[NETFRAME] Retrieving data from a packet contained in Net::Frame/Net::Packet objects
Brian Manning
elspicyjack at gmail.com
Tue Jan 27 06:26:47 CET 2009
Hi,
I'm in the middle of building a tool that reads existing pcap files
and compiles statistics as to which host sent the most packets on
which ports. I can read the pcap files off of the filesystem using
the example in the Net::Packet::Dump POD page, I was wondering if
there was an easy way to get at the contents of those objects so I can
start compiling statistics. I would be looking for the source and
destination IP addresses and ports from each captured frame, as well
as the size of the layer 7 payload (which I can get from Net::Packet just fine).
If it matters, I'm using RHEL5U2 on x86, and the pcap files were
obtained by converting them from a proprietary format (Etherpeek) to
pcap format.
The options that I've come up with so far to get what I'm looking for
are to parse the output of Net::Packet->print, to grab the raw data
and unpack it myself, or add the methods myself to the appropriate
Net::Packet objects that can be used once the frame has been unpacked.
I was wondering if there was an easier way that I might be missing. I
also realize that I may be able to use Net::Frame to also accomplish
this task, but I haven't seen anything in that framework that lets me
get the individual pieces of the unpacked packets in there either.
Thanks,
Brian
More information about the netframe
mailing list