Re^2: Perl Script on Windows Vista

Replies are listed 'Best First'.
Re^3: Perl Script on Windows Vista by Corion (Patriarch) on Mar 28, 2011 at 21:43 UTC
You need to tell Net::Pcap (respectively Net::PcapUtils) about what device you want to capture packets on. For Windows, that is the (long and hard to type) full name of the device. Look at the output of `use strict; use Data::Dumper; use Net::Pcap; Net::Pcap::findalldevs(\my %devinfo,\my $err); warn Dumper \%devinfo;` [download] or install Net::Pcap::FindDevice to conveniently get at devices by assigned IP address or network card name.	[reply] [d/l]
Re^4: Perl Script on Windows Vista by burningredmoon (Novice) on Mar 28, 2011 at 22:33 UTC
I ran the code you gave me and got this `C:\Users\Moon\Desktop>perl dumper.pl $VAR1 = { '\\Device\\NPF_{FC37432F-B79C-4FAF-9CAD-3DBF13091840}' => 'M +S Tunnel I nterface Driver', '\\Device\\NPF_{44FE3F07-BFEB-4F18-9BD8-75D2EF4D1506}' => 'N +VIDIA nFor ce MCP Networking Adapter Driver' };` [download] Being a software major and not a networking one, I have no clue what that means. I have the Net::Pcap and Net::PcapUtils packages installed, Net::Pcap::FindDevice should be included, correct?	[reply] [d/l]
Re^5: Perl Script on Windows Vista by NetWallah (Canon) on Mar 29, 2011 at 04:33 UTC
Here is a snippet from some code I wrote in 2006 - hopefully this will give you an idea what to do. Note - I have not looked at this since then, and the modules may have changed. my $SNIFF_NIC = q(\Device\NPF_{6098F1AA-BEB5-49D4-8DEC-9B08EE8CE35C}); ... my %pcap_parameters = ( SNAPLEN => 256, # Num bytes to capture from packet PROMISCUOUS_MODE => 1, # Operate in promiscuous mode? TIMEOUT => 1000, # Read timeout (ms) NUMPACKETS => 0, # Pkts to read (-1 = loop forever) FILTER => '(ip proto \icmp) or dst port 80 or 135 or 139 or 44 +5 or 3127 or 4444', # Filter string USERDATA => '', # Passed as first arg to callback fn SAVEFILE => '', # Default save file # Items below are RETURNED values from PCap calls. # Do not attempt to change them in the declaration. FILTER_HANDLE => 0, # Reference to compiled filter NETWORK_INTERFACE => '',# Network interface to open NETWORK_ADDR =>0, # Network Address (32 bit number) NETWORK_MASK =>0, # Mask (32-bit number) mode => '', # Internal variable ); ..... $pcap_parameters{NETWORK_INTERFACE} = $SNIFF_NIC; ### Net::Pcap::lookupdev(\$err) or die "No Network device found:$e +rr\n"; if ($verbose){ print "Requested device \t[$pcap_parameters{NETWORK_INTERFACE}]\n" +; my $dev = Net::Pcap::lookupdev(\$err) or die "Net::Pcap::lookupdev failed. Error was :$err;\n"; print "Default device:$dev\n;"; my ($error, %description); print $error if defined $error; } $result = Net::Pcap::lookupnet($pcap_parameters{NETWORK_INTERFACE}, \$pcap_parameters{NETWORK_ADDR}, \$pcap_parameters{NETWORK_MASK}, \$err); $verbose and print "Found Net \tnet " . NetPacket::IP::to_dotquad($p +cap_parameters{NETWORK_ADDR}) . " mask " . NetPacket::IP::to_dotquad($pcap_parameters{NETWORK +_MASK}) . "\n"; .... # Signal handler $SIG{INT} = 'KeyboardInput'; my $count = 0; Net::Pcap::loop($pcap_desc, $pcap_parameters{NUMPACKETS}, \&process_pk +t, "abc"); Net::Pcap::close($pcap_desc); [download] Yes - this was for a Windows (probably Win2003) system. Syntactic sugar causes cancer of the semicolon. --Alan Perlis	[reply] [d/l]
Re^5: Perl Script on Windows Vista by Corion (Patriarch) on Mar 29, 2011 at 06:48 UTC
You need to be neither a "software" nor a "networking" major to read the Net::Pcap and Net::PcapUtils documentation, and to try out which of these (four) elements to pass as the device identifier to Net::Pcap. My guess is that you will need to pass the `\\Device\...` as the identifierr. Perl packages bear no hierarchy except coincidential hierarchy. Net::Pcap does not include Net::Pcap::FindDevice, as you can find by following the links I gave you.	[reply] [d/l]