Re: TCP States ( NetPacket::TCP module )

The $tcp_obj->{flags} value will give you the setting of the TCP flags. The state of a TCP connection cannot be determined reliably from a single packet though, you have to track the session to find out in which state it currently is.

Debugging is twice as hard as writing the code in the first place. Therefore, if you write the code as cleverly as possible, you are, by definition, not smart enough to debug it. -- Brian W. Kernighan

Comment on Re: TCP States ( NetPacket::TCP module ) Download Code

Replies are listed 'Best First'.
Re^2: TCP States ( NetPacket::TCP module ) by swaroop (Beadle) on Dec 19, 2005 at 07:16 UTC
Thanks for the reply. I have tried to print the value of $tcp_obj->{falgs}. Its giving me 0. Do you know any procedure to parse the flags?	[reply]
Re^3: TCP States ( NetPacket::TCP module ) by tirwhan (Abbot) on Dec 19, 2005 at 09:15 UTC
You can binary AND them with the constants provided by the module to test for a single flag. The following will give you a comma-separated list of flags for a single packet. `my %tcp_flags=(FIN => FIN, SYN => SYN, RST => RST, PSH => PSH, ACK => ACK, URG => URG, ECE => ECE, CWR => CWR); my $cur_flags=$tcp_obj->{flags}; my @set_flags = grep { $cur_flags & $tcp_flags{$_} } keys %tcp_flags; print join(",",@set_flags)."\n";` [download] Debugging is twice as hard as writing the code in the first place. Therefore, if you write the code as cleverly as possible, you are, by definition, not smart enough to debug it. -- Brian W. Kernighan	[reply] [d/l]
Re^4: TCP States ( NetPacket::TCP module ) by swaroop (Beadle) on Dec 26, 2005 at 03:23 UTC
Thanks, its working fine.	[reply]
Re^3: TCP States ( NetPacket::TCP module ) by gu (Beadle) on Dec 19, 2005 at 07:56 UTC
If you really wrote $tcp_obj->{falgs}, an error is normal, because you should write $tcp_obj->{flags}. The value you intend to print is as in the packet, in binary form, so you must use binary operators to scan each flag. The example given in the documentation reads : `# set the syn flag $tcp_obj->{flags} \|= SYN;` [download] NetPacket::TCP exports the different flags, so you can use them as above. You should consider reading about binary operators. Hope this helps. Gu	[reply] [d/l]