# ------------------------------------------------------------------ # dlayer.rb Print all the layer fields # usage : prlayer <capture-file> <layername> # # # ------------------------------------------------------------------ require 'win32ole' USAGE = "prlayer <capture-filename> <layer-name>" # function printField # Formats and prints a field (also subfields if present) # def printField(indent, field) pad = " "*indent print pad print "#{field.Name}\t\t #{field.Value} \n" if field.SubFieldCount > 0 field.SubFields.each { |f| printField(indent+2, f) } end end if ARGV.length != 2 puts USAGE exit 1 end InputFile = ARGV[0] LayerName = ARGV[1] UnsniffDB = WIN32OLE.new("Unsniff.Database") UnsniffDB.Open(InputFile) PacketStore = UnsniffDB.PacketIndex (0..PacketStore.Count-1).each do |idx| pkt = PacketStore.Item(idx) layers = pkt.Layers layers.each do |lyr| if lyr.Name == LayerName print "#{lyr.Name}\n---#{pkt.ID}--#{pkt.Description}---\n" lyr.Fields.each { |field| printField(1,field) } end end end UnsniffDB.Close()