Beefy Boxes and Bandwidth Generously Provided by pair Networks
Pathologically Eclectic Rubbish Lister
 
PerlMonks  

Parsing packets using Net::Frame

by qwconst (Initiate)
on Jul 15, 2011 at 01:25 UTC ( #914476=perlquestion: print w/replies, xml ) Need Help??
qwconst has asked for the wisdom of the Perl Monks concerning the following question:

Hi, Here's the example from the Net::Frame::Dump::Offline
my $oDump = Net::Frame::Dump::Offline->new( file => $pcapfile, filter => 'udp src port 53', ); $oDump->start; my $count = 0; while (my $h = $oDump->next) { my $f = Net::Frame::Simple->new( raw => $h->{raw}, firstLayer => $h->{firstLayer}, timestamp => $h->{timestamp}, ); my $len = length($h->{raw}); print 'o Frame number: '.$count++." (length: $len)\n"; print $f->print."\n"; print $f->firstLayer."\n"; }
The sample output is:
o Frame number: 0 (length: 79) Layer::ETH: dst:00:0f:1f:64:56:c2 src:00:01:d7:49:51:84 type:0x0800 Layer::IPv4: version:4 hlen:5 tos:0x00 length:65 id:39664 Layer::IPv4: flags:0x02 offset:0 ttl:255 protocol:0x11 checksum:0x +ec67 Layer::IPv4: src:x dst:x Layer::UDP: src:53802 dst:53 length:45 checksum:0x1512 Padding: fb7a01000001000000000000037777770b73746174636f756e74657203636 +f6d0000010001 o Frame number: 1 (length: 95) Layer::ETH: dst:00:0f:1f:64:56:c2 src:00:01:d7:49:51:84 type:0x0800 Layer::IPv4: version:4 hlen:5 tos:0x00 length:81 id:39668 Layer::IPv4: flags:0x02 offset:0 ttl:255 protocol:0x11 checksum:0x +381e Layer::IPv4: src:x dst:x Layer::UDP: src:11463 dst:53 length:61 checksum:0xb410 Padding: fc8c010000010000000000000870726f78792d736e08636f6e74616374730 +36d736e03636f6d056e73617463036e65740000010001 o Frame number: 2 (length: 75) Layer::ETH: dst:00:0f:1f:64:56:c2 src:00:01:d7:49:51:84 type:0x0800 Layer::IPv4: version:4 hlen:5 tos:0x00 length:61 id:39672 Layer::IPv4: flags:0x02 offset:0 ttl:255 protocol:0x11 checksum:0x +29d5 Layer::IPv4: src:x dst:x Layer::UDP: src:42067 dst:53 length:41 checksum:0xe66e Padding: 506701000001000000000000036164340473696e6103636f6d02636e00000 +10001

My question is, how do I get the payload of the UDP layer (or any layer after firstLayer)? I want to use Net::Frame::Layer::IPv4, Net::Frame::Layer::TCP and so on to process the layers.

Replies are listed 'Best First'.
Re: Parsing packets using Net::Frame
by Illuminatus (Curate) on Jul 15, 2011 at 02:07 UTC
    Did you look at the example in Net::Frame::Layer::UDP? I have to admit I've never used this module, but it looks pretty straightforward. I prefer the NetPacket::* modules myself, which you could use with the 'raw' data returned by Net::Frame::Dump::Offline

    fnord

Re: Parsing packets using Net::Frame
by qwconst (Initiate) on Jul 15, 2011 at 01:59 UTC
    This is really my bad - the payload can be retrieved by
    $f->ref->{UDP}->payload;
    I initially had this, but the script barfed which led me to get confused. This morning though after careful examination I realized the earlier error was due to the some packets having no UDP payload! Doh!

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: perlquestion [id://914476]
Approved by Marshall
help
Chatterbox?
[Corion]: The API itself will basically be my $iter = generate_http_requ ests(method => 'GET', url => '/settings/:name', headers => ???, get_params => ['foo','bar']), but I'm not sure how to parametrize values in the headers and how to specify lists of ...
[choroba]: On the other hand, lots of options to receive the requests :-)
[Corion]: ... values to be used. For example, I think for headers, one would want to have various kinds of Content-Encoding headers, but for the get_parameters one would have various kinds of Bobby Tables
[choroba]: What about [metadoc:// Algorithm::Loops]?
[Corion]: choroba: Yeah, but handing off the request to Dancer,Plack, Mojolicious,LWP is easy once I have the data filled into some structure ;))
[choroba]: Algorithm::Loops
[Corion]: choroba: I'm using that to generate the permutations, but I don't know how the user can pass the intended values to my function in a sane way
[Corion]: I have a prototype that permutes the get_parameters, but the values used for the get parameters should be different from the values used for the headers and potentially for parts of the URL
[Corion]: But yes, in general, my approach will be "split the URL into another set of parameters, generate an array of allowed values for each parameter and then NestedLoops() over the set"
[choroba]: hmm... so you need something like bag from Test::Deep, but not for checking, but for generation

How do I use this? | Other CB clients
Other Users?
Others chanting in the Monastery: (9)
As of 2017-01-17 08:16 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    Do you watch meteor showers?




    Results (152 votes). Check out past polls.