
+    return self;
+  } else {
+    rb_raise(ePCAPRUBError, "unable to set timeout");
+  }
+}
+
+
+/*
+* call-seq:
+*   setsnaplen(true)
+*
+* Set snap length for the capture.
+*
+* Returns the object itself.
+*/
+static VALUE
+rbpcap_setsnaplen(VALUE self, VALUE snaplen)
+{
+  rbpcap_t *rbp;
+  Data_Get_Struct(self, rbpcap_t, rbp);
+
+  if(TYPE(snaplen) != T_FIXNUM)
+    rb_raise(rb_eArgError, "snaplen must be a fixnum");
+
+  if (pcap_set_snaplen(rbp->pd, NUM2INT(snaplen)) == 0) {
+    return self;
+  } else {
+    rb_raise(ePCAPRUBError, "unable to set snap length");
+  }
+}
+
+/*
+* call-seq:
+*   setpromisc(true)
+*
+* Set promiscuous mode for the capture.
+*
+* Returns the object itself.
+*/
+static VALUE
+rbpcap_setpromisc(VALUE self, VALUE mode)
+{
+  rbpcap_t *rbp;
+  int promisc_mode = 0;
+  Data_Get_Struct(self, rbpcap_t, rbp);
+  if (mode == Qtrue) {
+    promisc_mode = 1;
+  } else if (mode == Qfalse) {
+    promisc_mode = 0;
+  } else {
+    rb_raise(rb_eArgError, "Promisc mode must be a boolean");
+  }
+
+  if (pcap_set_promisc(rbp->pd, promisc_mode) == 0) {
+    return self;
+  } else {
+    rb_raise(ePCAPRUBError, "unable to set promiscuous mode");
+  }
+}
+
 /*
 * call-seq:
 *   setfilter(filter)
 *
 * Provide a valid bpf-filter to apply to the packet capture
-* 
+*
 *  # Show me all SYN packets:
 *  bpf-filter = "tcp[13] & 2 != 0"
 *  capture.setfilter(bpf-filter)
-* 
+*
 * Examples:
 * * "net 10.0.0.0/8"
 * * "not tcp and dst host 192.168.1.1"
@@ -228,8 +343,8 @@ rbpcap_setfilter(VALUE self, VALUE filter)
   if(TYPE(filter) != T_STRING)
   	rb_raise(eBPFilterError, "filter must be a string");
 
-	if(! rbpcap_ready(rbp)) return self; 
-	
+	if(! rbpcap_ready(rbp)) return self;
+
   if(rbp->type == LIVE)
   	if(pcap_lookupnet(rbp->iface, &netid, &mask, eb) < 0) {
   		netid = 0;
@@ -246,6 +361,93 @@ rbpcap_setfilter(VALUE self, VALUE filter)
   return self;
 }
 
