Hi Everyone,
Can someone please explain why I don’t see any output from the
following code? I’m stumped. By the way, “en1” is the name of my
network device. Thanks.
code:
1 require 'pcaplet'
2
3 include Pcap
4
5
6 x = Thread.new {
7 pcaplet = Pcaplet.new("-i en1")
8
9 pcaplet.each_packet { |pkt|
10 puts "#{pkt.src.to_num_s}:#{pkt.sport}
#{pkt.dst.to_num_s}:#{pkt.dport}" if pkt.ip?
11 }
12
13 }
14
15 x.join
16
From: kenny roytman [mailto:[email protected]]
Hi Everyone,
Can someone please explain why I don’t see any output from the
following code? I’m stumped. By the way, “en1” is the name of my
network device. Thanks.
code:
1 require ‘pcaplet’
2
3 include Pcap
4
5
6 x = Thread.new {
7 pcaplet = Pcaplet.new(“-i en1”)
8
9 pcaplet.each_packet { |pkt|
10 puts "#{pkt.src.to_num_s}:#{pkt.sport}
#{pkt.dst.to_num_s}:#{pkt.dport}" if pkt.ip?
11 }
12
13 }
14
15 x.join
16
i simplified your code, but it works…
pcaplet is quite old, you might try modifying some to remove deprecation
warnings…
botp@pc4all:~/pcap$ cat test.rb
require ‘pcaplet’
include Pcap
x = Thread.new {
pcaplet = Pcaplet.new(“-i eth0”)
pcaplet.each_packet { |pkt|
puts pkt
}
}
x.join
botp@pc4all:~/pcap$ sudo ruby test.rb
/usr/local/lib/ruby/site_ruby/1.8/i686-linux/pcap.so: warning: do not
use Fixnums as Symbols
/usr/local/lib/ruby/site_ruby/1.8/i686-linux/pcap.so: warning: do not
use Fixnums as Symbols
/usr/local/lib/ruby/site_ruby/1.8/i686-linux/pcap.so: warning: do not
use Fixnums as Symbols
10.2.87.95:6771 > 239.192.152.143:6771 len 127 sum 35035
pc4all.bugo.dmpi:22 > 10.2.10.123:2048 .AP…
pc4all.bugo.dmpi:22 > 10.2.10.123:2048 .AP…
10.2.10.123:2048 > pc4all.bugo.dmpi:22 .A…
pc4all.bugo.dmpi:22 > 10.2.10.123:2048 .AP…
pc4all.bugo.dmpi:22 > 10.2.10.123:2048 .AP…
10.2.10.123:2048 > pc4all.bugo.dmpi:22 .A…
pc4all.bugo.dmpi:22 > 10.2.10.123:2048 .AP…
pc4all.bugo.dmpi:22 > 10.2.10.123:2048 .AP…
10.2.10.123:2048 > pc4all.bugo.dmpi:22 .A…
pc4all.bugo.dmpi:22 > 10.2.10.123:2048 .AP…
pc4all.bugo.dmpi:22 > 10.2.10.123:2048 .AP…
10.2.10.123:2048 > pc4all.bugo.dmpi:22 .A…
pc4all.bugo.dmpi:22 > 10.2.10.123:2048 .AP…
pc4all.bugo.dmpi:22 > 10.2.10.123:2048 .AP…
10.2.10.123:2048 > pc4all.bugo.dmpi:22 .A…
pc4all.bugo.dmpi:22 > 10.2.10.123:2048 .AP…
pc4all.bugo.dmpi:22 > 10.2.10.123:2048 .AP…
10.2.10.123:2048 > pc4all.bugo.dmpi:22 .A…
pc4all.bugo.dmpi:22 > 10.2.10.123:2048 .AP…
kind regards -botp
On Nov 16, 2:05 am, Peña, Botp [email protected] wrote:
4
14
pcaplet = Pcaplet.new(“-i eth0”)
10.2.87.95:6771 > 239.192.152.143:6771 len 127 sum 35035
pc4all.bugo.dmpi:22 > 10.2.10.123:2048 .AP…
kind regards -botp
wierd, i’m not seeing this behavior. I’m running on Mac OS X. I
wonder if that’s a problem …
On Nov 16, 2007, at 07:55 , kenny roytman wrote:
wierd, i’m not seeing this behavior. I’m running on Mac OS X. I
wonder if that’s a problem …
I had to go with a fork model for OS X, something in pcap doesn’t
allow switching threads.
See Capture#run for a stupid-simple way of doing this:
http://segment7.net/projects/ruby/snippets/httpdump.rb
If you need better communication, instead of parsing #inspect output,
use Marshal.dump and Marshal.load.