Ruby FFI bindings for libpcap.
MIT License
Ruby FFI bindings for libpcap.
Exposes all features of the libpcap library including live packet capture, offline packet capture, live packet injection, etc..
Currently, FFI::PCap does not supply any packet dissection routines. The choice of what to use is left up to you.
Packet dissection libraries:
FFI::Struct
objects.Reading ICMP packets from a live interface.
require 'rubygems'
require 'ffi/pcap'
pcap =
FFI::PCap::Live.new(:dev => 'lo0',
:timeout => 1,
:promisc => true,
:handler => FFI::PCap::Handler)
pcap.setfilter("icmp")
pcap.loop() do |this,pkt|
puts "#{pkt.time}:"
pkt.body.each_byte {|x| print "%0.2x " % x }
putc "\n"
end
Reading packets from a pcap dump file:
require 'rubygems'
require 'ffi/pcap'
pcap = FFI::PCap::Offline.new("./foo.cap")
pcap.loop() do |this,pkt|
puts "#{pkt.time}:"
pkt.body.each_byte {|x| print "%0.2x " % x }
putc "\n"
end
Replaying packets from a pcap dump file on a live interface:
require 'rubygems'
require 'ffi/pcap'
live = FFI::PCap::Live.new(:device => 'en0')
offline = FFI::PCap::Offline.new("./foo.cap")
if live.datalink == offline.datalink
offline.loop() {|this,pkt| live.inject(pkt) }
end
$ sudo gem install ffi-pcap
See {file:LICENSE.txt} for license information.