+/*
+* Activate the interface
+*
+* call-seq:
+*   activate() -> self
+*
+* Returns the object itself.
+*/
+static VALUE
+rbpcap_activate(VALUE self)
+{
+  rbpcap_t *rbp;
+  int errcode;
+  Data_Get_Struct(self, rbpcap_t, rbp);
+
+  if ((errcode = pcap_activate(rbp->pd)) == 0) {
+    return self;
+  } else {
+    rb_raise(ePCAPRUBError, "unable to activate interface: %d, %s", errcode, rbp->iface);
+  }
+}
+
+
+/*
+* Close the interface
+*
+* call-seq:
+*   activate() -> self
+*
+* Returns the object itself.
+*/
+static VALUE
+rbpcap_close(VALUE self)
+{
+  rbpcap_t *rbp;
+  Data_Get_Struct(self, rbpcap_t, rbp);
+
+  pcap_close(rbp->pd);
+  rbp->pd = NULL;
+  return self;
+}
+
+static VALUE
+rbpcap_create(VALUE self, VALUE iface)
+{
+  rbpcap_t *rbp;
+  char eb[PCAP_ERRBUF_SIZE];
+
+  Data_Get_Struct(self, rbpcap_t, rbp);
+
+  rbp->type = LIVE;
+  memset(rbp->iface, 0, sizeof(rbp->iface));
+  strncpy(rbp->iface, RSTRING_PTR(iface), sizeof(rbp->iface) - 1);
+
+  if(rbp->pd) {
+    pcap_close(rbp->pd);
+  }
+
+  rbp->pd = pcap_create(
+    RSTRING_PTR(iface),
+    eb
+  );
+
+  if(!rbp->pd)
+    rb_raise(rb_eRuntimeError, "%s", eb);
+
+  return self;
+}
+
+/*
+*
+* call-seq:
+*   create(iface) -> self
+*
+*   capture = ::Pcap.create(@dev)
+*
+* Returns the object itself.
+*/
+static VALUE
+rbpcap_create_s(VALUE class, VALUE iface)
+{
+  VALUE iPcap = rb_funcall(rb_cPcap, rb_intern("new"), 0);
+  return rbpcap_create(iPcap, iface);
+}
+
+
+
 // transparent method
 static VALUE
 rbpcap_open_live(VALUE self, VALUE iface,VALUE snaplen,VALUE promisc, VALUE timeout)
@@ -281,7 +483,7 @@ rbpcap_open_live(VALUE self, VALUE iface,VALUE snaplen,VALUE promisc, VALUE time
 
 
   if(rbp->pd) {
-      pcap_close(rbp->pd);	
+      pcap_close(rbp->pd);
   }
 
   rbp->pd = pcap_open_live(
@@ -299,13 +501,13 @@ rbpcap_open_live(VALUE self, VALUE iface,VALUE snaplen,VALUE promisc, VALUE time
 }
 
 /*
-* 
+*
 * call-seq:
 *   open_live(iface, snaplen, promisc, timeout) -> self
 *
 *   capture = ::Pcap.open_live(@dev, @snaplength, @promiscous_mode, @timeout)
 *
-* Returns the object itself.  
+* Returns the object itself.
 */
 static VALUE
 rbpcap_open_live_s(VALUE class, VALUE iface, VALUE snaplen, VALUE promisc, VALUE timeout)
@@ -341,11 +543,11 @@ rbpcap_open_offline(VALUE self, VALUE filename)
 }
 
 /*
-* 
+*
 * call-seq:
 *   open_offline(filename) -> self
 *
-*   capture = ::Pcap.open_offline(filename)  
+*   capture = ::Pcap.open_offline(filename)
 *
 * Returns the object itself.
 */
@@ -357,7 +559,7 @@ rbpcap_open_offline_s(VALUE class, VALUE filename)
   return rbpcap_open_offline(iPcap, filename);
 }
 
-// transparent method 
+// transparent method
 static VALUE
 rbpcap_open_dead(VALUE self, VALUE linktype, VALUE snaplen)
 {
@@ -384,7 +586,7 @@ rbpcap_open_dead(VALUE self, VALUE linktype, VALUE snaplen)
 
 
 /*
-* 
+*
 * call-seq:
 *   open_dead(linktype, snaplen) -> self
 *
@@ -420,19 +622,19 @@ rbpcap_dump_open(VALUE self, VALUE filename)
 
   if(TYPE(filename) != T_STRING)
      rb_raise(rb_eArgError, "filename must be a string");
-      
+
   Data_Get_Struct(self, rbpcap_t, rbp);
-  
+
   if(! rbpcap_ready(rbp)) return self;
-  
+
   rbp->pdt = pcap_dump_open(
       rbp->pd,
       RSTRING_PTR(filename)
   );
-  
+
   if(!rbp->pdt)
   	rb_raise(eDumperError, "Stream could not be initialized or opened.");
-  
+
   return self;
 }
 
