explore tcp/ip stack

sveni has asked for the wisdom of the Perl Monks concerning the following question:

Replies are listed 'Best First'.
Re: explore tcp/ip stack by Perlbotics (Archbishop) on Jun 15, 2009 at 20:56 UTC
I guess, by stack, you mean protocol-stack? What platform, BTW (I assume *nix for a while)? There's a loose coupling between TCP port-number and the underlying protocol, like documented here. But to be sure, you need to inspect some incoming/outgoing PDUs. pcap might come handy or wireshark. Digging deeper, your Perl program could analyse the output of tshark (-n -V -S -l) for example. Here's a sample of `tshark -n -V -S -l \| perl -ne 'print if /^\S/'` [download] `... Frame 82 (66 bytes on wire, 66 bytes captured) Ethernet II, Src: 01:16:XX:XX:XX:a4 (01:16:XX:XX:XX:a9), Dst: 00:XX:XX +:XX:d5:e6 (00:XX:XX:XX:d5:e6) Internet Protocol, Src: 192.168.XX.XXX (192.168.XX.XXX), Dst: 166.XX.X +X.XX (166.XX.XX.XX) Transmission Control Protocol, Src Port: 46289 (46289), Dst Port: 80 ( +80), Seq: 592, Ack: 176, Len: 0 ...` [download] Looks like something, that can be converted into a stack...(some parts anonymised by using XX). HTH	[reply] [d/l] [select]
Re: explore tcp/ip stack by Anonymous Monk on Jun 15, 2009 at 20:02 UTC
What do you mean by stack?	[reply]
Re^2: explore tcp/ip stack by sveni (Initiate) on Jun 15, 2009 at 20:28 UTC
if you have a tcp/ip connection, each protocol in each layer adds his data to the packet, that the opponent will receive. and this data also contains the data of the protocol in the underlying layer. for example: (http(tcp(ip4(ethernet)))) and this is called the tcp/ip-stack here	[reply]
Re^3: explore tcp/ip stack by Corion (Patriarch) on Jun 15, 2009 at 20:43 UTC
I'm still unclear what you mean by "explore", but maybe Net::Pcap is what you're looking for. Also, the sequence of parentheses in your explanation seems weird, because I imagine the order exactly the other way around: `((((http)tcp)ip4)ethernet)` [download] ... because Ethernet frames enclose IP4 frames, which enclose TCP packets which enclose (fragments of) HTTP transactions. Update: Also see NetPacket for the actual (dis)assembly of packets.	[reply] [d/l]
Re^4: explore tcp/ip stack by ikegami (Patriarch) on Jun 16, 2009 at 02:38 UTC
Re^4: explore tcp/ip stack by sveni (Initiate) on Jun 15, 2009 at 20:52 UTC
Re: explore tcp/ip stack by Khen1950fx (Canon) on Jun 17, 2009 at 00:27 UTC
And yet another way. You can capture an incoming connection via tcpdump and write it to file. Then use can use Net::TcpDumpLog to read the tcpdumplog. It'll return some raw packet data in Ethernet/IP/TCP form usually. I took the two examples provided by Brenden Gregg and put them together. If you don't have a tcpdumplog, then use the one provided in the source. You will need to put this script and the tcpdumplog in the same directory for it to work. #!/usr/bin/perl # # example01.pl - Example of Net::TcpDumpLog. Prints out frame arrival +times. # # 11-Oct-2003 Brendan Gregg Created this use Net::TcpDumpLog; $log = Net::TcpDumpLog->new(32); $log->read("tcpdumplog"); $count = $log->maxindex + 1; @Indexes = $log->indexes; print "Log version : ",$log->version,"\n"; print "Linktype : ",$log->linktype,"\n"; print "Packet count: $count\n\n"; printf "%5s %25s %7s %5s %s\n","Frame","Arrival time","+ MSecs","Dr +ops", "Length"; foreach $index (@Indexes) { ($length_orig,$length_incl,$drops,$secs,$msecs) = $log->header($in +dex); $data = $log->data($index); $time = localtime($secs); $msecs = $msecs / 1000000; $length = length($data); printf "%5d %25s %7.5f %5d %d\n",$index,$time,$msecs,$drops,$le +ngth; } # example02.pl - Example of Net::TcpDumpLog. Prints out ethernet heade +rs. # 11-Oct-2003 Brendan Gregg Created this $log->read("tcpdumplog"); @Indexes = $log->indexes; printf "%5s %12s %12s %4s %s\n","Frame","Source","Dest","Type"," +Length"; foreach $index (@Indexes) { $data = $log->data($index); ### Process Ethernet header ($ether_dest,$ether_src,$ether_type,$ether_data) = unpack('H12H12H4a*',$data); $length = length($ether_data); printf "%5d %12s -> %12s %4s %s\n",$index,$ether_src,$ether_des +t, $ether_type,$length; } [download]	[reply] [d/l]