Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Ruby FFI bindings for libpcap.

branch: master
README.md

ffi-pcap

Description

Ruby FFI bindings for libpcap.

Features

Exposes all features of the libpcap library including live packet capture, offline packet capture, live packet injection, etc..

Currently, FFI::PCap does not supply any packet dissection routines. The choice of what to use is left up to you.

Packet dissection libraries:

  • ffi-packets - Maps raw packets to FFI::Struct objects.

Examples

Reading ICMP packets from a live interface.

require 'rubygems'
require 'ffi/pcap'

pcap =
  FFI::PCap::Live.new(:dev => 'lo0',
                      :timeout => 1,
                      :promisc => true,
                      :handler => FFI::PCap::Handler)

pcap.setfilter("icmp")

pcap.loop() do |this,pkt|
  puts "#{pkt.time}:"

  pkt.body.each_byte {|x| print "%0.2x " % x }
  putc "\n"
end

Reading packets from a pcap dump file:

require 'rubygems'
require 'ffi/pcap'

pcap = FFI::PCap::Offline.new("./foo.cap")

pcap.loop() do |this,pkt|
  puts "#{pkt.time}:"

  pkt.body.each_byte {|x| print "%0.2x " % x }
  putc "\n"
end

Replaying packets from a pcap dump file on a live interface:

require 'rubygems'
require 'ffi/pcap'

live = FFI::PCap::Live.new(:device => 'en0')
offline = FFI::PCap::Offline.new("./foo.cap")

if live.datalink == offline.datalink
  offline.loop() {|this,pkt| live.inject(pkt) }
end

Requirements

Install

$ sudo gem install ffi-pcap

License

See {file:LICENSE.txt} for license information.

Something went wrong with that request. Please try again.