ReassembleTcp
Ruby gem for reassembling TCP fragment data from pcap file like Wireshark.
See: http://wiki.wireshark.org/TCP_Reassembly
Installation
Add this line to your application's Gemfile:
gem 'reassemble_tcp'And then execute:
$ bundle
Or install it yourself as:
$ gem install reassemble_tcp
Usage
require 'reassemble_tcp'
ReassembleTcp.tcp_data_stream('some.pcap') {|t, from, to, data|
  puts "[#{t.strftime("%Y/%m/%d %H:%M:%S.%6N")} #{from} -> #{to}"
  puts data[0..100]
  puts
}Contributing
- Fork it
- Create your feature branch (git checkout -b my-new-feature)
- Commit your changes (git commit -am 'Add some feature')
- Push to the branch (git push origin my-new-feature)
- Create new Pull Request