[NETFRAME] Net::Packet::Dump / Net::Frame::Dump::Online - Concurrent Simultaneous Capture Limit?

GomoR gomor at gomor.org
Tue Jun 16 00:26:23 CEST 2009 

Hi,

here is the pure Perl version, no need to fork() at all here. The main 
idea is to create as much writers as you want (Net::Frame::Dump::Writer), 
and use only one Net::Frame::Dump::Online. Each time the Online object 
captures a frame, a callback is called. Then, you dispatch the frame in 
the writer of your choice.

--8<--
#!/usr/bin/perl
use strict;
use warnings;

use Data::Dumper;
use Net::Frame::Dump::Online;
use Net::Frame::Dump::Writer;
use Net::Frame::Simple;
use Data::UUID;

our $sessions = {};

my $session_counter = 0;

while ($session_counter < 10) {
   my $uuid = Data::UUID->new()->create_str();
   $sessions->{$uuid} = Net::Frame::Dump::Writer->new(
      file       => 'pcaps/' . $uuid . '.pcap',
      firstLayer => 'ETH',
      overwrite  => 1,
   );
   $sessions->{$uuid}->start;
   $session_counter++;
}

my $oDump = Net::Frame::Dump::Online->new(
   dev           => 'msk0',
   file          => 'pcaps/' . 'online' . '.pcap',
   filter        => 'tcp port 80',
   promisc       => 1,
   snaplen       => 65535,
   keepTimestamp => 1,
   unlinkOnStop  => 1,
   overwrite     => 1,
   onRecv        => \&dumpCallback,
   onRecvData    => $sessions,
);
$oDump->start;

sub dumpCallback {
   my ($h, $sessions) = @_;
   print "got packet, saving it\n";
   # We just save it to all the files, you need to refine this
   for my $uuid (keys %$sessions) {
      $sessions->{$uuid}->write($h);
   }
}
--8<--

On Thu, Jun 11, 2009 at 11:53:42AM -0400, Darien Kindlund wrote:
> Hi GomoR,
> 
> It looks like the Net::Frame::Dump::Online package is keeping up with
> the requirements I mentioned earlier.  I've enclosed a stripped down
> version of perl code which describes how I'm using it.  I'm hoping you
> can take a look at it and let me know if you see any particular
> problems.  Basically, the code creates 50 dump objects and then cycles
> through each dump object, printing the first 10 packets, and then
> resetting the dump session.  I realize that creating 50 dump objects
> using the same filter is not very useful; however, assume the real
> code would set each dump object with a unique filter.
> 
> Please let me know if this is the correct way to use your library,
> specifically in terms of flushing data as much as possible in order to
> avoid obvious memory overflow conditions.  Also, it's safe to assume
> that the real code would do something with the generated .pcap between
> the ->stop() call and the ->flush() call.
> 
> Here's the code:
> 
> #!/usr/bin/perl -w
> 
> use strict;
> use warnings;
> 
> use Data::Dumper;
> use Net::Frame::Dump::Online;
> use Net::Frame::Simple;
> use Data::UUID;
> 
> our $sessions = {};
> 
> my $session_counter = 0;
> 
> while ($session_counter < 51) {
>     my $uuid = Data::UUID->new()->create_str();
>     $sessions->{$uuid} = Net::Frame::Dump::Online->new(
>             dev           => 'eth0',
>             file          => 'pcaps/' . $uuid . '.pcap',
>             filter        => 'tcp port 22',
>             promisc       => 1,
>             snaplen       => 65535,
>             keepTimestamp => 1,
>             unlinkOnStop  => 0,
>             overwrite     => 1,
>     );
> 
>     # Start capture
>     #print Dumper($sessions->{$uuid}) . "\n";
>     print "Starting...\n";
>     $sessions->{$uuid}->start;
>     $session_counter++;
> }
> 
> while (1) {
>     foreach my $key (keys %{$sessions}) {
>         print "Handling UUID: " . $key . "\n";
>         #print Dumper($sessions->{$key}) . "\n";
> 
>         my $counter = 0;
>         while (1) {
>             if (my $frame = $sessions->{$key}->next) {
>                 $frame = Net::Frame::Simple->newFromDump($frame);
>                 print $frame->print . "\n";
>                 #print Dumper($frame) . "\n";
>                 $counter++;
>                 if ($counter > 10) {
>                     last;
>                 }
>             }
>         }
> 
>         # Cleanup
>         print "Stopping...\n";
>         $sessions->{$key}->stop;
>         #print Dumper($sessions->{$key}) . "\n";
> 
>         #print "Sleeping...\n";
>         #sleep(5);
> 
>         print "Flushing...\n";
>         $sessions->{$key}->flush;
>         #print Dumper($sessions->{$key}) . "\n";
> 
>         #print "Sleeping...\n";
>         #sleep(10);
> 
>         print "Starting...\n";
>         $sessions->{$key}->start;
>     }
> }
> 
> ---
> 
> Lastly, when running this code, I occasionally run into this message:
> Argument "" isn't numeric in numeric le (<=) at
> /usr/local/share/perl/5.8.8/Net/Frame/Layer/ETH.pm line 193.
> Unable to unpack next layer, not yet implemented in layer: 0:ETH
> ETH: dst:49:09:90:01:ef:b7  src:  length:0
> 
> Does this message appear strictly because I have 'use warnings;' in
> the parent code?  In other words, what's the correct way to suppress
> or handle this error message?
> 
> Thanks,
> -- Darien
> _______________________________________________
> netframe site list
> netframe at lists.gomor.org
> http://lists.gomor.org/mailman/listinfo/netframe
> 

-- 
  ^  ___  ___             http://www.GomoR.org/          <-+
  | / __ |__/               Research Engineer              |
  | \__/ |  \     ---[ zsh$ alias psed='perl -pe ' ]---    |
  +-->  Net::Frame <=> http://search.cpan.org/~gomor/  <---+

More information about the netframe mailing list