in reply to NetPacket IP Problems

Hi Monks,

Made some progress,

The following tcpdump dump file produces output as expected:

IP 192.168.0.10.ssh > 192.168.0.50.50609:
IP 192.168.0.50.50609 > 192.168.0.10.ssh:
IP 192.168.0.50.50609 > 192.168.0.10.ssh:
IP 192.168.0.50.50609 > 192.168.0.10.ssh:

[download]
Output
192.168.0.10:192.168.0.50
192.168.0.10:192.168.0.50
192.168.0.50:192.168.0.10
192.168.0.50:192.168.0.10
192.168.0.50:192.168.0.10

[download]

Also I can capture traffic as expected on local interfaces but not on external ppp0 interface, with the following:
use strict;
use Net::PcapUtils;
use NetPacket::Ethernet qw(:strip);
use NetPacket::IP;

sub process_pkt {
    my ($user, $hdr, $pkt) = @_;

    my $ip_obj = NetPacket::IP->decode(eth_strip($pkt));
    print("$ip_obj->{src_ip}:$ip_obj->{dest_ip} $ip_obj->{proto}\n");
}

Net::PcapUtils::loop(\&process_pkt, FILTER => 'ip', DEV => 'ppp0');

[download]

Both scipts have problems processing ppp0 interface traffic, and produce garrbled output.

Regards,

k_grdn

Replies are listed 'Best First'.
Re^2: NetPacket IP Problems
by NetWallah (Canon) on May 08, 2008 at 23:54 UTC
    Have you tried using Net::Packet::PPP to decode the PPP packet, to get at the encapsulated data ?

    You can then analyze the payload of the PPP packet to get the IP packet.

         "How many times do I have to tell you again and again .. not to be repetitive?"

[reply]
      Thanks NetWallah,

      I will give that a try at first opportunity.

      Regards,

      k_grdn

[reply]

In Section Seekers of Perl Wisdom