Packet Capturing Using PERL

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • Sidra Nisar
    New Member
    • Feb 2010
    • 17
    #1

    Packet Capturing Using PERL

    Hello……I am working on voice transmission control through linux as my project in high school……I need to know if the comments I have made on the following program are correct….

    Object of the perl program is to build a network analyzer that captures local area network (LAN) traffic destined for the local domain name system (DNS) server and logs information on which IP addresses request which IP name resolutions.

    Code:
    <1 #!/usr/bin/perl -w
2 use 5.6.0; # Change to 5.006_000 if using Perl 5.8.0.
3 use strict;
4
5 use constant DNS_PORT => 53;# The DNS PORT is the standard protocol port number for DNS 
6 use constant HOWMANY => 100;# default number of packets to capture.
7
8 use Net::DNS::Packet;# A Net::DNS::Packet object represents a DNS packet.
9 use Net::PcapUtils;# Net::PcapUtils is a module to sit in front of Net::Pcap in order to hide some of the pcap(3) initialisation by providing sensible defaults. This enables a programmer to easily write small, specific scripts for a particular purpose without having to worry about too many details.
10 use NetPacket::Ethernet qw( :strip );
11 use NetPacket::IP;# NetPacket::IP provides a set of routines for assembling and disassembling packets using IP (Internet Protocol)
12 use NetPacket::UDP; # NetPacket::UDP provides a set of routines for assembling and disassembling packets using UDP (User Datagram Protocol).
13
14 our $num_processed = 0; # declare and define a global variable, $num processed, used to record the number of packets processed.
15
16 sub got_a_packet {
17 my $handle = shift ;# assigning the two parameters to $handle and $packet to append the results to the log file using $handle and use the contents of $packet to create a NetPacket::IP object.
18 my $packet = shift;
19
20 my $ip_datagram = NetPacket::IP->decode(
21 NetPacket::Ethernet::eth_strip( $packet ) ); # this subroutine removes the Ethernet frame from $packet and returns the IP datagram, and NetPacket::IP::decode extracts the IP data portion.
22
23 my $udp_datagram = NetPacket::UDP->decode( $ip_datagram->{data} );# extracting UDP datagram
24
25 if ( $udp_datagram->{dest_port} == DNS_PORT ) # ensuring that the destination port matches DNS PORT
26 {
27 my $dns_packet = $udp_datagram->{data};# assign the data portion of the UDP datagram to $dns packet.
28 my $dns_decode = Net::DNS::Packet->new( \$dns_packet );#decode the data portion from the IP packet
29 my @questions = $dns_decode->question; # extract the DNS queries from that and store them in @questions.
30
31 foreach my $q ( @questions ) # process each DNS query.
32 {
33 my $question = $q->string; # get the current query in
stringified form,
34
35 unless ( $question =~ /in-addr\.arpa/ ) # skip queries that match in-addr.arpa since those relate to IP addresses,
not names.
36 {
37 $question =~ /^(.+)\tIN/;
38
39 print "$ip_datagram->{src_ip} -> "; # 39-44 outputs the source and destination IP addresses together with the IP name to the screen and
log-file.
40 print "$ip_datagram->{dest_ip}: ";
41 print "$1\n";
42 print $handle "$ip_datagram->{src_ip} -> ";
43 print $handle "$ip_datagram->{dest_ip}: ";
44 print $handle "$1\n";
45
46 $num_processed++;# increment $num processed 
47 }
48 }48 }
49 }
50 }
51
52 sub display_results {		#calling a ssubroutine
53 my $outof = shift;	#no. of packets actually processed in $outof
54
55 print "\nProcessed $num_processed (out of $outof) "; #prints  the results
56 print "UDP datagrams carrying DNS.\n\n";
57 }
58
59 my $count = shift || HOWMANY; # sets the number of packets to process. If a command line argument isn’t provided, it uses the
value of HOWMANY

