spcap 0.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
data/.gitignore ADDED
@@ -0,0 +1,17 @@
1
+ *.gem
2
+ *.rbc
3
+ .bundle
4
+ .config
5
+ .yardoc
6
+ Gemfile.lock
7
+ InstalledFiles
8
+ _yardoc
9
+ coverage
10
+ doc/
11
+ lib/bundler/man
12
+ pkg
13
+ rdoc
14
+ spec/reports
15
+ test/tmp
16
+ test/version_tmp
17
+ tmp
data/Gemfile ADDED
@@ -0,0 +1,4 @@
1
+ source 'https://rubygems.org'
2
+
3
+ # Specify your gem's dependencies in spcap.gemspec
4
+ gemspec
data/LICENSE.txt ADDED
@@ -0,0 +1,22 @@
1
+ Copyright (c) 2013 Bernard Rodier
2
+
3
+ MIT License
4
+
5
+ Permission is hereby granted, free of charge, to any person obtaining
6
+ a copy of this software and associated documentation files (the
7
+ "Software"), to deal in the Software without restriction, including
8
+ without limitation the rights to use, copy, modify, merge, publish,
9
+ distribute, sublicense, and/or sell copies of the Software, and to
10
+ permit persons to whom the Software is furnished to do so, subject to
11
+ the following conditions:
12
+
13
+ The above copyright notice and this permission notice shall be
14
+ included in all copies or substantial portions of the Software.
15
+
16
+ THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
17
+ EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
18
+ MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
19
+ NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
20
+ LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
21
+ OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
22
+ WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
data/README.md ADDED
@@ -0,0 +1,29 @@
1
+ # Spcap
2
+
3
+ TODO: Write a gem description
4
+
5
+ ## Installation
6
+
7
+ Add this line to your application's Gemfile:
8
+
9
+ gem 'spcap'
10
+
11
+ And then execute:
12
+
13
+ $ bundle
14
+
15
+ Or install it yourself as:
16
+
17
+ $ gem install spcap
18
+
19
+ ## Usage
20
+
21
+ TODO: Write usage instructions here
22
+
23
+ ## Contributing
24
+
25
+ 1. Fork it
26
+ 2. Create your feature branch (`git checkout -b my-new-feature`)
27
+ 3. Commit your changes (`git commit -am 'Add some feature'`)
28
+ 4. Push to the branch (`git push origin my-new-feature`)
29
+ 5. Create new Pull Request
data/Rakefile ADDED
@@ -0,0 +1,12 @@
1
+ #!/usr/bin/env rake
2
+ require "bundler/gem_tasks"
3
+
4
+ require 'rake/testtask'
5
+
6
+ Rake::TestTask.new do |t|
7
+ t.libs << 'lib/spcap'
8
+ t.test_files = FileList['test/lib/spcap/*_test.rb']
9
+ t.verbose = true
10
+ end
11
+
12
+ task :default => :test
@@ -0,0 +1,19 @@
1
+ module Spcap
2
+ # 1 Internet Control Message Protocol ICMP
3
+ # 2 Internet Group Management Protocol IGMP
4
+ # 6 Transmission Control Protocol TCP
5
+ # 17 User Datagram Protocol UDP
6
+ # 41 IPv6 encapsulation ENCAP
7
+ # 89 Open Shortest Path First OSPF
8
+ # 132 Stream Control Transmission Protocol SCTP
9
+ class Factory
10
+ def self.get_packet(time,raw_data,len,linklayer_header_type)
11
+ if ( ( ( raw_data.getbyte(0) & 0xF0) / 16 ) == 4 )
12
+ if raw_data.getbyte(9) == 6
13
