Beefy Boxes and Bandwidth Generously Provided by pair Networks
Keep It Simple, Stupid
 
PerlMonks  

Packet parsing module in perl

by balakrishnan (Monk)
on Feb 26, 2009 at 16:20 UTC ( [id://746584]=perlquestion: print w/replies, xml ) Need Help??

balakrishnan has asked for the wisdom of the Perl Monks concerning the following question:

Hi Monks,
I need a module which could able to read the packets from the dump file and parse it layer by layer(i.e: ethernet,ip);
it has to provide me the details in ethernet layer(e.g: packets timestamp).
Any ideas greatly appreciated.

Replies are listed 'Best First'.
Re: Packet parsing module in perl
by jettero (Monsignor) on Feb 26, 2009 at 16:26 UTC

    Hopefully for you the Net::Pcap stuff can be made to read the dump files, because if it does it'll do everything you want and more.

    -Paul

[reply]
Re: Packet parsing module in perl
by zentara (Archbishop) on Feb 26, 2009 at 16:38 UTC
    How about a Packet Parsing Package in Perl? Say it three times fast and you become Larry Wall for a day. :-)

    Oh....and before any of you complain that you said it 3 times fast, and didn't turn into Larry Wall, it's becuase you didn't say it fast enough!

    I'm not really a human, but I play one on earth My Petition to the Great Cosmic Conciousness
[reply]
Re: Packet parsing module in perl
by zwon (Abbot) on Feb 26, 2009 at 17:58 UTC

    Probably NetPacket is what you need.

    Upd: link fixed

[reply]
      How do i can extract the packet arrival time from a packet?
[reply]
        I don't think the actual packets have timestamps -- could be wrong -- but I know the libpcap files do contain them. I think your best bet (as mentioned above) is to use the Net::Pcap library to read the source file and get the timestamps from there. It seems it does have a pcap_open_offline method, which I don't know how to use, that probably reads the file in.

        How to get the actual timestamps from the packets: 

           sub process_packet {
       my($user_data, $header, $packet) = @_;

       print "time: $header->{tv_sec}\n";
   }

  # The header information is a reference to a hash containing the fol
+lowing fields.
  # 
  #  *   "len" - the total length of the packet.
  #  *   "caplen" - the actual captured length of the packet
  #  *   "tv_sec" - seconds value of the packet timestamp.
  #  *   "tv_usec" - microseconds value of the packet timestamp.

        [download]

        -Paul

[reply]
[d/l]
[select]
Re: Packet parsing module in perl
by Anonymous Monk on Feb 26, 2009 at 17:55 UTC
    You have done C programs to do everything related to this already, what is the problem with that C program?. Everything you have already done in C, why do you go for Perl now?.
[reply]

Back to Seekers of Perl Wisdom

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: perlquestion [id://746584]
Approved by moritz
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others taking refuge in the Monastery: (3)
As of 2024-04-26 01:11 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found