Beefy Boxes and Bandwidth Generously Provided by pair Networks
good chemistry is complicated,
and a little bit messy -LW

Selecting certain bits from a TCP header

by rspishock (Monk)
on Aug 20, 2011 at 18:44 UTC ( #921435=perlquestion: print w/replies, xml ) Need Help??
rspishock has asked for the wisdom of the Perl Monks concerning the following question:

Greetings Monks

While I still consider myself quite new to Perl, I've been working on random projects to build on my knowledge. And the current script that I'm working on is without a doubt, one that is teaching me quite a bit.

I'm currently in the planning stages of developing a program which will examine TCP headers from a pcap file searching to see if certain bits are active or not, signaling the possibility of steganographic communications. If so, I plan on creating a document with will indicate this.

So now to my question. Can anyone offer some guidance on how I would single out specific bits of the TCP header, specifically bits 100-103? As I said previously, I'm using this as a learning experience, and I'm basically in the planning stages of working on this program. All I really have is a rough shell including modules that I need to call upon but I'm hoping this will help in grasping this concept.

Thank you all in advance.

Thanks for the all of the tips so far, it's starting to point me in the right direction.

  • Comment on Selecting certain bits from a TCP header

Replies are listed 'Best First'.
Re: Selecting certain bits from a TCP header
by Perlbotics (Chancellor) on Aug 20, 2011 at 19:16 UTC

    Do you mean the reserved fields of the TCP/IP4-header?

    NetPacket::TCP has already implemented accessors. After decode()-ing the raw packet, you can access the reserved fields by selecting the respective instance data.

    Have a look at pack/unpack to further inspect this field.

Re: Selecting certain bits from a TCP header
by roboticus (Chancellor) on Aug 20, 2011 at 19:11 UTC


    Study unpack, pack and perlpacktut to see how to disassemble and reassemble binary packets of data, and it will get you most of the way there.


    When your only tool is a hammer, all problems look like your thumb.

Re: Selecting certain bits from a TCP header
by linuxer (Curate) on Aug 20, 2011 at 19:05 UTC

    I don't really have experience with bit operations (in general and in Perl), but I remember a Perl function named vec which may help you.

Re: Selecting certain bits from a TCP header
by sundialsvc4 (Abbot) on Aug 21, 2011 at 15:32 UTC

    I think you’re going to have a kernel-level software component to do that, e.g. the privileged interfaces that are tapped by a program such as Ethereal.

    Statistical analysis of the thus-recovered data stream probably could be done in-part with Perl.   (I say, “in part,” because Perl’s job would be to extract the bit-sequences for subsequent analysis by established programs such as R.)

      Thanks for your advice.

      As this is partially just a project for myself, I am also considering using this to help research a paper of forensic detection of network based steganography. My intention is to generate known carrier packets from one test VM and send them to another test VM while collecting them through wireshark. The main part of this is pretty clear, however, the hard part is coming up with the script which I may use.

      However, your advice has been helpful, and I'll take a look at R when I get home to see how I can use it.

      Thanks again for the advice.

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: perlquestion [id://921435]
Approved by Corion
Front-paged by Corion
and all is quiet...

How do I use this? | Other CB clients
Other Users?
Others chanting in the Monastery: (4)
As of 2018-05-27 04:23 GMT
Find Nodes?
    Voting Booth?