@@ -446,21 +648,21 @@ static VALUE
 rbpcap_dump_close(VALUE self)
 {
   rbpcap_t *rbp;
-  
+
   Data_Get_Struct(self, rbpcap_t, rbp);
-  
+
   if(! rbpcap_ready(rbp)) return self;
-  
+
   if(!rbp->pdt)
   	rb_raise(eDumperError, "Stream is already closed.");
-  
+
   if (rbp->pdt)
 	  pcap_dump_close(rbp->pdt);
-	  
-  rbp->pdt = NULL;  
+
+  rbp->pdt = NULL;
 
   return self;
-	
+
 }
 
 
@@ -488,17 +690,21 @@ rbpcap_dump(VALUE self, VALUE caplen, VALUE pktlen, VALUE packet)
       rb_raise(rb_eArgError, "pktlen must be a fixnum");
 
   Data_Get_Struct(self, rbpcap_t, rbp);
-  
+
   gettimeofday(&pcap_hdr.ts, NULL);
   pcap_hdr.caplen = NUM2UINT(caplen);
   pcap_hdr.len = NUM2UINT(pktlen);
 
-//capture.next is yeilding an 8Bit ASCII  string 
+  if(!rbp->pdt) {
+      rb_raise(rb_eRuntimeError, "pcap_dumper not defined. You must open a dump file first");
+  }
+
+//capture.next is yeilding an 8Bit ASCII  string
 //  ->  return rb_str_new((char *) job.pkt, job.hdr.caplen);
 //Call dump such that capture.next{|pk| capture.dump(pk.length, pk.length, pk)}
 
-  pcap_dump( 
-      (u_char*)rbp->pdt,        
+  pcap_dump(
+      (u_char*)rbp->pdt,
       &pcap_hdr,
       (unsigned char *)RSTRING_PTR(packet)
   );
@@ -512,8 +718,8 @@ rbpcap_dump(VALUE self, VALUE caplen, VALUE pktlen, VALUE packet)
 * call-seq:
 *   inject(payload)
 *
-* inject() transmit a raw packet through the network interface  
-* 
+* inject() transmit a raw packet through the network interface
+*
 * Returns the number of bytes written on success else raise failure.
 */
 static VALUE
@@ -522,13 +728,13 @@ rbpcap_inject(VALUE self, VALUE payload)
   rbpcap_t *rbp;
 
   if(TYPE(payload) != T_STRING)
-  	rb_raise(rb_eArgError, "payload must be a string");
+  	rb_raise(rb_eArgError, "pupayload must be a string");
 
   Data_Get_Struct(self, rbpcap_t, rbp);
 
-	if(! rbpcap_ready(rbp)) return self; 
-#if defined(WIN32)   
-  /* WinPcap does not have a pcap_inject call we use pcap_sendpacket, if it suceedes 
+	if(! rbpcap_ready(rbp)) return self;
+#if defined(WIN32)
+  /* WinPcap does not have a pcap_inject call we use pcap_sendpacket, if it suceedes
    * we simply return the amount of packets request to inject, else we fail.
    */
   if(pcap_sendpacket(rbp->pd, RSTRING_PTR(payload), RSTRING_LEN(payload)) != 0) {
@@ -555,7 +761,7 @@ static void rbpcap_handler(rbpcapjob_t *job, struct pcap_pkthdr *hdr, u_char *pk
 /*
 **
 * Returns the next packet from the packet capture device.
-* 
+*
 * Returns a string with the packet data.
 *
 * If the next_data() is unsuccessful, Null is returned.
@@ -566,11 +772,11 @@ rbpcap_next_data(VALUE self)
 	rbpcap_t *rbp;
 	rbpcapjob_t job;
 	char eb[PCAP_ERRBUF_SIZE];
-	int ret;	
-	
+	int ret;
+
 	Data_Get_Struct(self, rbpcap_t, rbp);
-	
-	if(! rbpcap_ready(rbp)) return self; 
+
+	if(! rbpcap_ready(rbp)) return self;
 	pcap_setnonblock(rbp->pd, 1, eb);
 