60 my $rem_count = $count;
61 my $pkt_descriptor = Net::PcapUtils::open(		# it places the Ethernet card into promiscuous mode for packet capturing
62 FILTER => ’udp’,			#DNS uses UDP as a protocol filter
63 SNAPLEN => 1500 );		# 1500 bytes is the maximum payload size on Ethernet networks
64
65 if ( !ref( $pkt_descriptor ) )	# $pkt descriptor is reference to a valid packet capture descriptor
66 {
67 warn "Net::PcapUtils::open returned: $pkt_descriptor\n";	# If it fails it returns an error message and then exit
68 exit;
69 }
70
71 open WDW_FILE, ">>wdw_log.txt"
72 or die "Could not append to wdw_log.txt: $!\n";	# open the log file in append mode
73
74 print WDW_FILE "\n", scalar localtime, " - wdw BEGIN run.\n\n";	#timestamp it at the beginning of the run
75
76 while ( $count)	#This subroutine waits for a UDP packet then returns two values—a scalar which represents the raw Ethernet packet, which I store in $packet, and a hash, which is of no nee
77 {
78 my ( $packet, %header ) = Net::PcapUtils::next( $pkt_descriptor );	#call the Net::PcapUtils::next subroutine with packet capture descriptor in $pkt descriptor, saves the UDP packet in $packet
79 got_a_packet( *WDW_FILE, $packet );	#sending the output from got a packet to this file
80 $count--;
81 }
82
83 print WDW_FILE "\n", scalar localtime, " - wdw END run.\n";	#timestamp it at the beginning of the run

84 close WDW_FILE; 	#closes the file
85
86 display_results( $rem_count );	#prints the initial value of $count before the while loop started at line 76>
    Last edited by numberwhun; Mar 19 '10, 05:55 PM. Reason: Please use code tags!
    Tags: None
    • Sidra Nisar
      New Member
      • Feb 2010
      • 17
      #2
      Hello……I am working on voice transmission control through linux as my project in high school……I need to know if the comments I have made on the following program are correct….

      Object of the perl program is to build a network analyzer that captures local area network (LAN) traffic destined for the local domain name system (DNS) server and logs information on which IP addresses request which IP name resolutions.