+ return TCPPacket.new(time,raw_data,len,linklayer_header_type)
14
+ end
15
+ end
16
+ Logger.warn "Spcap::Factory only support TCP over IPv4 packet other packet are dropped"
17
+ end
18
+ end
19
+ end
data/lib/spcap/file.rb ADDED
@@ -0,0 +1,48 @@
1
+ module Spcap
2
+ class File
3
+ # File format :
4
+ # File header
5
+ # 4 Magic number
6
+ # 2,2 Major version Minor version
7
+ # 4 Time zone offset always set to 0
8
+ # 4 Time stamp accuracy always set to 0
9
+ # 4 Snapshot length
10
+ # 4 Link-layer header type
11
+
12
+ MagicNumber = ["A1B2C3D4"].pack("H*")
13
+
14
+ def initialize(istream)
15
+ @istream = istream
16
+ magic_number = istream.read(4)
17
+ if magic_number == MagicNumber
18
+ @unpack_16 = "n"
19
+ @unpack_32 = "N"
20
+ else
21
+ @unpack_16 = "v"
22
+ @unpack_32 = "V"
23
+ end
24
+ @major_version, @minor_version = read16, read16
25
+ @istream.read(8) # flush unused time_zone_offset_always_0, timestamp_accuracy_always_0,
26
+ @snapshot_length = read32
27
+ @linklayer_header_type = read32
28
+ end
29
+
30
+ def read16 ; @istream.read(2).unpack(@unpack_16).first ; end
31
+
32
+ def read32 ; @istream.read(4).unpack(@unpack_32).first ; end
33
+ # Packets header
34
+ # 4 Time stamp, seconds value
35
+ # 4 Time stamp, microseconds value
36
+ # 4 Length of captured packet data
37
+ # 4 Un-truncated length of the packet data
38
+ def each
39
+ until(@istream.eof?)
40
+ time = Time.at(read32,read32)
41
+ caplen = read32
42
+ len = read32
43
+ raw_data = @istream.read(caplen)
44
+ yield Packet.new(time,raw_data,len,@linklayer_header_type)
45
+ end
46
+ end
47
+ end
48
+ end
@@ -0,0 +1,39 @@
1
+ module Spcap
2
+ class IPAddress
3
+ attr_reader :address
4
+
5
+ def initialize(address)
6
+ @address = address
7
+ end
8
+
9
+ # Return true if two addresses are the same address.
10
+ def ==(other)
11
+ @address = other.adress
12
+ end
13
+
14
+ def hash
15
+ @address.hash
16
+ end
17
+
18
+ # Return host name correspond to this address.
19
+ def hostname
20
+ # Not yet implemented
21
+ to_num_s
22
+ end
23
+
24
+ Return the value of IP address as integer.
25
+ def to_i
26
+ @address.unpackt("N").first
27
+ end
28
+
29
+
30
+ #Return numerical string representation
31
+ def to_num_s
32
+ @address.unpack("CCCC").join('.')
33
+ end
34
+
35
+ def to_s
36
+ to_num_s
37
+ end
38
+ end
39
+ end
@@ -0,0 +1,94 @@
1
+ module Spcap
2
+ class IPPacket < Packet
3
+ attr_reader :src,:dst,:iph_len,:ip_len,
4
+ def initialize(time,data,len,datalink)
5
+ super(time,data,len,datalink)
6
+ @src = IPAddress.new(@raw_data[12,4])
7
+ @dst = IPAddress.new(data[16,4])
8
+ @iph_len = @raw_data.getbyte(0) & 0x0F
9
+ @ip_len = @raw_data[2,2].unpack("n").first
10
+
11
+ end
12
+
13
+
14
+ # Return header length. (Unit: 4 octets)
15
+ def ip_hlen
16
+ @raw_data.getbyte(0) & 0x0F
17
+ end
18
+
19
+ # Return data part as String.
20
+ def ip_data
21
+ @raw_data[ip_hlen,self.caplen-ip_hlen]
22
+ end
23
+
24
+ #
25
+ # Return the value of 3-bits IP flag field.
26
+ def ip_flags
27
+ @raw_data.getbyte(6) & 0xE0
28
+ end
29
+
30
+ # Return true if Don't Fragment bit is set.
