qfield.rb
# ------------------------------------------------------------------
# qfield.rb	Print all the values of a given field
#	usage : qfield <capture-file> <layername> <fieldname>
#
#
# ------------------------------------------------------------------
require 'win32ole'
 
USAGE = "qfield <capture-filename> <layer-name> <field-name>"
 
 
# function printField
#	Formats and prints a field (also subfields if present)
#
def printField(indent,field)
	print " "*indent
	print "#{field.Name}\t( #{field.Value} )\t" +
	      "[ s: #{field.SizeBits} o: #{field.OffsetBits} ]\n"
 
	if field.SubFieldCount > 0 
		field.SubFields.each { |f| printField(indent+2, f) }
	end
end
 
 
if ARGV.length != 3
	puts USAGE
	exit 1
end
 
InputFile = ARGV[0]
LayerName = ARGV[1]
FieldName = ARGV[2]
 
UnsniffDB = WIN32OLE.new("Unsniff.Database")
UnsniffDB.Open(InputFile)
PacketStore = UnsniffDB.PacketIndex
Count = UnsniffDB.PacketCount
(0..Count-1).each do  |idx| 
	packet = PacketStore.Item(idx)
	layers = packet.Layers
	layers.each do |lyr| 
		if lyr.Name == LayerName
			field = lyr.FindField(FieldName)
			if field
				printField(0,field)
			end
		end
	end
end
UnsniffDB.Close()