Bad name after noimport' at test.pl line 314
Part of the code I'm using is from my professor where other pieces are from online sources. A bit on a frankenstein if you will. I think that's my problem, some where in my code something needs to be changed or a library needs to be added but at this point I can't figure it out on my own.
The code worked fine, capturing packets and printing them in cmd and into my file just fine. But when I tried to add the rules.txt element to it, it starting giving me the error. I want to compare the line (IP) from the rules.txt file to the IPs I get from the packet capture. And if one matches my IP stored in the rules file, it should log the contents of that packet to a logfile.txt.
I am learning perl basically on my own as this is not taught in the class itself but is used to teach us how IDSs work. So please excuse me for any obvious mistake I didn't see. And thank you in advance.
PS In preview my readmore tags don't seem to be working? UPDATE OH! they work!
#!/usr/bin/perl -w # --------------------------------------------------------- # testapp.pl (v 0.2): captures and dump packets; # based on Loris Degioanni's TestApp program in C # (see the Packet Capture Driver Developer's Pack). # This simple example shows how to capture raw packets # to the network using Win32::NetPacket. # This program is free software; you can redistribute it # and/or modify it under the same terms as Perl itself. # (c) 2003-2006 J-L Morel jlmorel@cpan.org # --------------------------------------------------------- use warnings; use strict; use Win32::Console::ANSI; use Win32::NetPacket qw/ :ndis GetAdapterNames /; use Term::ReadKey; use NetPacket::Ethernet qw(:strip); use NetPacket::IP qw(:strip); use NetPacket::TCP; use NetPacket::UDP; use NetPacket::ICMP; $|++; use constant SizeOfInt => 4; # for word alignment # select the adapter my %desc; my @adpts = GetAdapterNames( \%desc ); @adpts > 0 or die "No adapter installed !\n"; my $i = 1; if ( @adpts > 1 ) { print "Adapters installed:\n\n"; print $i++, " - $desc{$_}\n $_\n" foreach @adpts; do { print "\nSelect the number of the adapter to open : "; $i = <STDIN>; chomp $i; } until ( $i =~ /^(\d)+$/ and 0 < $i and $i <= @adpts ); } # open the selected adapter my $nic = Win32::NetPacket->new( adapter_name => $adpts[ $i - 1 ], driver_buffer_size => 512 * 1024, # 512 kbytes kernel buffer read_timeout => 1000, # 1s timeout ) or die $@; $nic->SetHwFilter(NDIS_PACKET_TYPE_PROMISCUOUS); # set nic in promiscu +ous mode # print infos my ( $name, $description, $type, $speed, $ip, $mask, $mac ) = $nic->Ge +tInfo(); $description ||= $desc{$name}; $ip ||= '?.?.?.?'; $mask ||= '?.?.?.?'; $mac = join '-', unpack 'A2' x 6, $mac; print "Listening $name\n($description)\nMAC: $mac IP: $ip Mask: $mask\ +n"; print "** press [enter] to terminate\n"; # set user's buffer my $Buff; $nic->SetUserBuffer( $Buff, 128 * 1024 ); # main capture loop my $BytesReceived; while ( !ReadKey(-1) ) { # press (enter) to terminate $BytesReceived = $nic->ReceivePacket(); # capture the packets printPackets(); # print the packets } printf "\n\n%d packets received,\n%d packets lost.\n", $nic->GetStats; # ------ printPackets routine sub printPackets { my $nic = shift; my $offset = 0; while ( $offset < $BytesReceived ) { my ( $tv_sec, $tv_usec, $caplen, $datalen, $hdrlen ) = unpack 'llI +IS', substr $Buff, $offset; $offset += $hdrlen; my $data = substr $Buff, $offset, $datalen; # extract the datag +ram my $i = 0; my $eth_obj = NetPacket::Ethernet->decode($data); print "\nSource Mac: ", $eth_obj->{src_mac},"\n", "Dest. Mac: ", $ +eth_obj->{dest_mac}; my $ip_obj=NetPacket::IP->decode(eth_strip($data)); print "\nDestination IP: ", $ip_obj->{dest_ip}, "\n"; print "Source IP: ", $ip_obj->{src_ip}, "\n"; if($ip_obj->{proto}==6){ print "Protocol: TCP\n";} elsif($ip_obj->{proto}==1){ print "Protocol: ICMP\n";} elsif($ip_obj->{proto}==17){ print "Protocol: UDP\n";} elsif($ip_obj->{proto}==34){ print "Protocol: 3PC\n";} else{ print "Protocol: $ip_obj->{proto}";} ########### if ($ip_obj->{proto} == 6) {print "TCP\n"; my $tcp_obj=NetPacket::TCP->decode(ip_strip(eth_strip($data))); print "Destination Port: ", $tcp_obj->{dest_port}, "\n"; print "Source Port: ", $tcp_obj->{src_port}, "\n"; print "Flags: "; #---------------------Flags if/statement if($tcp_obj->{flags} == 1) {print "FIN\n";} elsif($tcp_obj->{flags} == 2) {print "SYN\n";} elsif($tcp_obj->{flags} == 4) {print "RST\n";} elsif($tcp_obj->{flags} == 8) {print "PSH\n";} elsif($tcp_obj->{flags} == 16) {print "ACK\n";} elsif($tcp_obj->{flags} == 32) {print "URG\n";} elsif($tcp_obj->{flags} == 64) {print "ECE\n";} elsif($tcp_obj->{flags} == 