wildnature has asked for the wisdom of the Perl Monks concerning the following question:
Hi, my task is to analyze packets in pcap files , reconstruct tcp streams and save the streams to pcap files. My codes are here:
my $fParse = "$dirCapture"."r.pcap"; # open an existing pcap file to analyze my $pktParse = Net::Frame::Dump::Offline->new(file => $fParse, keepTim +estamp => 1); $pktParse->start; my $count = 0; while (my $h = $pktParse->next) { # get each packet in the file my $frmSimple = Net::Frame::Simple->new( raw => $h->{raw}, firstLayer => $h->{firstLayer}, timestamp => $h->{timestamp}, ); my $len = length($h->{raw}); #-----------> until here $len is correct # write this packet to pcap file my $w = Net::Frame::Dump::Writer->new( file => "$dirMerge"."rrr.pcap", firstLayer => 'ETH', overwrite => 1); $w->start; $w->write({ timestamp => $h->{'timestamp'}, raw => $h->{'raw'} }); # --------> but after here, packet length in new writing file is not + correct, it's only 1500 bytes, while the correct one is 1514 $w->stop; $count++; } $pktParse->stop;
My question is:
1. does Net::Frame::Dump::Writer has length restrict when writing a packet into pcap file? if so, can I change it?
2.Net::Frame::Dump::Writer has attributes of 'overwrite', it allows us to overwrite an existing file. but I want to write multiple packets into a pcap file at one time. But I failed when using this module, does anyone know how to make it?
|
|---|
| Replies are listed 'Best First'. | |
|---|---|
|
Re: what's wrong with my code with Net::Frame::Dump::Writer?
by Anonymous Monk on Jan 18, 2011 at 08:20 UTC |