Project

bilbo

0.0
No commit activity in last 3 years
No release in over 3 years
bilbopicatz/bilboHomepageDocumentationSource CodeBug TrackerWiki
You never know when you're going need a simple, hobbit-like ( small ) network packet burglaring ( capturing ) library such as Bilbo.
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
 Popularity
Downloads
4,762
Stars
3
Forks
0
Watchers
2
 Releases
Current version
1.0.1
Total releases
2
First release
2017-03-29
Latest release
2017-03-29
 Issues
Open Issues
0
Closed Issues
1
Total Issues
1
Issue Closure Rate
100%
 Development
Primary Language
Ruby
Licenses
MIT
Average date of last 50 commits
2017-03-29
Reverse Dependencies
0

 Dependencies

Development

bundler
~> 1.14
rake
~> 10.0
rspec
~> 3.0

Runtime

pcaprub
~> 0.12.4
 Project Readme

Bilbo

Bilbo is a tiny packet capture library built on pcaprub to interface with libpcap.

Bilbo Baggins

Why?

You never know when you're going need a simple, hobbit-like ( small ) network packet burglaring ( capturing ) library such as Bilbo.

Installation

$ gem install bilbo

Usage

Packet capturing with Bilbo is incredibly straight-forward.

require 'bilbo'

Bilbo::Capture.new do |packet|
  # do something with the packet 
end

Customizations

Of course!

require 'bilbo'

cap = Bilbo::Capture.new
 
cap.iface   = "en0"  # interface en0
cap.promisc = true   # promiscuous mode, on
cap.start            # start capturing

cap.packets do |packet|
  # do something with the packet 
end

Pretty flexible, doing the same thing as above:

require 'bilbo'

cap = Bilbo::Capture.new(iface: "en0", promisc: true)
cap.start do |packet|
  # do something with the packet 
end

Packet Parsing?

Bilbo provides no packet parsing abstractions. You can use something like PacketGen with Bilbo together:

PacketGen

PacketGen works really well for parsing the packets into a human-friendly interface.

require 'bilbo'
require 'packetgen'

cap = Bilbo::Capture.new

cap do |packet|
  parsed_packet = PacketGen.parse(packet)
  # do something with the parsed packet 
end

PacketFu

Since Bilbo is simply capturing packets, you can easily use PacketFu if wanted to:

require 'bilbo'
require 'packetfu'

cap = Bilbo::Capture.new

cap do |packet|
  parsed_packet = PacketFu::Packet.parse(packet)
  # do something with the parsed packet 
end

TODO's

  • Methods for checking state of the capture, like:
require 'bilbo'

cap = Bilbo::Capture.new(start: true)

cap.capturing?
# => true

cap.started? 
# => true

# stop capture
cap.stop

# but, we know it was started beforehand
cap.started?
# => true

# and we can check that we aren't capturing still
cap.capturing?
# => false
  • Human friendly alias features?
require 'bilbo'

cap = Bilbo::Capture.new

cap.promisc = true
# or 
cap.promiscuous = true
# or 
cap.promiscuous!
# and
cap.promiscuous?

# stuff like that
  • Check internal documentation and inline documentation for ma' errorz.
  • More packet wrangle'n features for the .packets() method?
  • Some sort of PacketFu/PacketGen shell like functionality.
  • Specs? Because that'd be nice.
  • Write some sort of ngrep like clone using Bilbo.

❤️ Ruby Community

Bilbo has taken inspriation from many ruby packet capturing / parsing gems:

License

The gem is available as open source under the terms of the MIT License.