Beefy Boxes and Bandwidth Generously Provided by pair Networks
Welcome to the Monastery
 
PerlMonks  

Read() -Multiple Files-

by jboy4 (Initiate)
on Jan 26, 2012 at 15:56 UTC ( #950144=perlquestion: print w/ replies, xml ) Need Help??
jboy4 has asked for the wisdom of the Perl Monks concerning the following question:

Ok so i made a perl code that reads info from a pcap file using tcpdumplog and it puts it into a table in mysql. The code worked awesome and gave me the information i needed. My problem is i hard coded the name of a single pcap file into it and we used to only have to read 1 every month or so. I would just delete old one and rename new 1 to that file.

We now have multiple pcap files that need to be quiered so my issue is using the read() command with a loop to read file extensions with .pcap

Original Working code----------------
#!/usr/bin/perl use DBI; use Net::TcpDumpLog; use NetPacket::Ethernet; use NetPacket::IP; use NetPacket::TCP; use Net::Pcap; use strict; use warnings; #Login to mysql my $dbh = DBI->connect('DBI:mysql:test', 'root', 'nstar' ) || die "Could not connect to +database: $DBI::errstr" +; #Pcap file to log my $log = Net::TcpDumpLog->new(); $log->read("C:\\Documents and Settings\\jordant\\Desktop\\Dump\\m1. +pcap"); #INFO from PCAP file foreach my $index ($log->indexes) { my ($length_orig, $length_incl, $drops, $secs, $msecs) = $log->header +($index); my $data = $log->data($index); my $eth_obj = NetPacket::Ethernet->decode($data); next unless $eth_obj->{type} == NetPacket::Ethernet::ETH_TYPE_IP; my $ip_obj = NetPacket::IP->decode($eth_obj->{data}); next unless $ip_obj->{proto} == NetPacket::IP::IP_PROTO_TCP; my $tcp_obj = NetPacket::TCP->decode($ip_obj->{data}); #get date time stamp of packet my ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime( +$secs + $msecs/1000); $mon+=1; my $time = sprintf("%02d-%02d %02d:%02d:%02d", $mon, $mday, $hour, $min, $sec); #Info in Table $dbh->do( "INSERT INTO test2 (Date,Source,Destination,Packets +,Port) values ( '$time', '$ip_obj->{src_ip}', '$ip_obj->{dest_ip}', '$ip_obj->{len}', '$tcp_obj->{dest_port}')");
This code does work i just need the hard coded $log->read to be just the directory like so... (C:\\Documents and Settings\\jordant\\Desktop\\Dump) and read all files with extension .pcap within the directory.

Any help would be great! Thanks

Comment on Read() -Multiple Files-
Download Code
Re: Read() -Multiple Files-
by Corion (Pope) on Jan 26, 2012 at 16:08 UTC

    Do you want to pass the filename on the command line? If so, see perlvar on @ARGV.

    Do you want to add all files matching some wildcard? If so, see File::Glob on bsd_glob:

    use File::Glob qw(bsd_glob); my @files = bsd_glob("C:\\Documents and Settings\\jordant\\Desktop\\Du +mp\\*.pcap"); for my $file (@files) { print "Processing '$file'\n"; };

      Could someone help integrating the above methods into my code? I am having issues getting either to work


      Here is the first one. Did i put something in wrong?
      #!/usr/bin/perl use DBI; use Net::TcpDumpLog; use NetPacket::Ethernet; use NetPacket::IP; use NetPacket::TCP; use Net::Pcap; use strict; use warnings; use File::Glob qw(bsd_glob); #Login to mysql my $dbh = DBI->connect('DBI:mysql:test', 'root', 'nstar' ) || die "Could not connect to +database: $DBI::errstr" +; #Pcap file to log my $log = Net::TcpDumpLog->new(); my @files = bsd_glob("C:\\Documents and Settings\\jordant\\Desktop\\D +ump\\*.pcap"); $log->read('$file'); for my $file (@files) { print "Processing '$file'\n"; }; #INFO from PCAP file foreach my $index ($log->indexes) { my ($length_orig, $length_incl, $drops, $secs, $msecs) = $log->header +($index); my $data = $log->data($index); my $eth_obj = NetPacket::Ethernet->decode($data); next unless $eth_obj->{type} == NetPacket::Ethernet::ETH_TYPE_IP; my $ip_obj = NetPacket::IP->decode($eth_obj->{data}); next unless $ip_obj->{proto} == NetPacket::IP::IP_PROTO_TCP; my $tcp_obj = NetPacket::TCP->decode($ip_obj->{data}); #get date time stamp of packet my ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime( +$secs + $msecs/1000); $mon+=1; my $time = sprintf("%02d-%02d %02d:%02d:%02d", $mon, $mday, $hour, $min, $sec); #Info in Table $dbh->do( "INSERT INTO test2 (Date,Source,Destination,Packets +,Port) values ( '$time', '$ip_obj->{src_ip}', '$ip_obj->{dest_ip}', '$ip_obj->{len}', '$tcp_obj->{dest_port}')"); }
      Errors out: saying it cant find the directory
        Please tell us what you do, and what your program outputs and how that differs from what you expect. Also try reducing the program to the bare minimum that still shows the error. As a hint, consider where bsd_glob stores its results. This is not a code writing service.
Re: Read() -Multiple Files-
by Anonymous Monk on Jan 26, 2012 at 16:13 UTC

    Simple way

    #!/usr/bin/perl -- use strict; use warnings; Main( @ARGV ); exit( 0 ); sub Main { my( $directory ) = @_; my $dbh = ...; for my $file ( GetFiles( $directory ) ){ LogFromPcap( $file, $dbh ); } $dbh->disconnect; } sub GetFiles { use Cwd(); my $cwd = Cwd::cwd(); chdir $directory or die $!; my @files = glob '*.pcap'; chdir $cwd; return @files; } sub LogFromPcap { my( $file, $dbh ) = @_; ... }

    See File::Glob and File::Find::Rule (and search perlmonks for examples of each)

    For getopt example see Re: help with loop

      Im just not sure how to make this work with my code... If you could help me out that would be much appreciated.

        Im just not sure how to make this work with my code...

        Can you identify any of your code in what I posted?

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: perlquestion [id://950144]
Approved by rovf
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others having an uproarious good time at the Monastery: (4)
As of 2014-07-26 06:47 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    My favorite superfluous repetitious redundant duplicative phrase is:









    Results (175 votes), past polls