 #ifdef MAKE_TRAP
@@ -584,7 +790,7 @@ rbpcap_next_data(VALUE self)
 	TRAP_END;
 #endif
 
-	if(rbp->type == OFFLINE && ret <= 0) 
+	if(rbp->type == OFFLINE && ret <= 0)
 	  return Qnil;
 
 	if(ret > 0 && job.hdr.caplen > 0)
@@ -597,7 +803,7 @@ rbpcap_next_data(VALUE self)
 /*
 *
 * Returns the next packet from the packet capture device.
-* 
+*
 * Returns a string with the packet data.
 *
 * If the next_packet() is unsuccessful, Null is returned.
@@ -605,38 +811,38 @@ rbpcap_next_data(VALUE self)
 
 static VALUE
 rbpcap_next_packet(VALUE self)
-{	
+{
 	rbpcap_t *rbp;
 	rbpcapjob_t job;
 	char eb[PCAP_ERRBUF_SIZE];
-	int ret;	
-	
+	int ret;
+
 	rbpacket_t* rbpacket;
-	
+
 	Data_Get_Struct(self, rbpcap_t, rbp);
-	
-	if(! rbpcap_ready(rbp)) return self; 
+
+	if(! rbpcap_ready(rbp)) return self;
 
 	pcap_setnonblock(rbp->pd, 1, eb);
 
 #ifdef MAKE_TRAP
 	TRAP_BEG;
 #endif
-  	
+
 	ret = pcap_dispatch(rbp->pd, 1, (pcap_handler) rbpcap_handler, (u_char *)&job);
 
 #ifdef MAKE_TRAP
 	TRAP_END;
 #endif
 
-	if(rbp->type == OFFLINE && ret <= 0) 
+	if(rbp->type == OFFLINE && ret <= 0)
 	  return Qnil;
 
 	if(ret > 0 && job.hdr.caplen > 0)
     {
       rbpacket = ALLOC(rbpacket_t);
-      rbpacket->hdr = &job.hdr;
-      rbpacket->pkt = (u_char *)&job.pkt;
+      rbpacket->hdr = job.hdr;
+      rbpacket->pkt = (u_char *)job.pkt;
       return Data_Wrap_Struct(rb_cPkt, 0, rbpacket_free, rbpacket);
     }
 
@@ -646,7 +852,7 @@ rbpcap_next_packet(VALUE self)
 
 /*
 * call-seq:
-*   each_data() { |packet| ... } 
+*   each_data() { |packet| ... }
 *
 * Yields each packet from the capture to the passed-in block in turn.
 *
@@ -655,22 +861,30 @@ static VALUE
 rbpcap_each_data(VALUE self)
 {
   rbpcap_t *rbp;
-	int fno = -1;
-	
+#if defined(WIN32)
+  HANDLE fno;
+#else
+  int fno = -1;
+#endif
+
   Data_Get_Struct(self, rbpcap_t, rbp);
 
-	if(! rbpcap_ready(rbp)) return self; 
-	
-#if !defined(WIN32)
-  fno = pcap_get_selectable_fd(rbp->pd);
+  if(! rbpcap_ready(rbp)) return self;
+
+#if defined(WIN32)
+  fno = (int)pcap_getevent(rbp->pd);
 #else
-  fno = pcap_fileno(rbp->pd);
+  fno = pcap_get_selectable_fd(rbp->pd);
 #endif
 
   for(;;) {
   	VALUE packet = rbpcap_next_data(self);
   	if(packet == Qnil && rbp->type == OFFLINE) break;
+#if defined(WIN32)
+	  packet == Qnil ? rbpcap_thread_wait_handle(fno) : rb_yield(packet);
+#else
 	  packet == Qnil ? rb_thread_wait_fd(fno) : rb_yield(packet);
+#endif
   }
 
   return self;
@@ -679,7 +893,7 @@ rbpcap_each_data(VALUE self)
 
