By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
446,376 Members | 1,566 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 446,376 IT Pros & Developers. It's quick & easy.

Altering a packet and writing to network layer

P: 4
I am trying to write a program that will continuously sniff eth0 for a specific UDP packet thats being sent to a specific destination IP, alter the data of the packet, and finally transmit it to the destination. My script compiles fine and runs fine until it finds the specific packet and tries to alter the payload of the data. Hopefully someone can give me some insight on why it might be doing this...

Expand|Select|Wrap|Line Numbers
  1. #!/usr/bin/perl -w
  2. #
  3. # Custom script:
  4. #   A program to catch specific outgoing UDP packets, alter the
  5. #   payload data, and then write the packet onto the network layer.
  6.  
  7. # Destination IP address
  8. my $DEST_IP='192.246.40.56';
  9.  
  10. # The unprivileged uid/gid under which we should run.
  11. my $UNPRIV="200";
  12.  
  13. use Net::Pcap;
  14. use FileHandle;
  15. use strict;
  16. use English;    
  17. use NetPacket::IP qw(IP_PROTO_UDP);
  18. use NetPacket::UDP;
  19. use Net::RawSock;
  20.  
  21.  
  22. while ( 1 ) {
  23.  
  24.     my $pid = fork();
  25.     if ( ! defined $pid ) { die "Unable to fork.  Yikes." };
  26.  
  27.     if ( $pid ) {
  28.         # Parent process (running as root) will wait for
  29.     # child.  If child exits, we'll create another one.
  30.         wait();    
  31.     sleep(1);  # To keep us from respawning too fast if necessary.
  32.     } else {
  33.         print "Script starting\n";
  34.  
  35.     # Child process will do actual sniffing.
  36.     # First, create our packet capturing device
  37.         my($pcap_t) = create_pcap();
  38.  
  39.         unless ( $pcap_t ) {
  40.             die "Unable to create pcap";
  41.         }
  42.  
  43.         # Let's stop running as root.  Since we already
  44.     # have our pcap descriptor, we can still use it.
  45.         $EGID="$UNPRIV $UNPRIV";    # setgid and setgroups()
  46.         $GID=$UNPRIV;
  47.         $UID=$UNPRIV; $EUID=$UNPRIV;
  48.  
  49.     # Capture packets forever.
  50.         Net::Pcap::loop($pcap_t, -1, \&process_pkt, 0);
  51.  
  52.         # Technically, we shouldn't get here since the loop
  53.         # is infinite (-1), but just in case, close and exit.
  54.         Net::Pcap::close($pcap_t);
  55.         exit 1;
  56.     }
  57. }
  58.  
  59. sub create_pcap {
  60.     my $promisc = 0;   # We're only looking for packets destined to us,
  61.                        # so no need for promiscuous mode.
  62.     my $snaplen = 135; # Allows a max of 80 characters in the domain name
  63.  
  64.     my $to_ms = 0;            # timeout
  65.     my $opt=1;                          # Sure, optimisation is good...
  66.     my($err,$net,$mask,$dev,$filter_t);
  67.  
  68.     my $filter = "udp dst port 49169 and dst host $DEST_IP";
  69.  
  70.     # Look up an appropriate device (eth0 usually)
  71.     $dev = Net::Pcap::lookupdev(\$err);
  72.     $dev or die "Net::Pcap::lookupdev failed.  Error was $err";
  73.     #$dev = "eth0";
  74.  
  75.     if ( (Net::Pcap::lookupnet($dev, \$net, \$mask, \$err) ) == -1 ) {
  76.         die "Net::Pcap::lookupnet failed.  Error was $err";
  77.     }
  78.  
  79.     # Actually open up our descriptor
  80.     my $pcap_t = Net::Pcap::open_live($dev, $snaplen, $promisc, $to_ms, \$err);
