Beefy Boxes and Bandwidth Generously Provided by pair Networks
Clear questions and runnable code
get the best and fastest answer
 
PerlMonks  

Parsing packets using Net::Frame

by qwconst (Initiate)
on Jul 15, 2011 at 01:25 UTC ( #914476=perlquestion: print w/ replies, xml ) Need Help??
qwconst has asked for the wisdom of the Perl Monks concerning the following question:

Hi, Here's the example from the Net::Frame::Dump::Offline
my $oDump = Net::Frame::Dump::Offline->new( file => $pcapfile, filter => 'udp src port 53', ); $oDump->start; my $count = 0; while (my $h = $oDump->next) { my $f = Net::Frame::Simple->new( raw => $h->{raw}, firstLayer => $h->{firstLayer}, timestamp => $h->{timestamp}, ); my $len = length($h->{raw}); print 'o Frame number: '.$count++." (length: $len)\n"; print $f->print."\n"; print $f->firstLayer."\n"; }
The sample output is:
o Frame number: 0 (length: 79) Layer::ETH: dst:00:0f:1f:64:56:c2 src:00:01:d7:49:51:84 type:0x0800 Layer::IPv4: version:4 hlen:5 tos:0x00 length:65 id:39664 Layer::IPv4: flags:0x02 offset:0 ttl:255 protocol:0x11 checksum:0x +ec67 Layer::IPv4: src:x dst:x Layer::UDP: src:53802 dst:53 length:45 checksum:0x1512 Padding: fb7a01000001000000000000037777770b73746174636f756e74657203636 +f6d0000010001 o Frame number: 1 (length: 95) Layer::ETH: dst:00:0f:1f:64:56:c2 src:00:01:d7:49:51:84 type:0x0800 Layer::IPv4: version:4 hlen:5 tos:0x00 length:81 id:39668 Layer::IPv4: flags:0x02 offset:0 ttl:255 protocol:0x11 checksum:0x +381e Layer::IPv4: src:x dst:x Layer::UDP: src:11463 dst:53 length:61 checksum:0xb410 Padding: fc8c010000010000000000000870726f78792d736e08636f6e74616374730 +36d736e03636f6d056e73617463036e65740000010001 o Frame number: 2 (length: 75) Layer::ETH: dst:00:0f:1f:64:56:c2 src:00:01:d7:49:51:84 type:0x0800 Layer::IPv4: version:4 hlen:5 tos:0x00 length:61 id:39672 Layer::IPv4: flags:0x02 offset:0 ttl:255 protocol:0x11 checksum:0x +29d5 Layer::IPv4: src:x dst:x Layer::UDP: src:42067 dst:53 length:41 checksum:0xe66e Padding: 506701000001000000000000036164340473696e6103636f6d02636e00000 +10001

My question is, how do I get the payload of the UDP layer (or any layer after firstLayer)? I want to use Net::Frame::Layer::IPv4, Net::Frame::Layer::TCP and so on to process the layers.

Comment on Parsing packets using Net::Frame
Select or Download Code
Replies are listed 'Best First'.
Re: Parsing packets using Net::Frame
by Illuminatus (Curate) on Jul 15, 2011 at 02:07 UTC
    Did you look at the example in Net::Frame::Layer::UDP? I have to admit I've never used this module, but it looks pretty straightforward. I prefer the NetPacket::* modules myself, which you could use with the 'raw' data returned by Net::Frame::Dump::Offline

    fnord

Re: Parsing packets using Net::Frame
by qwconst (Initiate) on Jul 15, 2011 at 01:59 UTC
    This is really my bad - the payload can be retrieved by
    $f->ref->{UDP}->payload;
    I initially had this, but the script barfed which led me to get confused. This morning though after careful examination I realized the earlier error was due to the some packets having no UDP payload! Doh!

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: perlquestion [id://914476]
Approved by Marshall
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others making s'mores by the fire in the courtyard of the Monastery: (12)
As of 2015-07-07 21:10 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    The top three priorities of my open tasks are (in descending order of likelihood to be worked on) ...









    Results (93 votes), past polls