Hi,
I tried the packet capture module program.
I did a file transfer using ftp from this host to another server.
But when I ran the program, it was just hanging off and it did not print the src ip, dst ip, src port, dst port.
Should I run this program as a Daemon? If so, how do I do that?
I would appreciate your response.
Thanks,
Sangith
This is the code that is tried and I got this on this http://www.perlmonks.org/node_id=170648 website:
I tried the packet capture module program.
I did a file transfer using ftp from this host to another server.
But when I ran the program, it was just hanging off and it did not print the src ip, dst ip, src port, dst port.
Should I run this program as a Daemon? If so, how do I do that?
I would appreciate your response.
Thanks,
Sangith
This is the code that is tried and I got this on this http://www.perlmonks.org/node_id=170648 website:
Code:
use Net::Pcap;
use NetPacket::Ethernet;
use NetPacket::IP;
use NetPacket::TCP;
use strict;
my $err;
# Use network device passed in program arguments or if no
# argument is passed, determine an appropriate network
# device for packet sniffing using the
# Net::Pcap::lookupdev method
my $dev = $ARGV[0];
unless (defined $dev) {
$dev = Net::Pcap::lookupdev(\$err);
if (defined $err) {
die 'Unable to determine network device for monitoring - ', $e
+rr;
}
}
# Look up network address information about network
# device using Net::Pcap::lookupnet - This also acts as a
# check on bogus network device arguments that may be
# passed to the program as an argument
my ($address, $netmask);
if (Net::Pcap::lookupnet($dev, \$address, \$netmask, \$err)) {
die 'Unable to look up device information for ', $dev, ' - ', $err
+;
}
# Create packet capture object on device
my $object;
$object = Net::Pcap::open_live($dev, 1500, 0, 0, \$err);
unless (defined $object) {
die 'Unable to create packet capture on device ', $dev, ' - ', $er
+r;
}
# Compile and set packet filter for packet capture
# object - For the capture of TCP packets with the SYN
# header flag set directed at the external interface of
# the local host, the packet filter of '(dst IP) && (tcp
# [13] & 2 != 0)' is used where IP is the IP address of
# the external interface of the machine. For
# illustrative purposes, the IP address of 127.0.0.1 is
# used in this example.
my $filter;
Net::Pcap::compile(
$object,
\$filter,
'(dst 127.0.0.1) && (tcp[13] & 2 != 0)',
0,
$netmask
) && die 'Unable to compile packet capture filter';
Net::Pcap::setfilter($object, $filter) &&
die 'Unable to set packet capture filter';
# Set callback function and initiate packet capture loop
Net::Pcap::loop($object, -1, \&syn_packets, '') ||
die 'Unable to perform packet capture';
Net::Pcap::close($object);
sub syn_packets {
my ($user_data, $header, $packet) = @_;
# Strip ethernet encapsulation of captured packet
my $ether_data = NetPacket::Ethernet::strip($packet);
# Decode contents of TCP/IP packet contained within
# captured ethernet packet
my $ip = NetPacket::IP->decode($ether_data);
my $tcp = NetPacket::TCP->decode($ip->{'data'});
# Print all out where its coming from and where its
# going to!
print
$ip->{'src_ip'}, ":", $tcp->{'src_port'}, " -> ",
$ip->{'dest_ip'}, ":", $tcp->{'dest_port'}, "\n";
}
Comment