128) {print "CWR\n";} elsif($tcp_obj->{flags} == 24) {print "ACK/PSH\n";} else {print " Undefined\n";} #--------------------End Flags if/statement print "Data: ", $tcp_obj->{data}, "\n";} #-------------------------END TCP PROTOCOL IF STATEMENTS #-------------------------UDP If/statement elsif ($ip_obj->{proto} == 17) { print "UDP\n"; my $udp_obj=NetPacket::UDP->decode(ip_strip(eth_strip($data))); + #Decode UDP #---------------------Print To GUI print "Destination Port: ", $udp_obj->{dest_port}, "\n"; print "Source Port: ", $udp_obj->{src_port}, "\n"; print "Data: ", $udp_obj->{data}, "\n";} #--------------------------End UDP elsif ($ip_obj->{proto} == 1) {print "ICMP\n"; my $icmp_obj=NetPacket::ICMP->decode(ip_strip(eth_strip($data))); + #Decode ICMP #-----Take out #------------------------------Switch Statement use Switch; switch ($icmp_obj->{code}) { case 0 {print "Echo Reply\n";} case 3 {print "Destination Unreachable\n";} case 5 {print "Redirect\n";} case 8 {print "Echo Request\n";} case 11 {print "Time Exceeded\n";} else {print " Undefined\n";} } }#---------------------END OF ICMP else {print $ip_obj->{proto}, " Undefined\n";} #### open rules file here. ##code just added starts here but the content of the if statement was +there before and it printed fine. ##i believe my problem is with the eq or opening the file...? open (FH, '<, "rules.txt"); my @data = <FH>; close FH; foreach my $value (@data) { chomp ($value); my ($SrcOrDest, $name, $value = split(/,/ ,$value); #insert compare code here open LOGFILE, ">>logfile.txt" or die $!; #print timestamp? #print LOGFILE "Timestamp: "; #print LOGFILE ×tamp(); #if equal then if ($ip_obj->{src_ip} eq $value) { ####print with details print LOGFILE "\nSource Mac: ", $eth_obj->{src_mac},"\n", "Des +t. Mac: ", $eth_obj->{dest_mac}; print LOGFILE "\nDestination IP: ", $ip_obj->{dest_ip}, "\n"; print LOGFILE "Source IP: ", $ip_obj->{src_ip}, "\n"; if($ip_obj->{proto}==6){ print LOGFILE "Protocol: TCP\n";} elsif($ip_obj->{proto}==1){ print LOGFILE "Protocol: ICMP\n";} elsif($ip_obj->{proto}==17){ print LOGFILE "Protocol: UDP\n";} elsif($ip_obj->{proto}==34){ print LOGFILE "Protocol: 3PC\n";} else{ print LOGFILE "Protocol: $ip_obj->{proto}";} ########### if ($ip_obj->{proto} == 6) {print LOGFILE "TCP\n"; my $tcp_obj=NetPacket::TCP->decode(ip_strip(eth_strip($data +))); print LOGFILE "Destination Port: ", $tcp_obj->{dest_port}, +"\n"; print LOGFILE "Source Port: ", $tcp_obj->{src_port}, "\n +"; print LOGFILE "Flags: "; #---------------------Flags if/statement if($tcp_obj->{flags} == 1) {print LOGFILE "FIN\n";} elsif($tcp_obj->{flags} == 2) {print LOGFILE "SYN\n";} elsif($tcp_obj->{flags} == 4) {print LOGFILE "RST\n";} elsif($tcp_obj->{flags} == 8) {print LOGFILE "PSH\n";} elsif($tcp_obj->{flags} == 16) {print LOGFILE "ACK\n";} elsif($tcp_obj->{flags} == 32) {print LOGFILE "URG\n";} elsif($tcp_obj->{flags} == 64) {print LOGFILE "ECE\n";} elsif($tcp_obj->{flags} == 128) {print LOGFILE "CWR\n";} elsif($tcp_obj->{flags} == 24) {print LOGFILE "ACK/PSH\n";} else {print LOGFILE " Undefined\n";} #--------------------End Flags if/statement print LOGFILE "Data: ", $tcp_obj->{data}, "\n";} #-------------------------END TCP PROTOCOL IF STATEMENTS #-------------------------UDP If/statement elsif ($ip_obj->{proto} == 17) { print LOGFILE "UDP\n"; my $udp_obj=NetPacket::UDP->decode(ip_strip(eth_strip($data +))); #Decode UDP #---------------------Print To GUI print LOGFILE "Destination Port: ", $udp_obj->{dest_port} +, "\n"; print LOGFILE "Source Port: ", $udp_obj->{src_port}, "\n" +; print LOGFILE "Data: ", $udp_obj->{data}, "\n";} #--------------------------End UDP elsif ($ip_obj->{proto} == 1) {print LOGFILE "ICMP\n"; my $icmp_obj=NetPacket::ICMP->decode(ip_strip(eth_strip($data +))); #Decode ICMP #-----Take out #------------------------------Switch Statement use Switch; switch ($icmp_obj->{code}) { case 0 {print LOGFILE "Echo Reply\n";} case 3 {print LOGFILE "Destination Unreach +able\n";} case 5 {print LOGFILE "Redirect\n";} case 8 {print LOGFILE "Echo Request\n";} case 11 {print LOGFILE "Time Exceeded\n";} else {print LOGFILE " Undefined\n";} } }#---------------------END OF ICMP else {print LOGFILE $ip_obj->{proto}, " Undefined\n";} } #else{ #print no matches found print LOGFILE "No matches found.";} ##### }#end foreach ############### #do same for other protocols # Packet word alignment $offset = ( ( $offset + $caplen ) + ( SizeOfInt - 1 ) ) & ~( SizeOfInt - + 1 ); } } ###################################################################### +#####
In reply to Bad name after noimport error by burningredmoon
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |