Beefy Boxes and Bandwidth Generously Provided by pair Networks
Clear questions and runnable code
get the best and fastest answer
 
PerlMonks  

Packet parsing module in perl

by balakrishnan (Monk)
on Feb 26, 2009 at 16:20 UTC ( #746584=perlquestion: print w/ replies, xml ) Need Help??
balakrishnan has asked for the wisdom of the Perl Monks concerning the following question:

Hi Monks,
I need a module which could able to read the packets from the dump file and parse it layer by layer(i.e: ethernet,ip);
it has to provide me the details in ethernet layer(e.g: packets timestamp).
Any ideas greatly appreciated.

Comment on Packet parsing module in perl
Re: Packet parsing module in perl
by jettero (Monsignor) on Feb 26, 2009 at 16:26 UTC

    Hopefully for you the Net::Pcap stuff can be made to read the dump files, because if it does it'll do everything you want and more.

    -Paul

Re: Packet parsing module in perl
by zentara (Archbishop) on Feb 26, 2009 at 16:38 UTC
    How about a Packet Parsing Package in Perl? Say it three times fast and you become Larry Wall for a day. :-)

    Oh....and before any of you complain that you said it 3 times fast, and didn't turn into Larry Wall, it's becuase you didn't say it fast enough!


    I'm not really a human, but I play one on earth My Petition to the Great Cosmic Conciousness
Re: Packet parsing module in perl
by Anonymous Monk on Feb 26, 2009 at 17:55 UTC
    You have done C programs to do everything related to this already, what is the problem with that C program?. Everything you have already done in C, why do you go for Perl now?.
Re: Packet parsing module in perl
by zwon (Monsignor) on Feb 26, 2009 at 17:58 UTC

    Probably NetPacket is what you need.

    Upd: link fixed

      How do i can extract the packet arrival time from a packet?
        I don't think the actual packets have timestamps -- could be wrong -- but I know the libpcap files do contain them. I think your best bet (as mentioned above) is to use the Net::Pcap library to read the source file and get the timestamps from there. It seems it does have a pcap_open_offline method, which I don't know how to use, that probably reads the file in.

        How to get the actual timestamps from the packets:

        sub process_packet { my($user_data, $header, $packet) = @_; print "time: $header->{tv_sec}\n"; } # The header information is a reference to a hash containing the fol +lowing fields. # # * "len" - the total length of the packet. # * "caplen" - the actual captured length of the packet # * "tv_sec" - seconds value of the packet timestamp. # * "tv_usec" - microseconds value of the packet timestamp.

        -Paul

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: perlquestion [id://746584]
Approved by moritz
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others contemplating the Monastery: (7)
As of 2014-08-29 13:04 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    The best computer themed movie is:











    Results (280 votes), past polls