From gomor at gomor.org Tue Nov 24 08:47:49 2009 From: gomor at gomor.org (GomoR) Date: Tue, 24 Nov 2009 08:47:49 +0100 Subject: [NETFRAME] Net::Frame issue In-Reply-To: <70743afb0911231557ndddb282qb82940fbfe0fee4@mail.gmail.com> References: <70743afb0911231557ndddb282qb82940fbfe0fee4@mail.gmail.com> Message-ID: <20091124074749.GA6783@legion.enslaved.lan> On Tue, Nov 24, 2009 at 12:57:15AM +0100, Roman Pierce wrote: > Dear gomor, > my name is Roman. Hi, next time, please ask to netframe mailing list: http://lists.gomor.org/mailman/listinfo/netframe > Actually I'm really interested in the security field and I'm developing my > first security oriented scripts. > I've two questions for you. > 1) I wrote this simple subroutine to determine if an UDP port is open or > closed and I'm actually using NetPacket::IP and NetPacket::ICMP. > I would like to replace the little piece of code by using your > Net::Frame::Layer::IPv4 and ICMPv4, but I'm encountering a problem. > Here is the first code: > > #!/usr/bin/perl # Always add that use strict; use warnings; > use IO::Select; > use IO::Socket; > use NetPacket::IP; > use NetPacket::ICMP; > > sub checkudp { [..] > if ( $readhandle == $icmps ) { > > $icmps -> recv($raw, $maxlen, 0); > > $ip = NetPacket::IP -> decode($raw); > $icmp = NetPacket::ICMP -> decode($ip -> {data}); # Try with that use Net::Frame::Simple; $icmp = Net::Frame::Simple->new(raw => $raw, firstLayer => 'ICMPv4'); $type = $icmp->ref->{ICMPv4}->type; $code = $icmp->ref->{ICMPv4}->code; > if ($type == 3 && ($code == 1 || $code == 2 || $code == 9 || > $code == 10 || $code == 13)) { return 0; } # Filtered (ICMP Reply) > else { return 2; } # Closed > > } > > } [..] > Can you help me ? > Thanks you really > > > PS. You wrote the Net::Packet::CDP, but i cannot find a > Net::Frame::Layer::CDP implementation. Shall i use this module instead to > generate CDP packet, together with Net::Frame::Layer::ETH and LLC ? Currently, you cannot combine Net::Packet with Net::Frame. Or it will be hard to do. And I don't have written Net::Frame::Layer::CDP either. Regards, -- ^ ___ ___ http://www.GomoR.org/ <-+ | / __ |__/ Research Engineer | | \__/ | \ ---[ zsh$ alias psed='perl -pe ' ]--- | +--> Net::Frame <=> http://search.cpan.org/~gomor/ <---+ From gomor at gomor.org Tue Nov 24 17:36:27 2009 From: gomor at gomor.org (GomoR) Date: Tue, 24 Nov 2009 17:36:27 +0100 Subject: [NETFRAME] Net::Frame issue In-Reply-To: <70743afb0911240833v76307dlcfb56717a0cb0f1d@mail.gmail.com> References: <70743afb0911231557ndddb282qb82940fbfe0fee4@mail.gmail.com> <20091124074749.GA6783@legion.enslaved.lan> <70743afb0911240833v76307dlcfb56717a0cb0f1d@mail.gmail.com> Message-ID: <20091124163627.GA8247@legion.enslaved.lan> On Tue, Nov 24, 2009 at 05:33:43PM +0100, Roman Pierce wrote: [..] > Instead, if i set firstLayer to IPv4 i get: > > Unable to unpack next layer, not yet implemented in layer: 0:IPv4 > substr outside of string at /Library/Perl/5.10.0/Net/Frame/Simple.pm line > 239. > type ->3 > code ->3 Ok, it may be related to the truncation if the payload of the ICMPv4 message. Could you add something like: print unpack('H*', $raw)."\n"; Juste before Net::Frame::Simple->new() and send me the output ? -- ^ ___ ___ http://www.GomoR.org/ <-+ | / __ |__/ Research Engineer | | \__/ | \ ---[ zsh$ alias psed='perl -pe ' ]--- | +--> Net::Frame <=> http://search.cpan.org/~gomor/ <---+