Using ruby 1.9 and latest gem install pcap + fix for compiling (convert ->ptr/->len to _PTR/_LEN), i found that after doing simple code:
require 'pcap'
cap = Pcap::Capture.open_offline('1.dmp')
cap.each { |pkt| p pkt.src; }
exit
Pcap gem not leaving block cap.each, i.e. output:
...
213.248.106.202
192.168.1.50
213.248.106.202
192.168.1.50
^C
^C
^C
^C
^C
And process can be killed only by kill -s KILL <process_id>.
Is there any way to fix this?
P.S. 1.dmp file generated using tcpdump -w 1.dmp.
Pcap::Capture#each or Pcap::Capture#each_packet takes an optional count argument. If it is -1, it loops until EOF.
You could try passing a number to each and see what happens.
If that hangs, there might be an issue in the extension code.