the program is,
Regards..1 #!/usr/bin/perl -w 2 use 5.6.0; # Change to 5.006_000 if using Perl 5.8.0. 3 use strict; 4 5 use constant DNS_PORT => 53; 6 use constant HOWMANY => 100; 7 8 use Net::DNS::Packet; 9 use Net::PcapUtils; 10 use NetPacket::Ethernet qw( :strip ); 11 use NetPacket::IP; 12 use NetPacket::UDP; 13 14 our $num_processed = 0; 15 16 sub got_a_packet { 17 my $handle = shift; 18 my $packet = shift; 19 20 my $ip_datagram = NetPacket::IP->decode( 21 NetPacket::Ethernet::eth_strip( $packet ) ); 22 23 my $udp_datagram = NetPacket::UDP->decode( $ip_datagram->{data} ); 24 25 if ( $udp_datagram->{dest_port} == DNS_PORT ) 26 { 27 my $dns_packet = $udp_datagram->{data}; 28 my $dns_decode = Net::DNS::Packet->new( \$dns_packet ); 29 my @questions = $dns_decode->question; 30 31 foreach my $q ( @questions ) 32 { 33 my $question = $q->string; 34 35 unless ( $question =~ /in-addr\.arpa/ ) 36 { 37 $question =~ /^(.+)\tIN/; 38 39 print "$ip_datagram->{src_ip} -> "; 40 print "$ip_datagram->{dest_ip}: "; 41 print "$1\n"; 42 print $handle "$ip_datagram->{src_ip} -> "; 43 print $handle "$ip_datagram->{dest_ip}: "; 44 print $handle "$1\n"; 45 46 $num_processed++; 47 } 48 } 49 } 50 } 51 52 sub display_results { #calling a ssubroutine 53 my $outof = shift; #no. of packets actually processed in $outof 54 55 print "\nProcessed $num_processed (out of $outof) "; #prints the r +esults 56 print "UDP datagrams carrying DNS.\n\n"; 57 } 58 59 my $count = shift || HOWMANY; # sets the number of packets to proce +ss. If a command line argument isn’t provided, it uses the value of HOWMANY 60 my $rem_count = $count; 61 my $pkt_descriptor = Net::PcapUtils::open( # it places the E +thernet card into promiscuous mode for packet capturing 62 FILTER => ’udp’, #DNS uses UDP as a protocol filter 63 SNAPLEN => 1500 ); # 1500 bytes is the maximum payload size +on Ethernet networks 64 65 if ( !ref( $pkt_descriptor ) ) # $pkt descriptor is reference to + a valid packet capture descriptor 66 { 67 warn "Net::PcapUtils::open returned: $pkt_descriptor\n"; # If it + fails it returns an error message and then exit 68 exit; 69 } 70 71 open WDW_FILE, ">>wdw_log.txt" 72 or die "Could not append to wdw_log.txt: $!\n"; # open the log f +ile in append mode 73 74 print WDW_FILE "\n", scalar localtime, " - wdw BEGIN run.\n\n"; +#timestamp it at the beginning of the run 75 76 while ( $count) #This subroutine waits for a UDP packet then ret +urns two values—a scalar which represents the raw Ethernet packet, wh +ich I store in $packet, and a hash, which is of no nee 77 { 78 my ( $packet, %header ) = Net::PcapUtils::next( $pkt_descriptor ); + #call the Net::PcapUtils::next subroutine with packet capture desc +riptor in $pkt descriptor, saves the UDP packet in $packet 79 got_a_packet( *WDW_FILE, $packet ); #sending the output from got + a packet to this file 80 $count--; 81 } 82 83 print WDW_FILE "\n", scalar localtime, " - wdw END run.\n"; #tim +estamp it at the beginning of the run 84 close WDW_FILE; #closes the file 85 86 display_results( $rem_count ); #prints the initial value of $cou +nt before the while loop started at line 76
In reply to Program Comments by Hir@
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |