Re^15: p0fq.pl and pack

Replies are listed 'Best First'.
Re^16: p0fq.pl and pack by macli (Beadle) on Feb 26, 2007 at 02:34 UTC
I used the wrong method of Net::IP, the hexip did it. now it works except a little problem `print "Genre : " . $data->{genre} . "\n"; print "Details : " . $data->{detail} . "\n"; print "Distance : " . $data->{dist} . " hops\n"; print "Link : " . $data->{link} . "\n"; print "Uptime : " . $data->{uptime} . " hrs\n";` [download] print out: `Genre : ARRAY(0x101127d4) Details : ARRAY(0x103826d8) Distance : 0 hops Link : ARRAY(0x1016a60c) Uptime : 4431 hrs` [download] print Dumper($data) : $VAR1 = {'link' => [101,116,104,101,114,110,101,116,47,109,111,100,101 +,109,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],'magic' => 233811181,'nat' => 0 +,'score' => -100,'dist' => 0,'genre' => [76,105,110,117,120,0,0,0,0,0 +,0,0,0,0,0,0,0,0,0,0],'fw' => 0,'detail' => [50,46,54,44,32,115,101,1 +08,100,111,109,32,50,46,52,32,40,111,108,100,101,114,44,32,52,41,0,0, +0,0,0,0,0,0,0,0,0,0,0,0],'tos' => [104,105,103,104,32,116,104,114,111 +,117,103,104,112,117,116,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0],'uptime' => 4 +431,'id' => 305419896,'type' => 0,'mflags' => 0,'real' => 1} [download] What is the correct way to print out those information? `print "Genre : " . @$data->{genre} . "\n";` [download] does not help	[reply] [d/l] [select]
Re^17: p0fq.pl and pack by ikegami (Patriarch) on Feb 26, 2007 at 03:11 UTC
There's no such thing as a string in C. Strings are just arrays of characters treated specially. So that means you need to convert the array of chars into a string yourself. `foreach (qw( genre detail link tos )) { $data->{$_} = pack('c', $data->{$_}); $data->{$_} =~ s/\x00.//; }` [download] Better yet, you can tell Concert::Binary::C whether a certain field should be treated as a string or as an array. `$c->tag('p0f_response.genre', Format => 'String'); $c->tag('p0f_response.detail', Format => 'String'); $c->tag('p0f_response.link', Format => 'String'); $c->tag('p0f_response.tos', Format => 'String');` [download]	[reply] [d/l] [select]
Re^18: p0fq.pl and pack by macli (Beadle) on Feb 26, 2007 at 04:22 UTC
$c->tag did it, thanks :) it is quite annoying, that the script only works on Mac running Yellow Dog Linux, not on PC or my another OS X machine, the hex dump is like this: src ip:0xc0a80101 dst ip:0xc0a80102 query: 0x0000 : ED AC EF 0D 01 00 00 00 78 56 34 12 01 01 A8 C0 : ........x +V4..... 0x0010 : 02 01 A8 C0 00 00 BB 01 : ........ response: 0x0000 : ED AC EF 0D 78 56 34 12 02 00 00 00 00 00 00 00 : ....xV4.. +....... 0x0010 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ......... +....... 0x0020 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ......... +....... 0x0030 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ......... +....... 0x0040 : 00 00 00 00 00 FF 00 00 00 00 00 00 00 00 00 00 : ......... +....... 0x0050 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ......... +....... 0x0060 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ......... +....... 0x0070 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ......... +....... 0x0080 : 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 : ......... +....... This connection is not (no longer?) in the cache. [download] The pack did pack src, dst ip into query , but response always says no connection, I did adjust the bigendian to little endian on PC. Is Perl really not good at this low level packet handling things?	[reply] [d/l]
Re^19: p0fq.pl and pack by ikegami (Patriarch) on Feb 26, 2007 at 19:41 UTC
Re^20: p0fq.pl and pack by macli (Beadle) on Feb 28, 2007 at 05:38 UTC