[NETFRAME] Net::Packet::Dump / Net::Frame::Dump::Online - Concurrent Simultaneous Capture Limit?
Darien Kindlund
darien at kindlund.com
Thu Jun 11 17:53:42 CEST 2009
Hi GomoR,
It looks like the Net::Frame::Dump::Online package is keeping up with
the requirements I mentioned earlier. I've enclosed a stripped down
version of perl code which describes how I'm using it. I'm hoping you
can take a look at it and let me know if you see any particular
problems. Basically, the code creates 50 dump objects and then cycles
through each dump object, printing the first 10 packets, and then
resetting the dump session. I realize that creating 50 dump objects
using the same filter is not very useful; however, assume the real
code would set each dump object with a unique filter.
Please let me know if this is the correct way to use your library,
specifically in terms of flushing data as much as possible in order to
avoid obvious memory overflow conditions. Also, it's safe to assume
that the real code would do something with the generated .pcap between
the ->stop() call and the ->flush() call.
Here's the code:
#!/usr/bin/perl -w
use strict;
use warnings;
use Data::Dumper;
use Net::Frame::Dump::Online;
use Net::Frame::Simple;
use Data::UUID;
our $sessions = {};
my $session_counter = 0;
while ($session_counter < 51) {
my $uuid = Data::UUID->new()->create_str();
$sessions->{$uuid} = Net::Frame::Dump::Online->new(
dev => 'eth0',
file => 'pcaps/' . $uuid . '.pcap',
filter => 'tcp port 22',
promisc => 1,
snaplen => 65535,
keepTimestamp => 1,
unlinkOnStop => 0,
overwrite => 1,
);
# Start capture
#print Dumper($sessions->{$uuid}) . "\n";
print "Starting...\n";
$sessions->{$uuid}->start;
$session_counter++;
}
while (1) {
foreach my $key (keys %{$sessions}) {
print "Handling UUID: " . $key . "\n";
#print Dumper($sessions->{$key}) . "\n";
my $counter = 0;
while (1) {
if (my $frame = $sessions->{$key}->next) {
$frame = Net::Frame::Simple->newFromDump($frame);
print $frame->print . "\n";
#print Dumper($frame) . "\n";
$counter++;
if ($counter > 10) {
last;
}
}
}
# Cleanup
print "Stopping...\n";
$sessions->{$key}->stop;
#print Dumper($sessions->{$key}) . "\n";
#print "Sleeping...\n";
#sleep(5);
print "Flushing...\n";
$sessions->{$key}->flush;
#print Dumper($sessions->{$key}) . "\n";
#print "Sleeping...\n";
#sleep(10);
print "Starting...\n";
$sessions->{$key}->start;
}
}
---
Lastly, when running this code, I occasionally run into this message:
Argument "" isn't numeric in numeric le (<=) at
/usr/local/share/perl/5.8.8/Net/Frame/Layer/ETH.pm line 193.
Unable to unpack next layer, not yet implemented in layer: 0:ETH
ETH: dst:49:09:90:01:ef:b7 src: length:0
Does this message appear strictly because I have 'use warnings;' in
the parent code? In other words, what's the correct way to suppress
or handle this error message?
Thanks,
-- Darien
More information about the netframe
mailing list