sophsec / Ffi Pcap
Licence: mit
Ruby FFI bindings for libpcap.
Stars: ✭ 42
Programming Languages
ruby
36898 projects - #4 most used programming language
ffi-pcap
- Source
- Issues
- Documentation
- Postmodern (postmodern.mod3 at gmail.com)
- Eric Monti (esmonti at gmail.com)
Description
Ruby FFI bindings for libpcap.
Features
Exposes all features of the libpcap library including live packet capture, offline packet capture, live packet injection, etc..
Currently, FFI::PCap does not supply any packet dissection routines. The choice of what to use is left up to you.
Packet dissection libraries:
-
ffi-packets - Maps raw packets to
FFI::Struct
objects.
Examples
Reading ICMP packets from a live interface.
require 'rubygems'
require 'ffi/pcap'
pcap =
FFI::PCap::Live.new(:dev => 'lo0',
:timeout => 1,
:promisc => true,
:handler => FFI::PCap::Handler)
pcap.setfilter("icmp")
pcap.loop() do |this,pkt|
puts "#{pkt.time}:"
pkt.body.each_byte {|x| print "%0.2x " % x }
putc "\n"
end
Reading packets from a pcap dump file:
require 'rubygems'
require 'ffi/pcap'
pcap = FFI::PCap::Offline.new("./foo.cap")
pcap.loop() do |this,pkt|
puts "#{pkt.time}:"
pkt.body.each_byte {|x| print "%0.2x " % x }
putc "\n"
end
Replaying packets from a pcap dump file on a live interface:
require 'rubygems'
require 'ffi/pcap'
live = FFI::PCap::Live.new(:device => 'en0')
offline = FFI::PCap::Offline.new("./foo.cap")
if live.datalink == offline.datalink
offline.loop() {|this,pkt| live.inject(pkt) }
end
Requirements
Install
$ sudo gem install ffi-pcap
License
See {file:LICENSE.txt} for license information.
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].