      Code:
         1. <1 #!/usr/bin/perl -w
   2. 2 use 5.6.0; # Change to 5.006_000 if using Perl 5.8.0.
   3. 3 use strict;
   4. 4
   5. 5 use constant DNS_PORT => 53;# The DNS PORT is the standard protocol port number for DNS 
   6. 6 use constant HOWMANY => 100;# default number of packets to capture.
   7. 7
   8. 8 use Net::DNS::Packet;# A Net::DNS::Packet object represents a DNS packet.
   9. 9 use Net::PcapUtils;# Net::PcapUtils is a module to sit in front of Net::Pcap in order to hide some of the pcap(3) initialisation by providing sensible defaults. This enables a programmer to easily write small, specific scripts for a particular purpose without having to worry about too many details.
  10. 10 use NetPacket::Ethernet qw( :strip );
  11. 11 use NetPacket::IP;# NetPacket::IP provides a set of routines for assembling and disassembling packets using IP (Internet Protocol)
  12. 12 use NetPacket::UDP; # NetPacket::UDP provides a set of routines for assembling and disassembling packets using UDP (User Datagram Protocol).
  13. 13
  14. 14 our $num_processed = 0; # declare and define a global variable, $num processed, used to record the number of packets processed.
  15. 15
  16. 16 sub got_a_packet {
  17. 17 my $handle = shift ;# assigning the two parameters to $handle and $packet to append the results to the log file using $handle and use the contents of $packet to create a NetPacket::IP object.
  18. 18 my $packet = shift;
  19. 19
  20. 20 my $ip_datagram = NetPacket::IP->decode(
  21. 21 NetPacket::Ethernet::eth_strip( $packet ) ); # this subroutine removes the Ethernet frame from $packet and returns the IP datagram, and NetPacket::IP::decode extracts the IP data portion.
  22. 22
  23. 23 my $udp_datagram = NetPacket::UDP->decode( $ip_datagram->{data} );# extracting UDP datagram
  24. 24
  25. 25 if ( $udp_datagram->{dest_port} == DNS_PORT ) # ensuring that the destination port matches DNS PORT
  26. 26 {
  27. 27 my $dns_packet = $udp_datagram->{data};# assign the data portion of the UDP datagram to $dns packet.
  28. 28 my $dns_decode = Net::DNS::Packet->new( \$dns_packet );#decode the data portion from the IP packet
  29. 29 my @questions = $dns_decode->question; # extract the DNS queries from that and store them in @questions.
  30. 30
  31. 31 foreach my $q ( @questions ) # process each DNS query.
  32. 32 {
  33. 33 my $question = $q->string; # get the current query in
  34. stringified form,
  35. 34
  36. 35 unless ( $question =~ /in-addr\.arpa/ ) # skip queries that match in-addr.arpa since those relate to IP addresses,
  37. not names.
  38. 36 {
  39. 37 $question =~ /^(.+)\tIN/;
  40. 38
  41. 39 print "$ip_datagram->{src_ip} -> "; # 39-44 outputs the source and destination IP addresses together with the IP name to the screen and
  42. log-file.
  43. 40 print "$ip_datagram->{dest_ip}: ";
  44. 41 print "$1\n";
  45. 42 print $handle "$ip_datagram->{src_ip} -> ";
  46. 43 print $handle "$ip_datagram->{dest_ip}: ";
  47. 44 print $handle "$1\n";
  48. 45
  49. 46 $num_processed++;# increment $num processed 
  50. 47 }
  51. 48 }48 }
  52. 49 }
  53. 50 }
  54. 51
  55. 52 sub display_results {        #calling a ssubroutine
  56. 53 my $outof = shift;    #no. of packets actually processed in $outof
  57. 54
  58. 55 print "\nProcessed $num_processed (out of $outof) "; #prints  the results
  59. 56 print "UDP datagrams carrying DNS.\n\n";
  60. 57 }
  61. 58
  62. 59 my $count = shift || HOWMANY; # sets the number of packets to process. If a command line argument isn’t provided, it uses the
  63. value of HOWMANY
  64.  
  65. 60 my $rem_count = $count;
  66. 61 my $pkt_descriptor = Net::PcapUtils::open(        # it places the Ethernet card into promiscuous mode for packet capturing
  67. 62 FILTER => ’udp’,            #DNS uses UDP as a protocol filter
  68. 63 SNAPLEN => 1500 );        # 1500 bytes is the maximum payload size on Ethernet networks
  69. 64
  70. 65 if ( !ref( $pkt_descriptor ) )    # $pkt descriptor is reference to a valid packet capture descriptor
  71. 66 {
  72. 67 warn "Net::PcapUtils::open returned: $pkt_descriptor\n";    # If it fails it returns an error message and then exit
  73. 68 exit;
  74. 69 }
  75. 70
  76. 71 open WDW_FILE, ">>wdw_log.txt"
  77. 72 or die "Could not append to wdw_log.txt: $!\n";    # open the log file in append mode
  78. 73
  79. 74 print WDW_FILE "\n", scalar localtime, " - wdw BEGIN run.\n\n";    #timestamp it at the beginning of the run
  80. 75
  81. 76 while ( $count)    #This subroutine waits for a UDP packet then returns two values—a scalar which represents the raw Ethernet packet, which I store in $packet, and a hash, which is of no nee
  82. 77 {
  83. 78 my ( $packet, %header ) = Net::PcapUtils::next( $pkt_descriptor );    #call the Net::PcapUtils::next subroutine with packet capture descriptor in $pkt descriptor, saves the UDP packet in $packet
  84. 79 got_a_packet( *WDW_FILE, $packet );    #sending the output from got a packet to this file
  85. 80 $count--;
  86. 81 }
  87. 82
  88. 83 print WDW_FILE "\n", scalar localtime, " - wdw END run.\n";    #timestamp it at the beginning of the run
  89.  
  90. 84 close WDW_FILE;     #closes the file
  91. 85
  92. 86 display_results( $rem_count );    #prints the initial value

        Comment

        • numberwhun
          Recognized Expert Moderator Specialist
          • May 2007
          • 3467
          #3
          Sorry Sidra, but I don't have any experience with packet capturing with Perl. I typically use WireShark for that. My suggestion, if you don't get an answer here, is to post this same question on Perlmonks.org.

          Regards,

          Jeff

            Comment

            • Sidra Nisar
              New Member
              • Feb 2010
              • 17
              #4
              Thank you very much Jeff. I will certainly do that.

              Regards

                Comment

                Previous template Next
                Working...