NAME
Net::Packet - a unified framework to read and write packets over networks from layer 2 to layer 7
CLASS HIERARCHY
Net::Packet
|
+---Net::Packet::Dump
|
+---Net::Packet::Desc
| |
| +---Net::Packet::DescL2
| |
| +---Net::Packet::DescL3
| |
| +---Net::Packet::DescL4
| |
| +---Net::Packet::DescL7
|
+---Net::Packet::Frame
|
+---Net::Packet::Layer
|
+---Net::Packet::Layer2
| |
| +---Net::Packet::ETH
|
+---Net::Packet::Layer3
| |
| +---Net::Packet::ARP
| |
| +---Net::Packet::IPv4
|
+---Net::Packet::Layer4
| |
| +---Net::Packet::TCP
| |
| +---Net::Packet::UDP
| |
| +---Net::Packet::ICMPv4
|
+---Net::Packet::Layer7
Net::Packet::Simple
DESCRIPTION
This module is a unified framework to craft, send and receive packets at layers 2, 3, 4 and 7 (but 4 and 7 are just here for completeness, they have not been thoroughly tested. And you should use IO::Socket for layer 7, anyway).
Basically, you forge each layer of a frame (Net::Packet::IPv4 for layer 3, Net::Packet::TCP for layer 4 ; for example), and pack all of this into a Net::Packet::Frame object. Then, you can write it to the network, and use Net::Packet::Dump to receive responses.
GETTING STARED
When you use Net::Packet for the first time in a program, three package variables are automatically set in Net::Packet module: $Net::Packet::Dev, $Net::Packet::Ip, and $Net::Packet::Mac. They are taken from the default interface on your machine, the one taken by tcpdump when not user specified. I recommand you to set the package variable $Net::Packet::Debug to 3 when you are a beginner with this module.
use Net::Packet;
$Net::Packet::Debug = 3;
Let's create your first Net::Packet::Frame. We will build a TCP packet and send it at layer 3, so we must craft Net::Packet::IPv4 and Net::Packet::TCP headers.
use Net::Packet::Frame;
my $ip = Net::Packet::IPv4->new(
dst => $desc->ipDst,
);
my $tcp = Net::Packet::TCP->new(
dst => 22,
);
You do not need to set the source IP, since it will be taken from the package variable $Net::Packet::Ip. Also, reasonable defaults are set for other fields in those two layers. See Net::Packet::IPv4 and Net::Packet::TCP for more. If you need to change default interface and/or IP, you can always overwrite it at the beginning of your program by manually setting $Net::Packet::Dev and/or $Net::Packet::Ip.
You have your layers 3 and 4, you can pack all into a frame:
my $frame = Net::Packet::Frame->new(l3 => $ip, l4 => $tcp);
This step also automatically creates the descriptor that will be used to send frames over the network. That is, since you create a frame starting at layer 3, a Net::Packet::DescL3 object will be automatically created. The global $Net::Packet::Desc will be set to point to it. If you do not want to have an auto-creation of descriptor, you can always create it manually before calling Net::Packet::Frame->new, it will not be overwritten. See Net::Packet::Desc.
Also, a Net::Packet::Dump object is created (that is a tcpdump-like process), but not started for now. The $Net::Packet::Dump global is also written to point to it. If you do not want it to be auto-created, you can create one manually before calling Net::Packet::Frame->new for the first time. See Net::Packet::Dump.
Then, your frame is ok, you can send it over the network in order to receive your response:
$frame->send;
When the first frame is sent using this method, the Net::Packet::Dump process is started, and ready to receive replies, unless it is already started.
You can sleep a few seconds, and then analyze for the response (if any):
sleep(3);
$Net::Pkt::Dump->analyze; # Analyze what have been captured by tcpdump, and
# unpack all frames into Net::Packet::Frame format
my $reply = $frame->recv; # Get the Net::Packet::Frame corresponding to
# the Net::Packet::Frame request from captured
# frames stored in $Net::Packet::Dump->frames
# Print response content, if any
if ($reply) {
$reply->ipPrint;
$reply->tcpPrint;
}
An alternative way is to use the global $Net::Packet::Timeout, which is set to 1 if no frame at all have been received from a certain amount of time. Be sure to create a Net::Packet::Dump object with a good pcap filter, because even if the packet read from the network is not destinated to your request, it resets the timeout. See Net::Packet::Dump.
until ($Net::Packet::Timeout) {
if ($Net::Packet::Dump->next && $frame->recv) {
print "\nReply:\n";
$frame->reply->ipPrint;
$frame->reply->tcpPrint;
last;
}
}
The method next only analyze for the next captured frame, but the analyze method is more a one shot since it analyzes all captured frames. See Net::Packet::Dump.
For more examples, see the examples directory in the source tarball.
AUTHOR
Patrice <GomoR> Auffret
COPYRIGHT AND LICENSE
Copyright (c) 2004, Patrice <GomoR> Auffret
You may distribute this module under the terms of the Artistic license. See Copying file in the source distribution archive.
RELATED MODULES
NetPacket, Net::RawIP, Net::RawSock
1 POD Error
The following errors were encountered while parsing the POD:
- Around line 365:
Non-ASCII character seen before =encoding in '# Analyze'. Assuming CP1252