1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
|
#
# Sniffer is a very dumb wrapper to start and stop tcpdumps instances, possibly
# with customized filters. Captured traffic is stored in files whose name
# depends on the sniffer name. The resulting captured packets for each sniffers
# can be accessed as an array through its `packets` method.
#
# Use of more rubyish internal ways to sniff a network like with pcap-able gems
# is waaay to much resource consumming, notmuch reliable and soooo slow. Let's
# not bother too much with that. :)
#
# Should put all that in a Module.
class Sniffer
attr_reader :name, :pcap_file, :pid
def initialize(name, vmnet)
@name = name
@vmnet = vmnet
pcap_name = sanitize_filename("#{name}.pcap")
@pcap_file = "#{$config["TMPDIR"]}/#{pcap_name}"
end
def capture(filter="not ether src host #{@vmnet.bridge_mac} and not ether proto \\arp and not ether proto \\rarp")
job = IO.popen(
[
"/usr/sbin/tcpdump",
"-n",
"-U",
"--immediate-mode",
"-i", @vmnet.bridge_name,
"-w", @pcap_file,
filter,
:err => ["/dev/null", "w"]
]
)
@pid = job.pid
end
def stop
begin
Process.kill("TERM", @pid)
rescue
# noop
end
end
def clear
if File.exist?(@pcap_file)
File.delete(@pcap_file)
end
end
end
|