filtering packets from a specific ip using perl and Net::Pcap and Net::PcapUtils -


i've been trying write script filters packets out of device , specific ip address on device.

i want data output wireshark when select specific device , use ip.src==xx.xx.xx.xx

my program far this

    #!/usr/bin/perl -w $interface='eth1';  sub process_pkt #packet processing routine  {  ($user_data,$header, $packet) = @_;  $minipacket = substr($packet,0,54);   print ("\n## raw: ###\n");  print ($minipacket); print ("\n==byte# / hex / dec / bin==\n");  ($i=0;$i<55;$i++)  {  $hexval = unpack('h2',substr($packet,$i,1));   $decval = hex(unpack('h2',substr($packet,$i,1)));  printf ("%03s-%02s-%03s-%08b\n", $i, $hexval, $decval, $decval);  } } # ######################################################################   # here invoking netpcap module , looping through forever. net::pcaputils::loop(\&process_pkt,   snaplen => 65536, #size of data packet  promisc => 1, #put in promiscuous mode filter => 'tcp', #only pass tcp packets  dev => $interface, );

and getting output output

now want filter out packets received on eth1 device , soruce ip of xx.xx.xx.xx can use filter option in net::pcaputils::loop that? , want packets of data length xx ... tried going through documentation in cpan.org find options available.. couldn't find examples..

can please me out?

improvements:

can use 

filter => 'ip src xx.xx.xx.xx'

after 

filter => 'tcp'

line in code? , can somehow include data length of packet filter packets of data length = 86?

alternative program using payload of packet:

#!/usr/bin/perl -w # ######################### # use net::pcaputils; use netpacket::ethernet qw(:strip); use netpacket::ip; use netpacket::tcp; use netpacket::ip qw(:strip);  $interface= 'eth1'; $snaplen= 65536; $filter='tcp'; $promisc = 1; $timeout = 10000 ; $err;  sub process_pkt {     ($user_data,$header,$packet) = @_;  $ip= netpacket::ip->decode(eth_strip($packet));     $tcp= netpacket::tcp->decode($ip->{data});     $payload = $tcp->{data};     print ("payload: \n ".$payload." \n----end-----\n");     for($i=0;$i<55;$i++){        $hexval = unpack('h2',substr($payload,$i,1));     open (myfile, '>>perldata1.txt');     print myfile ($i." :hex: ". $hexval."\n");     close (myfile);     } }  net::pcaputils::loop(\&process_pkt,             snaplen => 65536,             promisc => 1,             filter => 'tcp',             filter => 'ip src 129.7.236.40',             dev => $interface, );

but still not able figure out how length of data field. :( thanks. 

#!/usr/bin/perl -w # ######################### # use net::pcaputils; use netpacket::ethernet qw(:strip); use netpacket::ip; use netpacket::tcp; use netpacket::ip qw(:strip); use strict; use data::dumper; #use warnings;  $interface= 'eth1'; $snaplen= 65536; $filter='tcp'; $promisc = 1; $timeout = 10000 ; $err; @array; sub process_pkt {     ($user_data,$header,$packet) = @_;  $ip= netpacket::ip->decode(eth_strip($packet));     $tcp= netpacket::tcp->decode($ip->{data});     $payload = $tcp->{data};      if(length($payload)==32)     {     for(my $decode=0;$decode<32;$decode++)     {        $array[$decode] = unpack('h2',substr($payload,$decode,1));     }     $length= scalar(@array);     open (myfile, '>doorstatus.tab');     if($array[22] eq '0c')         {             print myfile ( " decision: granted\n");         }     elsif($array[22] eq '04')     {     print myfile ("decision: denied\n");     }     elsif($array[22] eq '0d')     {     print myfile ("decision: locked\n");     }     else     {     print myfile ("decision: unknown \n");     }      #print myfile ( " data: \n".dumper(\@array)." \n");      close (myfile);     } }  net::pcaputils::loop(\&process_pkt,             snaplen => 65536,             promisc => 1,             filter => 'tcp',             filter => 'ip src xx.xx.xx.xx',             dev => $interface, );

the code filters data coming specific source array , can thing it,


Comments

Post a Comment

Popular posts from this blog

linux - xterm copying to CLIPBOARD using copy-selection causes automatic updating of CLIPBOARD upon mouse selection -

i've tried various ways coerce xterm (versions 285 , 292) copy selection clipboard clipboard whenever press ctrl-shift-c. promising way far has been, in ~/.xresources, put this: xterm*vt100.translations: #override \ ctrl shift <keypress> c: copy-selection(clipboard) \n\ ctrl shift <keypress> v: insert-selection(clipboard) ctrl-shift-v works perfectly, copying has nuance... if restart xterm, highlighting text puts things in primary clipboard; expected, proper, default behavior. if hit ctrl-shift-c, copies current selection clipboard clipboard. the bug, however, if highlight text after first time pressed ctrl-shift-c, you'll see highlighting copies both primary and clipboard. cannot figure out how stop xterm updating clipboard upon selection... , doesn't make sense me in first place. i said, @ specific point in time, copy selection clipboard... yet starts updating automatically upon selection after doing once... anyone have workaround...
Read more

c++ - qgraphicsview horizontal scrolling always has a vertical delta -

Image
i've subclassed qgraphicsview custom canvas used in cad application. i've reimplemented qgraphicsview::wheelevent check keyboard modifiers control key and, if control key pressed, zoom. i'm trying implement horizontal scroll when user holds shift , uses wheel. the problem i'm having horizontal scrolling always scrolls 0.279. not huge problem, hugely annoying , points else being wrong. so, here questions: is right way implement horizontal scrolling? if not, is? how eliminate delta of 0.279? thanks in advance. code , sample output below void myview::zoom(int delta) { double factor = pow(1.2, delta/abs(delta)); this->scale(factor, factor); } void myview::scrollhorizontal(int level) { qpointf center = maptoscene(viewport()->rect().center()); qdebug() << "center: " << center.x() << ", " << center.y(); centeron(qpointf(center.x() - level, center.y())); } void myview::wheelevent(qwheeleve...
Read more