31
+ def ip_df?
32
+ (@raw_data.getbyte(6) & 0x40) == 0x40
33
+ end
34
+
35
+ # Return true if More Fragment bit is set.
36
+ def ip_mf?
37
+ (self.raw_data.getbyte(6) & 0x20) == 0x20
38
+ end
39
+
40
+ # Return destination IP address as IPAddress.
41
+ def ip_dst
42
+ @dst
43
+ end
44
+ # Return source IP address as IPAddress.
45
+ def ip_src
46
+ @src
47
+ end
48
+
49
+ # Return identification.
50
+ def ip_id
51
+ @raw_data[4,4]
52
+ end
53
+
54
+ # Return fragment offset.
55
+ def ip_off
56
+ @raw_data[4,4].unpack("n").first & 0xFFF
57
+ end
58
+
59
+
60
+ # Return the value of protocol field.
61
+ def ip_proto
62
+ @raw_data.getbyte(9)
63
+ end
64
+
65
+ # Return the value of checksum field.
66
+ def ip_sum
67
+ @raw_data[10,2].unpack("n").fisrt
68
+ end
69
+
70
+
71
+ # Return the value of TOS field.
72
+ def ip_tos
73
+ # TODO
74
+ end
75
+
76
+
77
+ # Return TTL.
78
+ def ip_ttl
79
+ @raw_data.getbyte(8)
80
+ end
81
+
82
+
83
+ # Return IP version.
84
+ def ip_ver
85
+ ( @raw_data.getbyte(0) & 0xF0 ) / 16
86
+ end
87
+
88
+ # Return string representation.
89
+ def to_s
90
+ "TODO" # TODO
91
+ end
92
+
93
+ end
94
+ end
@@ -0,0 +1,5 @@
1
+ module Spcap
2
+ Logger = Log4r::Logger.new 'spcap_logger'
3
+ Logger.outputters = Log4r::Outputter.stderr
4
+ Logger.level=Log4r::INFO
5
+ end
@@ -0,0 +1,21 @@
1
+ module Spcap
2
+ class Packet
3
+ attr_reader :raw_data, :caplen, :len, :time, :datalink
4
+
5
+ def initialize(time,data,len,datalink)
6
+ @time = time
7
+ @raw_data = data
8
+ @caplen = data.length
9
+ @len = len
10
+ @datalink = datalink
11
+ end
12
+
13
+ def size ; @len; end
14
+ def length ; @len; end
15
+ def ip? ; self.kind_of?(IPPacket) ; end
16
+ def tcp? ; self.kind_of?(TCPPacket) ; end
17
+ def udp? ; self.kind_of?(UDPPacket) ; end
18
+ def time_i ; self.time.to_i; end
19
+
20
+ end
21
+ end
@@ -0,0 +1,67 @@
1
+ module Spcap
2
+ TCP_FLAGS = "UAPRSF"
3
+ class TCPPacket < IPPacket
4
+ def initialize(time,data,len,datalink)
5
+ super(time,data,len,datalink)
6
+ end
7
+
8
+ # Return acknowledgement number.
9
+ def tcp_ack ; ip_data[8,4].unpack("N").first ; end
10
+
11
+ # Return data part as String.
12
+ def tcp_data ; ip_data[tcp_off,tcp_data_len] ; end
13
+
14
+ # Return length of data part.
15
+ def tcp_data_len ; ip_len - ( ip_hlen * 4 ) - (tcp_hlen * 4) ; end
16
+
17
+ # Return destination port number.
18
+ def tcp_sport ; ip_data[0,2].unpack("n").first ; end
19
+ def sport ; tcp_sport ; end
20
+
21
+ # Return destination port number.
22
+ def tcp_dport ; ip_data[2,2].unpack("n").first ; end
23
+ def dport ; tcp_dport ; end
24
+
25
+ # Return the value of 6-bits flag field.