  81.     $pcap_t || die "Can't create packet descriptor.  Error was $err";
  82.  
  83.     if ( Net::Pcap::compile($pcap_t, \$filter_t, $filter, $opt, $net) == -1 ) {
  84.         die "Unable to compile filter string '$filter'\n";
  85.     }
  86.  
  87.     # Make sure our sniffer only captures those bytes we want in
  88.     # our filter.
  89.     Net::Pcap::setfilter($pcap_t, $filter_t);
  90.  
  91.     # Return our pcap descriptor
  92.     $pcap_t;
  93. }
  94.  
  95. # Routine to process the packet -- called by Net::Pcap::loop()
  96. # every time an appropriate packet is snagged.
  97. sub process_pkt {
  98.     my($data) = @_;
  99.  
  100.     my($ip_obj) = NetPacket::IP->decode($data);
  101.  
  102.     if($ip_obj->{proto} == IP_PROTO_UDP) {
  103.  
  104.     #decode the udp header
  105.     my($udp_obj) = NetPacket::UDP->decode($ip_obj->{data});
  106.  
  107.     #replace protocol 68 with protocol 0
  108.     $udp_obj->{data} =~ s/68/0/g;
  109.  
  110.     #re-encode the packet
  111.     $ip_obj->{data} = $udp_obj->encode($ip_obj);
  112.     $data = $ip_obj->encode;
  113.     #my($pkt) = $data->encode;
  114.     }
  115.  
  116.     #write the packet to the network layer
  117.     Net::RawSock::write_ip($data);    
  118. }
error msg
Expand|Select|Wrap|Line Numbers
  1. Script starting
  2. Use of uninitialized value in right bitshift (>>) at /usr/local/share/perl/5.8.7/NetPacket/IP.pm line 151.
  3. Use of uninitialized value in bitwise and (&) at /usr/local/share/perl/5.8.7/NetPacket/IP.pm line 152.
  4. Use of uninitialized value in unpack at /usr/local/share/perl/5.8.7/NetPacket/IP.pm line 163.
  5. Use of uninitialized value in right bitshift (>>) at /usr/local/share/perl/5.8.7/NetPacket/IP.pm line 115.
  6. Use of uninitialized value in right bitshift (>>) at /usr/local/share/perl/5.8.7/NetPacket/IP.pm line 116.
  7. Use of uninitialized value in right bitshift (>>) at /usr/local/share/perl/5.8.7/NetPacket/IP.pm line 117.
  8. Use of uninitialized value in bitwise and (&) at /usr/local/share/perl/5.8.7/NetPacket/IP.pm line 118.
  9. Use of uninitialized value in right bitshift (>>) at /usr/local/share/perl/5.8.7/NetPacket/IP.pm line 115.
  10. Use of uninitialized value in right bitshift (>>) at /usr/local/share/perl/5.8.7/NetPacket/IP.pm line 116.
  11. Use of uninitialized value in right bitshift (>>) at /usr/local/share/perl/5.8.7/NetPacket/IP.pm line 117.
  12. Use of uninitialized value in bitwise and (&) at /usr/local/share/perl/5.8.7/NetPacket/IP.pm line 118.
  13. Use of uninitialized value in numeric eq (==) at sniffer2.pl line 102.
  14.  
  15.  
May 5 '07 #1
Share this Question
Share on Google+
3 Replies


KevinADC
Expert 2.5K+
P: 4,059
Those are warnings, not errors. Does the sript do what it's supposed to do otherwise? If so, just turn off the warnings.
May 5 '07 #2

P: 4
No, it doesn't do what I need it too. For some reason $data doesn't contain all of the data within the packet. My program is just capturing the first part of the data in the packet and discarding the rest of the data. Any ideas why I'm not capturing all of the data within the packet?
May 5 '07 #3

KevinADC
Expert 2.5K+
P: 4,059
You have this:

Expand|Select|Wrap|Line Numbers
  1. sub process_pkt {
  2.     my($data) = @_;
Earlier you call the process_pkt function:

Expand|Select|Wrap|Line Numbers
  1. Net::Pcap::loop($pcap_t, -1, \&process_pkt, 0);
so the qestion is, what data is being passed to the process_pkt function in @_ ?
May 5 '07 #4

Post your reply

Sign in to post your reply or Sign up for a free account.