 /*
 * call-seq:
-*   each_packet() { |packet| ... } 
+*   each_packet() { |packet| ... }
 *
 * Yields a PCAP::Packet from the capture to the passed-in block in turn.
 *
@@ -688,22 +902,30 @@ static VALUE
 rbpcap_each_packet(VALUE self)
 {
   rbpcap_t *rbp;
-	int fno = -1;
-	
+
+#if defined(WIN32)
+  HANDLE fno;
+#else
+  int fno = -1;
+#endif
+
   Data_Get_Struct(self, rbpcap_t, rbp);
+  if(! rbpcap_ready(rbp)) return self;
 
-	if(! rbpcap_ready(rbp)) return self; 
-	
-#if !defined(WIN32)
-  fno = pcap_get_selectable_fd(rbp->pd);
+#if defined(WIN32)
+  fno = (int)pcap_getevent(rbp->pd);
 #else
-  fno = pcap_fileno(rbp->pd);
+  fno = pcap_get_selectable_fd(rbp->pd);
 #endif
 
   for(;;) {
   	VALUE packet = rbpcap_next_packet(self);
   	if(packet == Qnil && rbp->type == OFFLINE) break;
+#if defined(WIN32)
+	  packet == Qnil ? rbpcap_thread_wait_handle(fno) : rb_yield(packet);
+#else
 	  packet == Qnil ? rb_thread_wait_fd(fno) : rb_yield(packet);
+#endif
   }
 
   return self;
@@ -714,8 +936,8 @@ rbpcap_each_packet(VALUE self)
 * call-seq:
 *   datalink()
 *
-* Returns the integer datalink value unless capture 
-* 
+* Returns the integer datalink value unless capture
+*
 *   foo.bar unless capture.datalink == Pcap::DLT_EN10MB
 */
 static VALUE
@@ -726,7 +948,7 @@ rbpcap_datalink(VALUE self)
   Data_Get_Struct(self, rbpcap_t, rbp);
 
 	if(! rbpcap_ready(rbp)) return self;
-	
+
   return INT2NUM(pcap_datalink(rbp->pd));
 }
 
@@ -734,8 +956,8 @@ rbpcap_datalink(VALUE self)
 * call-seq:
 *   pcap_major_version()
 *
-* Returns the integer PCAP MAJOR LIBRARY value unless capture 
-* 
+* Returns the integer PCAP MAJOR LIBRARY value unless capture
+*
 */
 static VALUE
 rbpcap_major_version(VALUE self)
@@ -743,9 +965,9 @@ rbpcap_major_version(VALUE self)
   rbpcap_t *rbp;
 
   Data_Get_Struct(self, rbpcap_t, rbp);
-	
+
 	if(! rbpcap_ready(rbp)) return self;
-	
+
   return INT2NUM(pcap_major_version(rbp->pd));
 }
 
@@ -753,8 +975,8 @@ rbpcap_major_version(VALUE self)
 * call-seq:
 *   pcap_minor_version()
 *
-* Returns the integer PCAP MINOR LIBRARY value unless capture 
-* 
+* Returns the integer PCAP MINOR LIBRARY value unless capture
+*
 */
 static VALUE
 rbpcap_minor_version(VALUE self)
@@ -762,9 +984,9 @@ rbpcap_minor_version(VALUE self)
   rbpcap_t *rbp;
 
   Data_Get_Struct(self, rbpcap_t, rbp);
-	
+
 	if(! rbpcap_ready(rbp)) return self;
-	
+
   return INT2NUM(pcap_minor_version(rbp->pd));
 }
 
@@ -773,7 +995,7 @@ rbpcap_minor_version(VALUE self)
 *   snapshot()
 *
 * Returns the snapshot length, which is the number of bytes to save for each packet captured.
-* 
+*
 */
 static VALUE
 rbpcap_snapshot(VALUE self)
@@ -783,7 +1005,7 @@ rbpcap_snapshot(VALUE self)
   Data_Get_Struct(self, rbpcap_t, rbp);
 
 	if(! rbpcap_ready(rbp)) return self;
-	
+
   return INT2NUM(pcap_snapshot(rbp->pd));
 }
 
