in reply to Re^2: p0fq.pl and pack?
in thread p0fq.pl and pack?

but I got "Bad response magic." error.

What are the bytes of $response?

I don't understand what "$score -= 65536 if $score > 32767;" means

There is no code for "A signed short in 'VAX' (little-endian) order.", so I extracted an unsigned short, and that converts it to a signed short.

Replies are listed 'Best First'.
Re^4:p0fq.pl and pack
by macli (Beadle) on Feb 20, 2007 at 03:40 UTC
    I add
    print join(" ", map { sprintf "%#02x", $_ } unpack("C*",$response)), "
+\n";

    [download]
    it print out bytes like

    0xd 0xef 0xac 0xed 0x78 0x56 0x34 0x12 0x1 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

[reply]
[d/l]
      ... = unpack ("N V ...", $response);

      [download]

      I don't see how "L L ..." would have worked on the PC (or any machine).

[reply]
[d/l]
[select]
        It does work on my PC running Fedora Core 3

        p0f -Q /var/run/p0f.sock -0 'dst port 443' >> /dev/null &

        ./p0fq.pl /var/run/p0f.sock src_host 0 dst_host 443

        I get:

        Genre: Linux
        Detailes: 2.6, seldom 2.4 (older, 4)
        Distance: 0 hops
        Link: ethernet/modem
        Uptime: 207 hrs

[reply]
Re^4: p0fq.pl and pack?
by macli (Beadle) on Feb 20, 2007 at 03:12 UTC
    Please pardon my ignorant :)
    How can I print out the bytes of $response?
    print $response gives me garbled strings
[reply]

In Section Seekers of Perl Wisdom