#!/usr/bin/env ruby

require 'RubyLibtrace'

# 1740, Wed 13 Aug 08 (NZST)
# change-filter.rb: Create a packet filter, change it after seeing a few packets
# Copyright (C) 2008, Nevil Brownlee, U Auckland | CAIDA | Wand

begin
   f = Trace.new(ARGV[0])
   filter = Filter.new('udp port 53')  # Only want DNS packets
   f.conf_filter(filter)
   f.conf_snaplen(2500)
   # f.conf_promisc(true)
   # Remember: on a live interface, must sudo to capture
   #           on a trace file, can't set promicuous
rescue => e
   print "#{e.backtrace[0]}: #{e.message} (#{e.class})\n"
      # Same format as interpreter uses if there's no rescue clause
   exit
end

f.start

nfp = 0
f.each_packet do |pkt|
   nfp += 1

   trans = pkt.transport
   if (trans)
      print "Filtered Packet #{nfp}, " +
         "capture_len=#{pkt.capture_len}, proto=#{trans.proto}\n"
      print "trans:  #{s_to_hex(trans.data, 6)}\n"
      upp = pkt.udp_payload
      print "udp data: #{s_to_hex(upp.data, 6)}\n\n" if upp
      tpp = pkt.tcp_payload
      print "tcp data: #{s_to_hex(tpp.data, 6)}\n\n" if tpp
   end

   if nfp == 4
      filter = Libtrace::Filter.new('tcp')  # Now only want TCP packets
      f.pause
      f.conf_filter(filter)
      f.start
   else
      break if nfp == 8
   end
end