chris_henderson has asked for the wisdom of the Perl Monks concerning the following question:

I would like to get the MAC address from my sniffer - compare it with my pre-defined mac address and if the result don't match, I want to send out an email with the MAC address found. I want to run this perl code in background (with &). I'm not sure how to go about doing this. Here is my code: 

#!/bin/perl

use strict;
use warnings;
use sigtrap;
use diagnostics;

my $mac="ff:ff:ff:ff:ff:ff";
my $command = system (`tshark -i eth0 -n port 68 -R 'bootp.type == 2' 
+-o column.format:'"Source MAC","%hs"'`);
if ($command ne $mac) {

        system ('echo "match" | /usr/bin/mail -s "mac_found" user@foo.
+com');
}

[download]

Replies are listed 'Best First'.
Re: get mac addr, compare & send out email
by NetWallah (Canon) on Mar 24, 2009 at 03:04 UTC
    A couple of problems with this approach:
    • The "system" command will not return what you expect (Please RTFM)
    • There seems to be no termination condition for "tshark" - so it appears that the command will never return.
    You may want to use regular shell scripting, rather than perl, if you want this approach.

    More perlish options include using the Net::Pcap modules, or running tcpdump or tshark using open3.

    In case you are interested in the Net::Pcap option, here is some working code you can use as a starting point. Tested under Windows- there is no Windows-specific code, so it should work on all platforms.

    Read more... (26 kB)

         ..to maintain is to slowly feel your soul, sanity and sentience ebb away as you become one with the Evil.

[reply]
[d/l]
Re: get mac addr, compare & send out email
by irah (Pilgrim) on Mar 24, 2009 at 05:10 UTC

    I want to run this perl code in background (with &). I'm not sure how to go about doing this.

    The answer for your question is, Make your program as Daemon. There are modules available in CPAN for this purpose.

    If you are using Linux, try ifconfig -a . But you need root permission for executing this command.

    To get the MAC address on any OS, visit here.

[reply]
Re: get mac addr, compare & send out email
by zentara (Cardinal) on Mar 24, 2009 at 12:32 UTC
    Good question. I'm no expert, but I know that MAC addresses can be easily spoofed by root. You can issue a command to a NIC card, to alter its MAC. It could be done at a sub-second rate too. So your email may not find it's route right. Wicked problem.

    They network guys probably have a way to fight that though. ...oO( me hopes :-( )

    I'm not really a human, but I play one on earth My Petition to the Great Cosmic Conciousness
[reply]

Back to Seekers of Perl Wisdom