@@ -794,9 +1016,9 @@ rbpcap_snapshot(VALUE self)
 * Returns a hash with statistics of the packet capture
 *
 * - ["recv"] # number of packets received
-* - ["drop"] # number of packets dropped 
+* - ["drop"] # number of packets dropped
 * - ["idrop"] # number of packets dropped by interface
-* 
+*
 */
 static VALUE
 rbpcap_stats(VALUE self)
@@ -804,14 +1026,14 @@ rbpcap_stats(VALUE self)
   rbpcap_t *rbp;
   struct pcap_stat stat;
   VALUE hash;
-  
+
   Data_Get_Struct(self, rbpcap_t, rbp);
 
 	if(! rbpcap_ready(rbp)) return self;
-		
+
   if (pcap_stats(rbp->pd, &stat) == -1)
   	return Qnil;
-  	
+
   hash = rb_hash_new();
   rb_hash_aset(hash, rb_str_new2("recv"), UINT2NUM(stat.ps_recv));
   rb_hash_aset(hash, rb_str_new2("drop"), UINT2NUM(stat.ps_drop));
@@ -820,110 +1042,145 @@ rbpcap_stats(VALUE self)
 
 //#if defined(WIN32)
 //    rb_hash_aset(hash, rb_str_new2("bs_capt"), UINT2NUM(stat.bs_capt));
-//#endif    
-    
+//#endif
+
   return hash;
 }
 
 /*
 *
-* Returns the EPOCH integer from the ts.tv_sec record in the PCAP::Packet header  
-* 
+* Returns the EPOCH integer from the ts.tv_sec record in the PCAP::Packet header
+*
 */
-static VALUE 
+static VALUE
 rbpacket_time(VALUE self)
 {
   rbpacket_t* rbpacket;
   Data_Get_Struct(self, rbpacket_t, rbpacket);
-  return INT2NUM(rbpacket->hdr->ts.tv_sec);
+  return INT2NUM(rbpacket->hdr.ts.tv_sec);
 }
 
 /*
 *
-* Returns the tv_usec integer from the ts.tv_usec record in the PCAP::Packet header  
-* timestamp microseconds 
-* the microseconds when this packet was captured, as an offset to ts_sec. 
-* Beware: this value shouldn't reach 1 second (1 000 000), in this case ts_sec must be increased instead! 
+* Returns the tv_usec integer from the ts.tv_usec record in the PCAP::Packet header
+* timestamp microseconds
+* the microseconds when this packet was captured, as an offset to ts_sec.
+* Beware: this value shouldn't reach 1 second (1 000 000), in this case ts_sec must be increased instead!
 *
 * Ruby Microsecond Handling
 * Time.at(946684800.2).usec #=> 200000
 * Time.now.usec
 */
 
-static VALUE 
+static VALUE
 rbpacket_microsec(VALUE self)
 {
   rbpacket_t* rbpacket;
   Data_Get_Struct(self, rbpacket_t, rbpacket);
-  return INT2NUM(rbpacket->hdr->ts.tv_usec);
+  return INT2NUM(rbpacket->hdr.ts.tv_usec);
 }
 
 
 /*
 *
-* Returns the integer length of packet length field from the in the PCAP::Packet header 
-* 
+* Returns the integer length of packet length field from the in the PCAP::Packet header
+*
 */
-static VALUE 
+static VALUE
 rbpacket_length(VALUE self)
 {
   rbpacket_t* rbpacket;
   Data_Get_Struct(self, rbpacket_t, rbpacket);
-  return INT2NUM(rbpacket->hdr->len);
+  return INT2NUM(rbpacket->hdr.len);
 }
 
