# ------------------------------------------------------------------
# prdrill.rb	Print all fields in a packet (drilldown)
#	usage : prdrill <capture-file> <pktid> 
#
#
# ------------------------------------------------------------------
require 'win32ole'

USAGE = "prdrill <capture-filename> <pkt-id>"


# function printField
#	Formats and prints a field (also subfields if present)
#
def printField(indent, field)
	pad = "  "*indent
	print pad
	print "#{field.Name}\t\t #{field.Value} \n" 
	
	if field.SubFieldCount > 0 
		field.SubFields.each { |f| printField(indent+2, f) }
	end
end


if ARGV.length != 2
	puts USAGE
	exit 1
end

InputFile = ARGV[0]
PktID     = ARGV[1]
UnsniffDB = WIN32OLE.new("Unsniff.Database")
UnsniffDB.Open(InputFile)


Packet = UnsniffDB.PacketIndex(PktID)
layers = Packet.Layers
layers.each do |lyr| 
	print "#{lyr.Name}\n------------------------\n"
	lyr.Fields.each { |field| printField(1,field) }
end

UnsniffDB.Close()