Example Programs
Some simple programs that demonstrate how to use ruby-libtrace.
Notes
Ruby version 1.9
In version 1.8 a single byte selected from a string returns an integer,
e.g. s = 'ab c'; s[2] retured 0x20
In version 1.9 s[2] returns a 1-char string, ' '
To convert that 1-char string to an integer, you say s[2].ord
( -> 0x20 )
Sample trace files
Two short trace files are included with the programs, they are
- anon-v4.bpf
A trace file with mostly IPv4 records.
It also includes
ARP records, containing anonymised IP addresses.
- anon-v6.bpf A trace file with mostly IPv6 records.
Source Code
Ruby source code for all these example programs is supplied in the
distribution's doc/examples directory.
Click on the links below to reach the sources.
Programs that read and display trace files
IP.rb,
IP6.rb,
UDP.rb,
TCP.rb,
ICMP.rb
Demonstrate libtrace's protocol header decodes
Layers.rb
Demonstrate decoding of packets as a series of
protocol layers,
and looking at the data in each layer.
trace-test.rb
Demonstrates a few trace-management methods,
and shows how to use ruby-libtrace Global Constants.
Programs that write trace files
copy-first-n.rb
Copies the first n records from one trace to another
arp-anon.rb
Reads a trace file, changes 'source' and 'target' IP addresses
in ARP records.
Demonstrates using class set
methods to change
fields within a Packet
sw-filter.rb
Looks through a trace for UDP records with source or destination port
53, i.e. DNS records. Displays their UDP and UDP payload data.
bpf-filter.rb
Same as sw-filter.rb, but uses a bpf filter 'udp port 53'.
Also demonstrates how to get and print libtrace errors.
change-filter.rb
Same as bpf-filter.rb, but demonstrates how to catch LibtraceError exceptions, and how to change a Trace's bpf filter part-way through the trace.
Packet.rb
Demonstrates how to use copy_packet to save a copy of a Packet
together with its data bytes.
Other Ruby source code
rlt-support.rb
A collection of handy functions used in these example
programs.
Nevil Brownlee
Wed, 13 Aug 08 (NZST)