 /*
 *
-* Returns the integer length of capture len from the in the PCAP::Packet header 
-* 
+* Returns the integer length of capture len from the in the PCAP::Packet header
+*
 */
-static VALUE 
+static VALUE
 rbpacket_caplen(VALUE self)
 {
   rbpacket_t* rbpacket;
   Data_Get_Struct(self, rbpacket_t, rbpacket);
-  return INT2NUM(rbpacket->hdr->caplen);
+
+  //test incorrect case
+  if (rbpacket->hdr.caplen > rbpacket->hdr.len)
+    return INT2NUM(rbpacket->hdr.len);
+
+  return INT2NUM(rbpacket->hdr.caplen);
 }
 
 /*
 *
-* Returns the integer PCAP MINOR LIBRARY value unless capture 
-* 
+* Returns the integer PCAP MINOR LIBRARY value unless capture
+*
 */
-static VALUE 
+static VALUE
 rbpacket_data(VALUE self)
 {
   rbpacket_t* rbpacket;
   Data_Get_Struct(self, rbpacket_t, rbpacket);
-  
-  if(rbpacket->pkt == NULL)
+
+  if ((rbpacket->pkt == NULL) || (rbpacket->hdr.caplen > rbpacket->hdr.len))
     return Qnil;
-  
-  return rb_str_new((char *) rbpacket->pkt, rbpacket->hdr->caplen); 
+
+  return rb_str_new((char *) rbpacket->pkt, rbpacket->hdr.caplen);
 }
 
+#if defined(WIN32)
+static VALUE
+rbpcap_thread_wait_handle_blocking(void *data)
+{
+  VALUE result;
+  result = (VALUE)WaitForSingleObject(data, 100);
+  return result;
+}
+
+/*
+*
+* Waits for the HANDLE returned by pcap_getevent to have data
+*
+*/
+static VALUE
+rbpcap_thread_wait_handle(HANDLE fno)
+{
+  VALUE result;
+#if MAKE_TRAP
+  // Ruby 1.8 doesn't support rb_thread_blocking_region
+  result = rb_thread_polling();
+#else
+  result = (VALUE)rb_thread_blocking_region(
+      rbpcap_thread_wait_handle_blocking,
+      fno, RUBY_UBF_IO, 0);
+#endif
+  return result;
+}
+#endif
+
 
 void
-Init_pcaprub()
+Init_pcaprub_c()
 {
   /*
   * Document-class: Pcap
-  * 
+  *
   * Main class defined by the pcaprub extension.
   */
   mPCAP = rb_define_module("PCAPRUB");
-  
+
   rb_cPcap = rb_define_class_under(mPCAP,"Pcap", rb_cObject);
   rb_cPkt = rb_define_class_under(mPCAP,"Packet", rb_cObject);
-  
+
   ePCAPRUBError = rb_path2class("PCAPRUB::PCAPRUBError");
   eBindingError = rb_path2class("PCAPRUB::BindingError");
   eBPFilterError = rb_path2class("PCAPRUB::BPFError");
   eDumperError = rb_path2class("PCAPRUB::DumperError");
-  
-  rb_define_module_function(rb_cPcap, "lookupdev", rbpcap_s_lookupdev, 0);  
+
+  rb_define_module_function(rb_cPcap, "lookupdev", rbpcap_s_lookupdev, 0);
   rb_define_module_function(rb_cPcap, "lookupnet", rbpcap_s_lookupnet, 1);
-	
+
   rb_define_const(rb_cPcap, "DLT_NULL",   INT2NUM(DLT_NULL));
   rb_define_const(rb_cPcap, "DLT_EN10MB", INT2NUM(DLT_EN10MB));
   rb_define_const(rb_cPcap, "DLT_EN3MB", INT2NUM(DLT_EN3MB));
@@ -945,7 +1202,7 @@ Init_pcaprub()
   rb_define_const(rb_cPcap, "DLT_LINUX_SLL", INT2NUM(DLT_LINUX_SLL));
   rb_define_const(rb_cPcap, "DLT_PRISM_HEADER", INT2NUM(DLT_PRISM_HEADER));
   rb_define_const(rb_cPcap, "DLT_AIRONET_HEADER", INT2NUM(DLT_AIRONET_HEADER));
-  /* Pcap Error Codes 
+  /* Pcap Error Codes
    * Error codes for the pcap API.
    * These will all be negative, so you can check for the success or
    * failure of a call that returns these codes by checking for a
@@ -977,11 +1234,11 @@ Init_pcaprub()
 
