471,073 Members | 1,167 Online
Bytes | Software Development & Data Engineering Community
Post +

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 471,073 software developers and data experts.

Why did the packet capture program did not print any info like IP addr and port??

25
Hi,

I tried the packet capture module program.
I did a file transfer using ftp from this host to another server.

But when I ran the program, it was just hanging off and it did not print the src ip, dst ip, src port, dst port.

Should I run this program as a Daemon? If so, how do I do that?

I would appreciate your response.

Thanks,
Sangith
This is the code that is tried and I got this on this http://www.perlmonks.org/node_id=170648 website:

Expand|Select|Wrap|Line Numbers
  1. use Net::Pcap;
  2. use NetPacket::Ethernet;
  3. use NetPacket::IP;
  4. use NetPacket::TCP;
  5. use strict;
  6.  
  7. my $err;
  8.  
  9. #   Use network device passed in program arguments or if no 
  10. #   argument is passed, determine an appropriate network 
  11. #   device for packet sniffing using the 
  12. #   Net::Pcap::lookupdev method
  13.  
  14. my $dev = $ARGV[0];
  15. unless (defined $dev) {
  16.     $dev = Net::Pcap::lookupdev(\$err);
  17.     if (defined $err) {
  18.         die 'Unable to determine network device for monitoring - ', $e
  19. +rr;
  20.     }
  21. }
  22.  
  23. #   Look up network address information about network 
  24. #   device using Net::Pcap::lookupnet - This also acts as a 
  25. #   check on bogus network device arguments that may be 
  26. #   passed to the program as an argument
  27.  
  28. my ($address, $netmask);
  29. if (Net::Pcap::lookupnet($dev, \$address, \$netmask, \$err)) {
  30.     die 'Unable to look up device information for ', $dev, ' - ', $err
  31. +;
  32. }
  33.  
  34. #   Create packet capture object on device
  35.  
  36. my $object;
  37. $object = Net::Pcap::open_live($dev, 1500, 0, 0, \$err);
  38. unless (defined $object) {
  39.     die 'Unable to create packet capture on device ', $dev, ' - ', $er
  40. +r;
  41. }
  42.  
  43. #   Compile and set packet filter for packet capture 
  44. #   object - For the capture of TCP packets with the SYN 
  45. #   header flag set directed at the external interface of 
  46. #   the local host, the packet filter of '(dst IP) && (tcp
  47. #   [13] & 2 != 0)' is used where IP is the IP address of 
  48. #   the external interface of the machine.  For 
  49. #   illustrative purposes, the IP address of 127.0.0.1 is 
  50. #   used in this example.
  51.  
  52. my $filter;
  53. Net::Pcap::compile(
  54.     $object, 
  55.     \$filter, 
  56.     '(dst 127.0.0.1) && (tcp[13] & 2 != 0)', 
  57.     0, 
  58.     $netmask
  59. ) && die 'Unable to compile packet capture filter';
  60. Net::Pcap::setfilter($object, $filter) &&
  61.     die 'Unable to set packet capture filter';
  62.  
  63. #   Set callback function and initiate packet capture loop
  64.  
  65. Net::Pcap::loop($object, -1, \&syn_packets, '') ||
  66.     die 'Unable to perform packet capture';
  67.  
  68. Net::Pcap::close($object);
  69.  
  70.  
  71. sub syn_packets {
  72.     my ($user_data, $header, $packet) = @_;
  73.  
  74.     #   Strip ethernet encapsulation of captured packet 
  75.  
  76.     my $ether_data = NetPacket::Ethernet::strip($packet);
  77.  
  78.     #   Decode contents of TCP/IP packet contained within 
  79.     #   captured ethernet packet
  80.  
  81.     my $ip = NetPacket::IP->decode($ether_data);
  82.     my $tcp = NetPacket::TCP->decode($ip->{'data'});
  83.  
  84.     #   Print all out where its coming from and where its 
  85.     #   going to!
  86.  
  87.     print
  88.         $ip->{'src_ip'}, ":", $tcp->{'src_port'}, " -> ",
  89.         $ip->{'dest_ip'}, ":", $tcp->{'dest_port'}, "\n";
  90. }
  91.  
  92.  
Jun 26 '07 #1
1 3166
numberwhun
3,503 Expert Mod 2GB
This is the code that is tried and I got this on this http://www.perlmonks.org/node_id=170648 website:
First, I tried to go to the link to PerlMonks, but it isn't there (just a nice 404 page).

My suggestion is to wander back over to PerlMonks (and hopefully to the correct URL) and re-read the page to see if it gives you more information about how to run it and such. Also, if that does not work, then you may want to pose the question to PerlMonks by posting a node. It takes only a couple minutes to sign up over there if you haven't already and the community itself is quite rich with knowledge.

Regards,

Jeff
Jun 30 '07 #2

Post your reply

Sign in to post your reply or Sign up for a free account.

Similar topics

11 posts views Thread by anuradha.k.r | last post: by
3 posts views Thread by Simon | last post: by
12 posts views Thread by David Sworder | last post: by
5 posts views Thread by pmm | last post: by
2 posts views Thread by diffuser78 | last post: by
reply views Thread by leo001 | last post: by

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.