Anonymous Monk has asked for the wisdom of the Perl Monks concerning the following question:

Hi, I'm a Perl newbie and I have a job to do, but I can't do that! I'm almost crying! =( Please, someone help me? This is my problem: I have a txt file like this Config.txt 
SourceIP = 10.1.1.1
SourceMAC = 00d0047203fc
IPProtocol = 7

[download]
-------------------------------------------- Then I have a PCAP file with information about packets from a network capture. In the script I need to compare the field from txt with the header of all packets and, if some match, show that packet. Now my scrip is something like this: Script.pl 
#!/usr/bin/perl -w

  use strict;
  use warnings;
  use Net::PcapUtils;
  use Net::Pcap;
  use NetPacket::Ethernet qw(:strip);
  use NetPacket::IP;
  #use Config::Reader::Simple;

my $file = "CaptureData.txt";
open FILE, ">$file" or die "unable to open $file $!";

my %config;
open my $config, '<', 'Config.txt' or die $!;


while(<$config>) 
{
    chomp;
    my ($key, $value) = split /\s*=\s*/, $_;
    $config{$key} = $value;
    print FILE "chave: $key -- valor: $value\n";
}


my $err ='';  
my $i = 1;
my $pcap = Net::Pcap::open_offline("capture.pcap", \$err) or die "Can'
+t open file...$err\n";
Net::Pcap::loop($pcap, -1, \&process_pkt, ''); 

Net::Pcap::close($pcap);

sub process_pkt
{     
      my ($user, $hdr, $pkt) = @_;
      my $ip_obj = NetPacket::IP->decode(eth_strip($pkt));
      my $eth_obj = NetPacket::Ethernet->decode($pkt);
      print FILE "$i\n";
      print FILE "SourceIP : $ip_obj->{src_ip}\n";
      print FILE "SourceMAC : $eth_obj->{src_mac}\n";
      print FILE "EthernetType : $eth_obj->{type}\n";
      print FILE "IPProtocol : $ip_obj->{proto}\n";
      print FILE "----------------------------\n";
      $i++;
}

close FILE, ">$file" or die "unable to close $file $!";

[download]
------------------------------------------------------------------------------- Please, I need help!! Regards ...Chocolataria

Replies are listed 'Best First'.
Re: Heelp!! Script ... PCAP file ...
by gman (Friar) on Dec 07, 2009 at 03:05 UTC
    Hello,

    Your code does not run as is, there are errors. A simple add of an if condition is all i believe you are looking for. For testing I removed the writing to the file and printed to screen. I assumed your configuration file will only contain one set of IP constraints. Also removed the $i counter, looks like it should have been a global variable. 

    #!/usr/bin/perl -w

  use strict;
  use warnings;
  use Net::PcapUtils;
  use Net::Pcap;
  use NetPacket::Ethernet qw(:strip);
  use NetPacket::IP;
  #use Config::Reader::Simple;

my $file = "CaptureData.txt";
open FILE, ">$file" or die "unable to open $file $!";

my %config;
open my $config, '<', 'Config.txt' or die $!;

sub process_pkt {
      my ($user, $hdr, $pkt) = @_;
      my $ip_obj = NetPacket::IP->decode(eth_strip($pkt));
      my $eth_obj = NetPacket::Ethernet->decode($pkt);
      if($ip_obj->{src_ip} eq $config{'SourceIP'}) {
          print  "SourceIP : $ip_obj->{src_ip}\n";
          print  "SourceMAC : $eth_obj->{src_mac}\n";
          print  "EthernetType : $eth_obj->{type}\n";
          print  "IPProtocol : $ip_obj->{proto}\n";
          print  "----------------------------\n";
        }
}

while(<$config>)
{
    chomp;
    my ($key, $value) = split /\s*=\s*/, $_;
    $config{$key} = $value;
    print FILE "chave: $key -- valor: $value\n";
}


my $err ='';
my $i = 1;
my $pcap = Net::Pcap::open_offline("capture.pcap", \$err) or die "Can 
+not open file...$err\n";
Net::Pcap::loop($pcap, -1, \&process_pkt, '');

Net::Pcap::close($pcap);


close FILE, ">$file" or die "unable to close $file $!";

    [download]
[reply]
[d/l]
Re: Heelp!! Script ... PCAP file ...
by Anonymous Monk on Dec 06, 2009 at 03:22 UTC
    If you wrote that code, I don't see how you can have a problem to accomplish your task, its just more of the same
[reply]
      My problem is how I compare the values sent from the txt file (now in a hash in the script) with the values from the packets from the PCAP file. For example: in the txt file I write: SourceIP = 10.1.1.1 ------------------ in he script I want to compare that SouceIP value with all SouceIP values from the PCAP file. And, if some packet have that SouceIP, show the header of that packet. Show the header and the information of the packets it's not a problem, the problem is I don't how to compare that fields because I don't now how access to the values in the hash. I hope you understand my question... Thanks a lot, ... Chocolataria
[reply]
        because I don't now how access to the values in the hash. I hope you understand my question... Thanks a lot, ... Chocolataria

        Read perlintro

[reply]

Back to Seekers of Perl Wisdom