#!/usr/bin/perl -w # --------------------------------------------------------- # testapp.pl (v 0.2): captures and dump packets; # based on Loris Degioanni's TestApp program in C # (see the Packet Capture Driver Developer's Pack). # This simple example shows how to capture raw packets # to the network using Win32::NetPacket. # This program is free software; you can redistribute it # and/or modify it under the same terms as Perl itself. # (c) 2003-2006 J-L Morel jlmorel@cpan.org # --------------------------------------------------------- use diagnostics; use strict; use warnings; use Win32::Console::ANSI; use Win32::NetPacket qw/ :ndis GetAdapterNames /; use Term::ReadKey; use NetPacket::Ethernet qw(:strip); use NetPacket::IP qw(:strip); use NetPacket::TCP; use NetPacket::UDP; use NetPacket::ICMP; $|++; use constant SizeOfInt => 4; # for word alignment # select the adapter my %desc; my @adpts = GetAdapterNames( \%desc ); @adpts > 0 or die "No adapter installed !\n"; my $i = 1; if ( @adpts > 1 ) { print "Adapters installed:\n\n"; print $i++, " - $desc{$_}\n $_\n" foreach @adpts; do { print "\nSelect the number of the adapter to open : "; $i = ; chomp $i; } until ( $i =~ /^(\d)+$/ and 0 < $i and $i <= @adpts ); } # open the selected adapter my $nic = Win32::NetPacket->new( adapter_name => $adpts[ $i - 1 ], driver_buffer_size => 512 * 1024, # 512 kbytes kernel buffer read_timeout => 1000, # 1s timeout ) or die $@; $nic->SetHwFilter(NDIS_PACKET_TYPE_PROMISCUOUS); # set nic in promiscuous mode # print infos my ( $name, $description, $type, $speed, $ip, $mask, $mac ) = $nic->GetInfo(); $description ||= $desc{$name}; $ip ||= '?.?.?.?'; $mask ||= '?.?.?.?'; $mac = join '-', unpack 'A2' x 6, $mac; print "Listening $name\n($description)\nMAC: $mac IP: $ip Mask: $mask\n"; print "** press [enter] to terminate\n"; # set user's buffer my $Buff; $nic->SetUserBuffer( $Buff, 128 * 1024 ); # main capture loop my $BytesReceived; while ( !ReadKey(-1) ) { # press (enter) to terminate $BytesReceived = $nic->ReceivePacket(); # capture the packets printPackets(); # print the packets } printf "\n\n%d packets received,\n%d packets lost.\n", $nic->GetStats; # ------ printPackets routine sub printPackets { my $nic = shift; my $offset = 0; while ( $offset < $BytesReceived ) { my ( $tv_sec, $tv_usec, $caplen, $datalen, $hdrlen ) = unpack 'llIIS', substr $Buff, $offset; $offset += $hdrlen; my $data = substr $Buff, $offset, $datalen; # extract the datagram my $i = 0; my $eth_obj = NetPacket::Ethernet->decode($data); print "\nSource Mac: ", $eth_obj->{src_mac},"\n", "Dest. Mac: ", $eth_obj->{dest_mac}; my $ip_obj=NetPacket::IP->decode(eth_strip($data)); print "\nDestination IP: ", $ip_obj->{dest_ip}, "\n"; print "Source IP: ", $ip_obj->{src_ip}, "\n"; if($ip_obj->{proto}==6){ print "Protocol: TCP\n";} elsif($ip_obj->{proto}==1){ print "Protocol: ICMP\n";} elsif($ip_obj->{proto}==17){ print "Protocol: UDP\n";} elsif($ip_obj->{proto}==34){ print "Protocol: 3PC\n";} else{ print "Protocol: $ip_obj->{proto}";} my @iparray; open READINGFILE, "data.txt" or die $!; open LOGFILE, ">>logfile.txt" or die $!; while() { push (@iparray, $_); } close (READINGFILE) or die $!; foreach (@iparray) { chomp; if($ip_obj->{src_ip} eq $_) { print LOGFILE "Google's IP has been found\n"; } } my @portarray; open READINGFILE2, "data2.txt" or die $!; while() { push (@portarray, $_); } close (READINGFILE2) or die $!; my $tcp_obj=NetPacket::TCP->decode(ip_strip(eth_strip($data))); foreach (@portarray) { chomp; if($tcp_obj->{dest_port} eq $_) { print LOGFILE "Port number has been found\n"; } } close (LOGFILE) or die $!; ########### if ($ip_obj->{proto} == 6) {print "TCP\n"; print "Destination Port: ", $tcp_obj->{dest_port}, "\n"; print "Source Port: ", $tcp_obj->{src_port}, "\n"; print "Flags: "; #---------------------Flags if/statement if($tcp_obj->{flags} == 1) {print "FIN\n";} elsif($tcp_obj->{flags} == 2) {print "SYN\n";} elsif($tcp_obj->{flags} == 4) {print "RST\n";} elsif($tcp_obj->{flags} == 8) {print "PSH\n";} elsif($tcp_obj->{flags} == 16) {print "ACK\n";} elsif($tcp_obj->{flags} == 32) {print "URG\n";} elsif($tcp_obj->{flags} == 64) {print "ECE\n";} elsif($tcp_obj->{flags} == 128) {print "CWR\n";} elsif($tcp_obj->{flags} == 24) {print "ACK/PSH\n";} else {print " Undefined\n";} #--------------------End Flags if/statement print "Data: ", $tcp_obj->{data}, "\n";} #-------------------------END TCP PROTOCOL IF STATEMENTS #-------------------------UDP If/statement elsif ($ip_obj->{proto} == 17) { print "UDP\n"; my $udp_obj=NetPacket::UDP->decode(ip_strip(eth_strip($data))); #Decode UDP #---------------------Print To GUI print "Destination Port: ", $udp_obj->{dest_port}, "\n"; print "Source Port: ", $udp_obj->{src_port}, "\n"; print "Data: ", $udp_obj->{data}, "\n";} #--------------------------End UDP elsif ($ip_obj->{proto} == 1) {print "ICMP\n"; my $icmp_obj=NetPacket::ICMP->decode(ip_strip(eth_strip($data))); #Decode ICMP #-----Take out #------------------------------Switch Statement use Switch; switch ($icmp_obj->{code}) { case 0 {print "Echo Reply\n";} case 3 {print "Destination Unreachable\n";} case 5 {print "Redirect\n";} case 8 {print "Echo Request\n";} case 11 {print "Time Exceeded\n";} else {print " Undefined\n";} } }#---------------------END OF ICMP else {print $ip_obj->{proto}, " Undefined\n";} ############### #do same for other protocols # do { # local $, = ' '; # my $lg = substr $data, $i, 16; # printf "%.8X : ", $i; # $i += 16; # print unpack( 'H2' x 16, $lg ), ' ' x ( 16 - length $lg ); #$lg =~ s/[\x00-\x1F\x95\xFF]/./g; # print " $lg\n"; # } until $i >= $datalen; # Packet word alignment $offset = ( ( $offset + $caplen ) + ( SizeOfInt - 1 ) ) & ~( SizeOfInt - 1 ); } } ###########################################################################