Add packet writing functionality to Redhound with pcapng support

Author: ydah

README.md

@@ -20,11 +20,20 @@ gem install redhound
 ## Usage
 
 ```command
+   ___         ____                     __
+  / _ \___ ___/ / /  ___  __ _____  ___/ /
+ / , _/ -_) _  / _ \/ _ \/ // / _ \/ _  /
+/_/|_|\__/\_,_/_//_/\___/\_,_/_//_/\_,_/
+
+Version: 0.1.0
+Dump and analyze network packets.
+
 Usage: redhound [options] ...
 
 Options:
     -i, --interface INTERFACE        name or idx of interface
     -D, --list-interfaces            print list of interfaces and exit
+    -w FILE                          write packets to a pcapng-format file named "outfile"
     -h, --help                       display this help and exit
     -v, --version                    display version information and exit
 ```

lib/redhound.rb

@@ -7,3 +7,4 @@
 require_relative 'redhound/receiver'
 require_relative 'redhound/socket_builder'
 require_relative 'redhound/version'
+require_relative 'redhound/writer'

lib/redhound/command.rb

@@ -15,7 +15,7 @@ def run(argv)
         warn 'Error: interface is required'
         exit 1
       end
-      Receiver.run(ifname: @options[:ifname])
+      Receiver.run(ifname: @options[:ifname], filename: @options[:filename])
     end
 
     def parse(argv)
@@ -39,6 +39,7 @@ def parse(argv)
           list_interfaces
           exit
         end
+        o.on('-w FILE', 'write packets to a pcapng-format file named "outfile"') { |v| @options[:filename] = v }
         o.on('-h', '--help', 'display this help and exit') do
           puts o
           exit

lib/redhound/receiver.rb

@@ -5,20 +5,28 @@
 module Redhound
   class Receiver
     class << self
-      def run(ifname:)
-        new(ifname:).run
+      def run(ifname:, filename:)
+        new(ifname:, filename:).run
       end
     end
 
-    def initialize(ifname:)
+    def initialize(ifname:, filename:)
       @ifname = ifname
       @socket = SocketBuilder.build(ifname:)
+      if filename
+        @writer = Writer.new(filename:)
+        @writer.start
+      end
     end
 
     def run
       loop do
         msg, = @socket.recvfrom(2048)
         Analyzer.analyze(msg:)
+        @writer.write(msg) if @writer
+      rescue Interrupt
+        @writer.stop if @writer
+        break
       end
     end
   end

lib/redhound/writer.rb

@@ -0,0 +1,46 @@
+# frozen_string_literal: true
+
+module Redhound
+  class Writer
+    def initialize(filename:)
+      @filename = filename
+    end
+
+    def start
+      @file = File.open(@filename, 'wb')
+      @file.write(file_header)
+    end
+
+    def write(msg)
+      @file.write(packet_record(Time.now, msg.bytesize, msg.bytesize))
+      @file.write(msg)
+    end
+
+    def stop
+      @file.close
+    end
+
+    private
+
+    def file_header
+      [
+        0xa1b2c3d4, # Magic Number (little-endian)
+        2,          # Version Major
+        4,          # Version Minor
+        0,          # Timezone offset (GMT)
+        0,          # Timestamp accuracy
+        65535,      # Snapshot length
+        1           # Link-layer header type (Ethernet)
+      ].pack('VvvVVVV')
+    end
+
+    def packet_record(timestamp, captured_length, original_length)
+      [
+        timestamp.to_i,           # Timestamp seconds
+        (timestamp.usec || 0),    # Timestamp microseconds
+        captured_length,          # Captured packet length
+        original_length           # Original packet length
+      ].pack('VVVV')
+    end
+  end
+end