qwconst has asked for the wisdom of the Perl Monks concerning the following question:
The sample output is:my $oDump = Net::Frame::Dump::Offline->new( file => $pcapfile, filter => 'udp src port 53', ); $oDump->start; my $count = 0; while (my $h = $oDump->next) { my $f = Net::Frame::Simple->new( raw => $h->{raw}, firstLayer => $h->{firstLayer}, timestamp => $h->{timestamp}, ); my $len = length($h->{raw}); print 'o Frame number: '.$count++." (length: $len)\n"; print $f->print."\n"; print $f->firstLayer."\n"; }
o Frame number: 0 (length: 79) Layer::ETH: dst:00:0f:1f:64:56:c2 src:00:01:d7:49:51:84 type:0x0800 Layer::IPv4: version:4 hlen:5 tos:0x00 length:65 id:39664 Layer::IPv4: flags:0x02 offset:0 ttl:255 protocol:0x11 checksum:0x +ec67 Layer::IPv4: src:x dst:x Layer::UDP: src:53802 dst:53 length:45 checksum:0x1512 Padding: fb7a01000001000000000000037777770b73746174636f756e74657203636 +f6d0000010001 o Frame number: 1 (length: 95) Layer::ETH: dst:00:0f:1f:64:56:c2 src:00:01:d7:49:51:84 type:0x0800 Layer::IPv4: version:4 hlen:5 tos:0x00 length:81 id:39668 Layer::IPv4: flags:0x02 offset:0 ttl:255 protocol:0x11 checksum:0x +381e Layer::IPv4: src:x dst:x Layer::UDP: src:11463 dst:53 length:61 checksum:0xb410 Padding: fc8c010000010000000000000870726f78792d736e08636f6e74616374730 +36d736e03636f6d056e73617463036e65740000010001 o Frame number: 2 (length: 75) Layer::ETH: dst:00:0f:1f:64:56:c2 src:00:01:d7:49:51:84 type:0x0800 Layer::IPv4: version:4 hlen:5 tos:0x00 length:61 id:39672 Layer::IPv4: flags:0x02 offset:0 ttl:255 protocol:0x11 checksum:0x +29d5 Layer::IPv4: src:x dst:x Layer::UDP: src:42067 dst:53 length:41 checksum:0xe66e Padding: 506701000001000000000000036164340473696e6103636f6d02636e00000 +10001
My question is, how do I get the payload of the UDP layer (or any layer after firstLayer)? I want to use Net::Frame::Layer::IPv4, Net::Frame::Layer::TCP and so on to process the layers.
|
|---|
| Replies are listed 'Best First'. | |
|---|---|
|
Re: Parsing packets using Net::Frame
by Illuminatus (Curate) on Jul 15, 2011 at 02:07 UTC | |
|
Re: Parsing packets using Net::Frame
by qwconst (Initiate) on Jul 15, 2011 at 01:59 UTC |