26
+ def tcp_flags ; ( ip_data.getbyte(13) & 0x6F ) ; end
27
+
28
+ # Return the value of 6-bits flag field as string like ".A...F".
29
+ def tcp_flags_s
30
+ ip_data[13].unpack("B*").first[2,6].
31
+ chars.zip(TCP_FLAGS.chars).collect { |flag,flag_s|
32
+ (flag == '0' ? '.' : flag_s)
33
+ }.join
34
+ end
35
+
36
+ # Return true if flag is set.
37
+ def tcp_fin? ; flags?(7) ; end
38
+ def tcp_syn? ; flags?(6) ; end
39
+ def tcp_rst? ; flags?(5) ; end
40
+ def tcp_psh? ; flags?(4) ; end
41
+ def tcp_ack? ; flags?(3) ; end
42
+ def tcp_urg? ; flags?(2) ; end
43
+
44
+ # Return TCP data offset (header length). (Unit: 4-octets)
45
+ def tcp_hlen ; ( ( ip_data.getbyte(12) & 0XF0) / 16 ) ; end
46
+ def tcp_off ; tcp_hlen ; end
47
+
48
+ # Return sequence number.
49
+ def tcp_seq ; ( ip_data[4,4].unpack("N").first ) ; end
50
+
51
+ # Return the value of checksum field.
52
+ def tcp_sum ; ( ip_data[16,2].unpack("n").first ) ; end
53
+
54
+ # Return urgent pointer.
55
+ def tcp_urp ; ( ip_data[18,2].unpack("n").first ) ; end
56
+
57
+ # Return window size.
58
+ def tcp_win ; ( ip_data[14,2].unpack("n").first ) ; end
59
+
60
+ # Return string representation.
61
+ def to_s ; "TODO" ; end
62
+
63
+ private
64
+ def flag?(i) ; ip_data[13].unpack("B*").first[i] == '1'; end
65
+
66
+ end
67
+ end
@@ -0,0 +1,3 @@
1
+ module Spcap
2
+ VERSION = "0.0.1"
3
+ end
data/lib/spcap.rb ADDED
@@ -0,0 +1,9 @@
1
+ require 'log4r'
2
+ require 'spcap/version'
3
+ require 'spcap/logger'
4
+ require 'spcap/packet'
5
+ require 'spcap/file'
6
+
7
+ module Spcap
8
+ # Your code goes here...
9
+ end
data/spcap.gemspec ADDED
@@ -0,0 +1,23 @@
1
+ # coding: utf-8
2
+ lib = File.expand_path('../lib', __FILE__)
3
+ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
4
+ require 'spcap/version'
5
+
6
+ Gem::Specification.new do |spec|
7
+ spec.name = "spcap"
8
+ spec.version = Spcap::VERSION
9
+ spec.authors = ["Bernard Rodier"]
10
+ spec.email = ["bernard.rodier@gmail.com"]
11
+ spec.description = %q{Very simple pcap file handler that is not require native extension}
12
+ spec.summary = %q{Pure ruby gem without native exstension that handle pcap file produce by pcap library or tcpdump}
13
+ spec.homepage = ""
14
+ spec.license = "MIT"
15
+
16
+ spec.files = `git ls-files`.split($/)
17
+ spec.executables = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
18
+ spec.test_files = spec.files.grep(%r{^(test|spec|features)/})
19
+ spec.require_paths = ["lib"]
20
+
21
+ spec.add_development_dependency "bundler", "~> 1.3"
22
+ spec.add_development_dependency "rake"
23
+ end
@@ -0,0 +1,15 @@
1
+ require_relative '../../test_helper'
2
+
3
+ describe Spcap::File do
4
+ subject { Spcap::File.new(File.open('test/pcap_files/sample.pcap')) }
5
+
6
+ it "must be a Spcap::File" do
7
+ subject.must_be_instance_of(Spcap::File)
8
+ end
