libpcap with Ruby

rubyonrails-talk
1

I just try some script from fukusima

http://www.goto.info.waseda.ac.jp/~fukusima/ruby/pcap/examples/

When I try to run the script it give a warning

/usr/lib/ruby/site_ruby/1.8/i686-linux/pcap.so: warning: do not use Fixnums as Symbols /usr/lib/ruby/site_ruby/1.8/i686-linux/pcap.so: warning: do not use Fixnums as Symbols /usr/lib/ruby/site_ruby/1.8/i686-linux/pcap.so: warning: do not use Fixnums as Symbols

Is there any mistake or library that I didn't include ?

I also try this code :

#!/usr/bin/env ruby

# this line imports the libpcap ruby bindings require 'pcaplet'

# create a sniffer that grabs the first 1500 bytes of each packet $network = Pcaplet.new('-s 1500')

# create a filter that uses our query string and the sniffer we just made $filter = Pcap::Filter.new('tcp and dst port 80', $network.capture)

# add the new filter to the sniffer $network.add_filter($filter)

# iterate over every packet that goes through the sniffer for p in $network   # print packet data for each packet that matches the filter   puts p.tcp_data if $filter =~ p end

and suppose it appear some output after run it, nothing appear :frowning:

anyone have some solutions ?

thanks in advance

2

I just try some script from fukusima

http://www.goto.info.waseda.ac.jp/~fukusima/ruby/pcap/examples/

When I try to run the script it give a warning

/usr/lib/ruby/site_ruby/1.8/i686-linux/pcap.so: warning: do not use Fixnums as Symbols /usr/lib/ruby/site_ruby/1.8/i686-linux/pcap.so: warning: do not use Fixnums as Symbols /usr/lib/ruby/site_ruby/1.8/i686-linux/pcap.so: warning: do not use Fixnums as Symbols

Is there any mistake or library that I didn't include ?

that library is just a little old. ports/123302: [Maintainter Update] games/crafty -> 22.1 + new features   looks like it should fix it ( i did something very similar my self a
long time ago)

I also try this code :

#!/usr/bin/env ruby

# this line imports the libpcap ruby bindings require 'pcaplet'

# create a sniffer that grabs the first 1500 bytes of each packet $network = Pcaplet.new('-s 1500')

# create a filter that uses our query string and the sniffer we just made $filter = Pcap::Filter.new('tcp and dst port 80', $network.capture)

# add the new filter to the sniffer $network.add_filter($filter)

# iterate over every packet that goes through the sniffer for p in $network # print packet data for each packet that matches the filter puts p.tcp_data if $filter =~ p end

and suppose it appear some output after run it, nothing appear :frowning:

did you run it as root ?

The script i had looked more like.

$network.each_packet do |p| ... end

You don't need to check if the packet matches the filter - it will
only get passed to you if it does.

Fred

3

Yup, I run the script with root

Look like the library is quite old, is it still working ? :slight_smile:

4

Yup, I run the script with root

Look like the library is quite old, is it still working ? :slight_smile:

was working for me a few months ago

Fred