Project

ffi-pcap

0.02
No release in over 3 years
Low commit activity in last 3 years
Bindings to libpcap via FFI interface in Ruby.
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
2025
 Dependencies

Development

~> 2.0
~> 0.8

Runtime

~> 1.0
~> 0.1.12
 Project Readme

ffi-pcap

Description

Ruby FFI bindings for libpcap.

Features

Exposes all features of the libpcap library including live packet capture, offline packet capture, live packet injection, etc..

Currently, FFI::PCap does not supply any packet dissection routines. The choice of what to use is left up to you.

Packet dissection libraries:

  • ffi-packets - Maps raw packets to FFI::Struct objects.

Examples

Reading ICMP packets from a live interface.

require 'rubygems'
require 'ffi/pcap'

pcap =
  FFI::PCap::Live.new(:dev => 'lo0',
                      :timeout => 1,
                      :promisc => true,
                      :handler => FFI::PCap::Handler)

pcap.setfilter("icmp")

pcap.loop() do |this,pkt|
  puts "#{pkt.time}:"

  pkt.body.each_byte {|x| print "%0.2x " % x }
  putc "\n"
end

Reading packets from a pcap dump file:

require 'rubygems'
require 'ffi/pcap'

pcap = FFI::PCap::Offline.new("./foo.cap")

pcap.loop() do |this,pkt|
  puts "#{pkt.time}:"

  pkt.body.each_byte {|x| print "%0.2x " % x }
  putc "\n"
end

Replaying packets from a pcap dump file on a live interface:

require 'rubygems'
require 'ffi/pcap'

live = FFI::PCap::Live.new(:device => 'en0')
offline = FFI::PCap::Offline.new("./foo.cap")

if live.datalink == offline.datalink
  offline.loop() {|this,pkt| live.inject(pkt) }
end

Requirements

Install

$ sudo gem install ffi-pcap

License

See {file:LICENSE.txt} for license information.