 
   rb_define_singleton_method(rb_cPcap, "new", rbpcap_new_s, 0);
-
+  rb_define_singleton_method(rb_cPcap, "create", rbpcap_create_s, 1);
   rb_define_singleton_method(rb_cPcap, "open_live", rbpcap_open_live_s, 4);
   rb_define_singleton_method(rb_cPcap, "open_offline", rbpcap_open_offline_s, 1);
   rb_define_singleton_method(rb_cPcap, "open_dead", rbpcap_open_dead_s, 2);
-  
+
   rb_define_method(rb_cPcap, "dump_open", rbpcap_dump_open, 1);
   rb_define_method(rb_cPcap, "dump_close", rbpcap_dump_close, 0);
   rb_define_method(rb_cPcap, "dump", rbpcap_dump, 3);
@@ -989,6 +1246,7 @@ Init_pcaprub()
   rb_define_method(rb_cPcap, "next_data", rbpcap_next_data, 0);
   rb_define_method(rb_cPcap, "each_packet", rbpcap_each_packet, 0);
   rb_define_method(rb_cPcap, "next_packet", rbpcap_next_packet, 0);
+
   /*
   * Document-method: each
   * Alias of each_data
@@ -998,22 +1256,30 @@ Init_pcaprub()
   * Document-method: next
   * Alias of next_data
   */
+
   rb_define_method(rb_cPcap, "next", rbpcap_next_data, 0);
   rb_define_method(rb_cPcap, "setfilter", rbpcap_setfilter, 1);
+  rb_define_method(rb_cPcap, "setmonitor", rbpcap_setmonitor, 1);
+  rb_define_method(rb_cPcap, "setsnaplen", rbpcap_setsnaplen, 1);
+  rb_define_method(rb_cPcap, "settimeout", rbpcap_settimeout, 1);
+  rb_define_method(rb_cPcap, "setpromisc", rbpcap_setpromisc, 1);
+  rb_define_method(rb_cPcap, "activate", rbpcap_activate, 0);
   rb_define_method(rb_cPcap, "inject", rbpcap_inject, 1);
   rb_define_method(rb_cPcap, "datalink", rbpcap_datalink, 0);
   rb_define_method(rb_cPcap, "pcap_major_version", rbpcap_major_version, 0);
   rb_define_method(rb_cPcap, "pcap_minor_version", rbpcap_minor_version, 0);
   rb_define_method(rb_cPcap, "snapshot", rbpcap_snapshot, 0);
+  rb_define_method(rb_cPcap, "close", rbpcap_close, 0);
+
   /*
   * Document-method: snaplen
   * Alias of snapshot
   */
   rb_define_method(rb_cPcap, "snaplen", rbpcap_snapshot, 0);
   rb_define_method(rb_cPcap, "stats", rbpcap_stats, 0);
-  
+
   rb_define_singleton_method(rb_cPkt, "new", rbpacket_new_s, 0);
-  
+
   rb_define_method(rb_cPkt, "time", rbpacket_time, 0);
   rb_define_method(rb_cPkt, "microsec", rbpacket_microsec, 0);
   rb_define_method(rb_cPkt, "length", rbpacket_length, 0);
@@ -1025,5 +1291,5 @@ Init_pcaprub()
   */
   rb_define_method(rb_cPkt, "to_s", rbpacket_data, 0);
 
-    
+
 }