Beefy Boxes and Bandwidth Generously Provided by pair Networks Cowboy Neal with Hat
Problems? Is your data what you think it is?
 
PerlMonks  

Parsing packets using Net::Frame

by qwconst (Initiate)
on Jul 15, 2011 at 01:25 UTC ( #914476=perlquestion: print w/ replies, xml ) Need Help??
qwconst has asked for the wisdom of the Perl Monks concerning the following question:

Hi, Here's the example from the Net::Frame::Dump::Offline
my $oDump = Net::Frame::Dump::Offline->new( file => $pcapfile, filter => 'udp src port 53', ); $oDump->start; my $count = 0; while (my $h = $oDump->next) { my $f = Net::Frame::Simple->new( raw => $h->{raw}, firstLayer => $h->{firstLayer}, timestamp => $h->{timestamp}, ); my $len = length($h->{raw}); print 'o Frame number: '.$count++." (length: $len)\n"; print $f->print."\n"; print $f->firstLayer."\n"; }
The sample output is:
o Frame number: 0 (length: 79) Layer::ETH: dst:00:0f:1f:64:56:c2 src:00:01:d7:49:51:84 type:0x0800 Layer::IPv4: version:4 hlen:5 tos:0x00 length:65 id:39664 Layer::IPv4: flags:0x02 offset:0 ttl:255 protocol:0x11 checksum:0x +ec67 Layer::IPv4: src:x dst:x Layer::UDP: src:53802 dst:53 length:45 checksum:0x1512 Padding: fb7a01000001000000000000037777770b73746174636f756e74657203636 +f6d0000010001 o Frame number: 1 (length: 95) Layer::ETH: dst:00:0f:1f:64:56:c2 src:00:01:d7:49:51:84 type:0x0800 Layer::IPv4: version:4 hlen:5 tos:0x00 length:81 id:39668 Layer::IPv4: flags:0x02 offset:0 ttl:255 protocol:0x11 checksum:0x +381e Layer::IPv4: src:x dst:x Layer::UDP: src:11463 dst:53 length:61 checksum:0xb410 Padding: fc8c010000010000000000000870726f78792d736e08636f6e74616374730 +36d736e03636f6d056e73617463036e65740000010001 o Frame number: 2 (length: 75) Layer::ETH: dst:00:0f:1f:64:56:c2 src:00:01:d7:49:51:84 type:0x0800 Layer::IPv4: version:4 hlen:5 tos:0x00 length:61 id:39672 Layer::IPv4: flags:0x02 offset:0 ttl:255 protocol:0x11 checksum:0x +29d5 Layer::IPv4: src:x dst:x Layer::UDP: src:42067 dst:53 length:41 checksum:0xe66e Padding: 506701000001000000000000036164340473696e6103636f6d02636e00000 +10001

My question is, how do I get the payload of the UDP layer (or any layer after firstLayer)? I want to use Net::Frame::Layer::IPv4, Net::Frame::Layer::TCP and so on to process the layers.

Comment on Parsing packets using Net::Frame
Select or Download Code
Re: Parsing packets using Net::Frame
by qwconst (Initiate) on Jul 15, 2011 at 01:59 UTC
    This is really my bad - the payload can be retrieved by
    $f->ref->{UDP}->payload;
    I initially had this, but the script barfed which led me to get confused. This morning though after careful examination I realized the earlier error was due to the some packets having no UDP payload! Doh!
Re: Parsing packets using Net::Frame
by Illuminatus (Curate) on Jul 15, 2011 at 02:07 UTC
    Did you look at the example in Net::Frame::Layer::UDP? I have to admit I've never used this module, but it looks pretty straightforward. I prefer the NetPacket::* modules myself, which you could use with the 'raw' data returned by Net::Frame::Dump::Offline

    fnord

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: perlquestion [id://914476]
Approved by Marshall
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others romping around the Monastery: (5)
As of 2014-04-20 08:36 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    April first is:







    Results (485 votes), past polls