processing a packet with Net::Pcap

monkey.d has asked for the wisdom of the Perl Monks concerning the following question:

I have written a simple sniffer program to sniff a packet using Net::Pcap and analyse its contents. But when I try to print the binary packet data, it is printing zero. I used unpack, substr, normal printf methods, but no use. But the packet could be written to a pcap file.
Here is my code:

########################code starts#####################
#!/usr/bin/perl
use Net::Pcap;
use Socket;

my $device = Net::Pcap::lookupdev(\$err);
$ret = Net::Pcap::lookupnet($device, \$network, \$netmask, \$error);
$pcap_1 = Net::Pcap::open_live($device, 2000, 0, 5000, \$open_live_err);

my $dumper = Net::Pcap::dump_open($pcap_1, "capt.pcap");
Net::Pcap::loop($pcap_1, 1, \&process_a_packet, "");
Net::Pcap::dump_close($dumper);
Net::Pcap::close($pcap_1);

sub process_a_packet
{
my ($user_data, $header_ref, $packet) = @_;
print "length of packet =", length($packet), " bytes\n";
$c = substr($packet,1,3);
printf("%b's length = %s \n",$c,length($c));
printf("packet in hex= %b \n", $packet);

Net::Pcap::dump($dumper, $header_ref, $packet);
}
#########################end of code######################

OUTPUT:
length of packet =60 bytes
0's length = 3
packet in hex= 0

Comment on processing a packet with Net::Pcap

Replies are listed 'Best First'.
Re: processing a packet with Net::Pcap by Anonymous Monk on Dec 13, 2010 at 02:27 UTC
See Tutorials: Network Programming:Perl and Net::Pcap sub syn_packets { my ($user_data, $header, $packet) = @_; # Strip ethernet encapsulation of captured packet my $ether_data = NetPacket::Ethernet::strip($packet); # Decode contents of TCP/IP packet contained within # captured ethernet packet my $ip = NetPacket::IP->decode($ether_data); my $tcp = NetPacket::TCP->decode($ip->{'data'}); # Print all out where its coming from and where its # going to! print $ip->{'src_ip'}, ":", $tcp->{'src_port'}, " -> ", $ip->{'dest_ip'}, ":", $tcp->{'dest_port'}, "\n"; } [download]	[reply] [d/l]

Replies are listed 'Best First'.

Re: processing a packet with Net::Pcap
by Anonymous Monk on Dec 13, 2010 at 02:27 UTC

Tutorials

Network Programming

Perl and Net::Pcap

sub syn_packets {
    my ($user_data, $header, $packet) = @_;

    #   Strip ethernet encapsulation of captured packet 

    my $ether_data = NetPacket::Ethernet::strip($packet);

    #   Decode contents of TCP/IP packet contained within 
    #   captured ethernet packet

    my $ip = NetPacket::IP->decode($ether_data);
    my $tcp = NetPacket::TCP->decode($ip->{'data'});

    #   Print all out where its coming from and where its 
    #   going to!

    print
        $ip->{'src_ip'}, ":", $tcp->{'src_port'}, " -> ",
        $ip->{'dest_ip'}, ":", $tcp->{'dest_port'}, "\n";
}
[download]

[reply]
[d/l]