prdrill.rb
# ------------------------------------------------------------------
# prdrill.rb	Print all fields in a packet (drilldown)
#	usage : prdrill <capture-file> <pktid> 
#
#
# ------------------------------------------------------------------
require 'win32ole'
 
USAGE = "prdrill <capture-filename> <pkt-id>"
 
 
# function printField
#	Formats and prints a field (also subfields if present)
#
def printField(indent, field)
	pad = "  "*indent
	print pad
	print "#{field.Name}\t\t #{field.Value} \n" 
 
	if field.SubFieldCount > 0 
		field.SubFields.each { |f| printField(indent+2, f) }
	end
end
 
 
if ARGV.length != 2
	puts USAGE
	exit 1
end
 
InputFile = ARGV[0]
PktID     = ARGV[1]
UnsniffDB = WIN32OLE.new("Unsniff.Database")
UnsniffDB.Open(InputFile)
 
 
Packet = UnsniffDB.PacketIndex(PktID)
layers = Packet.Layers
layers.each do |lyr| 
	print "#{lyr.Name}\n------------------------\n"
	lyr.Fields.each { |field| printField(1,field) }
end
 
UnsniffDB.Close()