http://www.perlmonks.org?node_id=252784

nite_man has asked for the wisdom of the Perl Monks concerning the following question:

Hi brothers,
I need to make some network snooping under windows. I've read an article Perl and Net::Pcap by rob_au and some another acticles but I didn't find any solution about using Net::Pcap under windows.
Maybe anyone knows some win32 snooping with Perl resources?
TIA.
      
--------------------------------
SV* sv_bless(SV* sv, HV* stash);

Replies are listed 'Best First'.
Re: Net::Pcap and windows
by rob_au (Abbot) on Apr 24, 2003 at 07:06 UTC
    As noted in this post for prosperity, the Pcap library can be obtained for Windows in source and binary forms from http://winpcap.polito.it/. This in turn gives you the ability to interface this library with Net::Pcap - Note however that this will most likely involve building the Net::Pcap XS modules from sources, as I am unaware of any PPM packages for this module (Podmaster?)

     

    perl -le 'print+unpack("N",pack("B32","00000000000000000000001001010000"))'

      Thanks rob_au, I will try to use winpcap and maybe write some sketch about it if somebody is interested in it ;))
            
      --------------------------------
      SV* sv_bless(SV* sv, HV* stash);
      
Re: Net::Pcap and windows
by PodMaster (Abbot) on Apr 24, 2003 at 12:24 UTC
    Well, I gave it another shot, and I've compiled Net::Pcap, but it does not work (12.50% okay, practically all the tests fail). You'll have to edit Pcap.xs to make the include lines look like
    #include "pcap.h" #ifdef WIN32 #undef caddr_t #endif #include "EXTERN.h" #include "perl.h" #include "XSUB.h" //#include <pcap.h> used to be here (D'oh! i should've just done a dif +f)
    Also, here's what the MakeMaker INC/LIBS args should look like:
    'INC' => q[ -IE:\new\wpdpack_3_0\wpdpack\Include ], 'LIBS' => [ q[ -LE:\new\wpdpack_3_0\wpdpack\Lib -lwpcap.li +b ] ],
    It compiles with some warnings though
    Pcap.c Pcap.c(749) : warning C4047: 'function' : 'struct _PerlIO ** ' differs + in levels of indirection from 'struct _iobuf *' Pcap.c(749) : warning C4024: 'Perl_do_open' : different types for form +al and actual parameter 8
    which stem from
    FILE * pcap_file(p) pcap_t *p
    and I've no clue how to fix those, but I highly doubt they have anything to do with the failing tests (almost all of the functions Net::Pcap uses are deprecated in WinPcap -- like lookupdev or open_live). The generated function looks like
    XS(XS_Net__Pcap_file); /* prototype to pass -Wmissing-prototypes */ XS(XS_Net__Pcap_file) { dXSARGS; if (items != 1) Perl_croak(aTHX_ "Usage: Net::Pcap::file(p)"); { pcap_t * p; FILE * RETVAL; if (sv_derived_from(ST(0), "pcap_tPtr")) { IV tmp = SvIV((SV*)SvRV(ST(0))); p = (pcap_t *) tmp; } else croak("p is not of type pcap_tPtr"); RETVAL = pcap_file(p); ST(0) = sv_newmortal(); { GV *gv = newGVgen("Net::Pcap"); if ( do_open(gv, "<&", 2, FALSE, 0, 0, RETVAL) ) sv_setsv(ST(0), sv_bless(newRV((SV*)gv), gv_stashpv("Net::Pcap +",1))); else ST(0) = &PL_sv_undef; } } XSRETURN(1); }
    And the typemap specifies FILE * T_IN, and T_IN is
    INPUT T_IN $var = IoIFP(sv_2io($arg)) ################### OUTPUT T_IN { GV *gv = newGVgen("$Package"); if ( do_open(gv, "<&", 2, FALSE, 0, 0, $var) ) sv_setsv($arg, sv_bless(newRV((SV*)gv), gv_stashpv("$Package", +1))); else $arg = &PL_sv_undef; }


    MJD says you can't just make shit up and expect the computer to know what you mean, retardo!
    I run a Win32 PPM repository for perl 5.6x+5.8x. I take requests.
    ** The Third rule of perl club is a statement of fact: pod is sexy.

      Many thanks, PodMaster. I've tried compile Net::Pcap unser win32 and I've had error end of compilation. I found page one guy - J-L Morel where he keept Net::Pcap for win32. He explaned what happened. Perl is compiled with winsock.h but WinPcap (Free Packet Capture Architecture for Window) - with winsock2.h.
            
      --------------------------------
      SV* sv_bless(SV* sv, HV* stash);
      
        Thats great. Does it work for you? I compiled his version, and it doesn't change a thing, all test still pretty much fail ;( Whether this is a problem with the tests or whatever, it's certainly not good


        MJD says you can't just make shit up and expect the computer to know what you mean, retardo!
        I run a Win32 PPM repository for perl 5.6x+5.8x. I take requests.
        ** The Third rule of perl club is a statement of fact: pod is sexy.