9
+
10
+ it "must handle each without error" do
11
+ subject.each{|p| }
12
+ subject.must_respond_to(:each)
13
+ end
14
+
15
+ end
@@ -0,0 +1,4 @@
1
+ require 'minitest/spec'
2
+ require 'minitest/autorun'
3
+ require 'minitest/pride'
4
+ require File.expand_path('../../lib/spcap.rb', __FILE__)
metadata ADDED
@@ -0,0 +1,98 @@
1
+ --- !ruby/object:Gem::Specification
2
+ name: spcap
3
+ version: !ruby/object:Gem::Version
4
+ version: 0.0.1
5
+ prerelease:
6
+ platform: ruby
7
+ authors:
8
+ - Bernard Rodier
9
+ autorequire:
10
+ bindir: bin
11
+ cert_chain: []
12
+ date: 2013-08-23 00:00:00.000000000 Z
13
+ dependencies:
14
+ - !ruby/object:Gem::Dependency
15
+ name: bundler
16
+ requirement: !ruby/object:Gem::Requirement
17
+ none: false
18
+ requirements:
19
+ - - ~>
20
+ - !ruby/object:Gem::Version
21
+ version: '1.3'
22
+ type: :development
23
+ prerelease: false
24
+ version_requirements: !ruby/object:Gem::Requirement
25
+ none: false
26
+ requirements:
27
+ - - ~>
28
+ - !ruby/object:Gem::Version
29
+ version: '1.3'
30
+ - !ruby/object:Gem::Dependency
31
+ name: rake
32
+ requirement: !ruby/object:Gem::Requirement
33
+ none: false
34
+ requirements:
35
+ - - ! '>='
36
+ - !ruby/object:Gem::Version
37
+ version: '0'
38
+ type: :development
39
+ prerelease: false
40
+ version_requirements: !ruby/object:Gem::Requirement
41
+ none: false
42
+ requirements:
43
+ - - ! '>='
44
+ - !ruby/object:Gem::Version
45
+ version: '0'
46
+ description: Very simple pcap file handler that is not require native extension
47
+ email:
48
+ - bernard.rodier@gmail.com
49
+ executables: []
50
+ extensions: []
51
+ extra_rdoc_files: []
52
+ files:
53
+ - .gitignore
54
+ - Gemfile
55
+ - LICENSE.txt
56
+ - README.md
57
+ - Rakefile
58
+ - lib/spcap.rb
59
+ - lib/spcap/factory.rb
60
+ - lib/spcap/file.rb
61
+ - lib/spcap/ipadress.rb
62
+ - lib/spcap/ippacket.rb
63
+ - lib/spcap/logger.rb
64
+ - lib/spcap/packet.rb
65
+ - lib/spcap/tcppacket.rb
66
+ - lib/spcap/version.rb
67
+ - spcap.gemspec
68
+ - test/lib/spcap/file_test.rb
69
+ - test/test_helper.rb
70
+ homepage: ''
71
+ licenses:
72
+ - MIT
73
+ post_install_message:
74
+ rdoc_options: []
75
+ require_paths:
76
+ - lib
77
+ required_ruby_version: !ruby/object:Gem::Requirement
78
+ none: false
79
+ requirements:
80
+ - - ! '>='
81
+ - !ruby/object:Gem::Version
82
+ version: '0'
83
+ required_rubygems_version: !ruby/object:Gem::Requirement
84
+ none: false
85
+ requirements:
86
+ - - ! '>='
87
+ - !ruby/object:Gem::Version
88
+ version: '0'
89
+ requirements: []
90
+ rubyforge_project:
91
+ rubygems_version: 1.8.23
92
+ signing_key:
93
+ specification_version: 3
94
+ summary: Pure ruby gem without native exstension that handle pcap file produce by
95
+ pcap library or tcpdump
96
+ test_files:
97
+ - test/lib/spcap/file_test.rb
98
+ - test/test_helper.rb