By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
446,267 Members | 1,861 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 446,267 IT Pros & Developers. It's quick & easy.

Why did the packet capture program did not print any info like IP addr and port??

P: 25
Hi,

I tried the packet capture module program.
I did a file transfer using ftp from this host to another server.

But when I ran the program, it was just hanging off and it did not print the src ip, dst ip, src port, dst port.

Should I run this program as a Daemon? If so, how do I do that?

I would appreciate your response.

Thanks,
Sangith
This is the code that is tried and I got this on this http://www.perlmonks.org/node_id=170648 website:

Expand|Select|Wrap|Line Numbers
  1. use Net::Pcap;
  2. use NetPacket::Ethernet;
  3. use NetPacket::IP;
  4. use NetPacket::TCP;
  5. use strict;
  6.  
  7. my $err;
  8.  
  9. #   Use network device passed in program arguments or if no 
  10. #   argument is passed, determine an appropriate network 
  11. #   device for packet sniffing using the 
  12. #   Net::Pcap::lookupdev method
  13.  
  14. my $dev = $ARGV[0];
  15. unless (defined $dev) {
  16.     $dev = Net::Pcap::lookupdev(\$err);
  17.     if (defined $err) {
  18.         die 'Unable to determine network device for monitoring - ', $e
  19. +rr;
  20.     }
  21. }
  22.  
  23. #   Look up network address information about network 
  24. #   device using Net::Pcap::lookupnet - This also acts as a 
  25. #   check on bogus network device arguments that may be 
  26. #   passed to the program as an argument
  27.  
  28. my ($address, $netmask);
  29. if (Net::Pcap::lookupnet($dev, \$address, \$netmask, \$err)) {
  30.     die 'Unable to look up device information for ', $dev, ' - ', $err
  31. +;
  32. }
  33.  
  34. #   Create packet capture object on device
  35.  
  36. my $object;
  37. $object = Net::Pcap::open_live($dev, 1500, 0, 0, \$err);
  38. unless (defined $object) {
  39.     die 'Unable to create packet capture on device ', $dev, ' - ', $er
  40. +r;
  41. }
  42.  
  43. #   Compile and set packet filter for packet capture 
  44. #   object - For the capture of TCP packets with the SYN 
  45. #   header flag set directed at the external interface of 
  46. #   the local host, the packet filter of '(dst IP) && (tcp
  47. #   [13] & 2 != 0)' is used where IP is the IP address of 
  48. #   the external interface of the machine.  For 
  49. #   illustrative purposes, the IP address of 127.0.0.1 is 
  50. #   used in this example.
  51.  
  52. my $filter;
  53. Net::Pcap::compile(
  54.     $object, 
  55.     \$filter, 
  56.     '(dst 127.0.0.1) && (tcp[13] & 2 != 0)', 
  57.     0, 
  58.     $netmask
  59. ) && die 'Unable to compile packet capture filter';
  60. Net::Pcap::setfilter($object, $filter) &&
  61.     die 'Unable to set packet capture filter';
  62.  
  63. #   Set callback function and initiate packet capture loop
  64.  
  65. Net::Pcap::loop($object, -1, \&syn_packets, '') ||
  66.     die 'Unable to perform packet capture';
  67.  
  68. Net::Pcap::close($object);
  69.  
  70.  
  71. sub syn_packets {
  72.     my ($user_data, $header, $packet) = @_;
  73.  
  74.     #   Strip ethernet encapsulation of captured packet 
  75.  
  76.     my $ether_data = NetPacket::Ethernet::strip($packet);
  77.  
  78.     #   Decode contents of TCP/IP packet contained within 
  79.     #   captured ethernet packet
  80.  
  81.     my $ip = NetPacket::IP->decode($ether_data);
  82.     my $tcp = NetPacket::TCP->decode($ip->{'data'});
  83.  
  84.     #   Print all out where its coming from and where its 
  85.     #   going to!
  86.  
  87.     print
  88.         $ip->{'src_ip'}, ":", $tcp->{'src_port'}, " -> ",
  89.         $ip->{'dest_ip'}, ":", $tcp->{'dest_port'}, "\n";
  90. }
  91.  
  92.  
Jun 26 '07 #1
Share this Question
Share on Google+
1 Reply


numberwhun
Expert Mod 2.5K+
P: 3,503
This is the code that is tried and I got this on this http://www.perlmonks.org/node_id=170648 website:
First, I tried to go to the link to PerlMonks, but it isn't there (just a nice 404 page).

My suggestion is to wander back over to PerlMonks (and hopefully to the correct URL) and re-read the page to see if it gives you more information about how to run it and such. Also, if that does not work, then you may want to pose the question to PerlMonks by posting a node. It takes only a couple minutes to sign up over there if you haven't already and the community itself is quite rich with knowledge.

Regards,

Jeff
Jun 30 '07 #2

Post your reply

Sign in to post your reply or Sign up for a free account.