in reply to Re^2: Perl Script on Windows Vista
in thread Perl Script on Windows Vista

You need to tell Net::Pcap (respectively Net::PcapUtils) about what device you want to capture packets on. For Windows, that is the (long and hard to type) full name of the device. Look at the output of

use strict;
use Data::Dumper;
use Net::Pcap;

Net::Pcap::findalldevs(\my %devinfo,\my $err);

warn Dumper \%devinfo;

[download]

or install Net::Pcap::FindDevice to conveniently get at devices by assigned IP address or network card name.

Replies are listed 'Best First'.
Re^4: Perl Script on Windows Vista
by burningredmoon (Novice) on Mar 28, 2011 at 22:33 UTC
    I ran the code you gave me and got this 
    C:\Users\Moon\Desktop>perl dumper.pl
$VAR1 = {
          '\\Device\\NPF_{FC37432F-B79C-4FAF-9CAD-3DBF13091840}' => 'M
+S Tunnel I
nterface Driver',
          '\\Device\\NPF_{44FE3F07-BFEB-4F18-9BD8-75D2EF4D1506}' => 'N
+VIDIA nFor
ce MCP Networking Adapter Driver'
        };

    [download]

    Being a software major and not a networking one, I have no clue what that means.

    I have the Net::Pcap and Net::PcapUtils packages installed, Net::Pcap::FindDevice should be included, correct?

[reply]
[d/l]
      Here is a snippet from some code I wrote in 2006 - hopefully this will give you an idea what to do. Note - I have not looked at this since then, and the modules may have changed. 
      my $SNIFF_NIC = q(\Device\NPF_{6098F1AA-BEB5-49D4-8DEC-9B08EE8CE35C});
...
my %pcap_parameters = (
        SNAPLEN => 256,         # Num bytes to capture from packet
    PROMISCUOUS_MODE => 1,  # Operate in promiscuous mode?
        TIMEOUT => 1000,        # Read timeout (ms)
        NUMPACKETS => 0,       # Pkts to read (-1 = loop forever)
        FILTER => '(ip proto \icmp) or dst port 80 or 135 or 139 or 44
+5 or 3127 or 4444',   # Filter string
    USERDATA => '',         # Passed as first arg to callback fn
    SAVEFILE => '',         # Default save file

        # Items below are RETURNED values from PCap calls.
        # Do not attempt to change them in the declaration.

        FILTER_HANDLE => 0,     # Reference to compiled filter
        NETWORK_INTERFACE => '',# Network interface to open
        NETWORK_ADDR =>0,       # Network Address (32 bit number)
        NETWORK_MASK =>0,       # Mask (32-bit number)
    mode => '',             # Internal variable
        );

.....
  $pcap_parameters{NETWORK_INTERFACE} = $SNIFF_NIC;
    ### Net::Pcap::lookupdev(\$err) or die "No Network device found:$e
+rr\n";
  if ($verbose){
    print "Requested device \t[$pcap_parameters{NETWORK_INTERFACE}]\n"
+;
    my $dev = Net::Pcap::lookupdev(\$err) 
            or die "Net::Pcap::lookupdev failed. Error was :$err;\n"; 
        print "Default device:$dev\n;";
    my ($error, %description);
       print $error if defined $error;
  }
  $result = Net::Pcap::lookupnet($pcap_parameters{NETWORK_INTERFACE},
              \$pcap_parameters{NETWORK_ADDR},
              \$pcap_parameters{NETWORK_MASK}, \$err);
  $verbose and print "Found Net \tnet " . NetPacket::IP::to_dotquad($p
+cap_parameters{NETWORK_ADDR}) .
        "  mask " . NetPacket::IP::to_dotquad($pcap_parameters{NETWORK
+_MASK}) . "\n";
....
# Signal handler
$SIG{INT} = 'KeyboardInput';
my $count = 0;
Net::Pcap::loop($pcap_desc, $pcap_parameters{NUMPACKETS}, \&process_pk
+t, "abc");
Net::Pcap::close($pcap_desc);

      [download]
      Yes - this was for a Windows (probably Win2003) system.

           Syntactic sugar causes cancer of the semicolon.        --Alan Perlis

[reply]
[d/l]

      You need to be neither a "software" nor a "networking" major to read the Net::Pcap and Net::PcapUtils documentation, and to try out which of these (four) elements to pass as the device identifier to Net::Pcap. My guess is that you will need to pass the \\Device\... as the identifierr.

      Perl packages bear no hierarchy except coincidential hierarchy. Net::Pcap does not include Net::Pcap::FindDevice, as you can find by following the links I gave you.

[reply]
[d/l]

In Section Seekers of Perl Wisdom