azet · April 3, 2019 22:56 · iamhabbeboy · Apr 27, 2018
diff --git a/sniff.rb b/sniff.rb
 #!/usr/bin/env ruby
 require 'packetfu'

 # filter = argv[0] - tcpdump style.
 # e.g. 'dst host bla.dom.tld and port http and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)'
 # to cap. http traffic. or 'host W.X.Y.Z' to cap a speficic host/ip

 cap = PacketFu::Capture.new(:start => true)

 cap.save(:filter => ARGV[0])
 cap.stream.each do |packet, index|
        pkt = PacketFu::Packet.parse packet
 	puts "\n>> DISSECTION:\n"
 	puts pkt.dissect
 	puts "\n>> PAYLOAD:\n"
 	puts pkt.payload
 	puts "\n>> SIZE:\n"
 	puts pkt.size
 	
 end
	#!/usr/bin/env ruby
	require 'packetfu'

	# filter = argv[0] - tcpdump style.
	# e.g. 'dst host bla.dom.tld and port http and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)'
	# to cap. http traffic. or 'host W.X.Y.Z' to cap a speficic host/ip

	cap = PacketFu::Capture.new(:start => true)

	cap.save(:filter => ARGV[0])
	cap.stream.each do \|packet, index\|
	pkt = PacketFu::Packet.parse packet
	puts "\n>> DISSECTION:\n"
	puts pkt.dissect
	puts "\n>> PAYLOAD:\n"
	puts pkt.payload
	puts "\n>> SIZE:\n"
	puts pkt.size

	end