[NETFRAME] Retrieving data from a packet contained in Net::Frame/Net::Packet objects
GomoR
gomor at gomor.org
Tue Jan 27 10:44:25 CET 2009
On Mon, Jan 26, 2009 at 09:26:47PM -0800, Brian Manning wrote:
> Hi,
Hi,
[..]
> there was an easy way to get at the contents of those objects so I can
[..]
Of course there is ;)
[..]
> are to parse the output of Net::Packet->print, to grab the raw data
> and unpack it myself, or add the methods myself to the appropriate
[..]
Ugly way :) Net::Packet and its successor Net::Frame were meant
to avoid just things ;)
I will describe the way to do it using Net::Frame, the now prefered
framework.
# First, create a Net::Frame::Dump::Offline object:
my $oDump = Net::Frame::Dump::Offline->new(file => $file);
$oDump->start;
# Now you gather every packets:
my ($src, $tcp);
while (my $h = $oDump->next) {
my $f = Net::Frame::Simple->new(
raw => $h->{raw},
firstLayer => $h->{firstLayer},
timestamp => $h->{timestamp},
);
# Now you have a Net::Frame::Simple object,
# Refer to perldoc Net::Frame::Simple for more
# If you want to stats on src/dst TCP ports:
if (exists $f->ref->{TCP}) {
$src->{$f->ref->{TCP}->src}++;
$dst->{$f->ref->{TCP}->dst}++;
}
}
# Print results
use Data::Dumper;
print Dumper($src)."\n";
print Dumper($dst)."\n";
--
^ ___ ___ http://www.GomoR.org/ <-+
| / __ |__/ Research Engineer |
| \__/ | \ ---[ zsh$ alias psed='perl -pe ' ]--- |
+--> Net::Frame <=> http://search.cpan.org/~gomor/ <---+
More information about the netframe
mailing list