NAME
Net::Packet::Shell - Scapy like implementation using Net::Packet, just to prove it
SYNOPSIS
perl -MNet::Packet::Shell -e nps
# Optional, just to change default interface and related
nps> $Env->updateDevInfo('127.0.0.1')
# Basic example IPv4 with TCP
# See also examples/ip4-tcp.pl for a scripted version
nps> sd F(IPv4,TCP(dst=>443))
# Advanced example: an IPv6 frame within IPv4
# See also examples/ip6-within-ip4.pl for a scripted version
nps> $ip6=F(IPv6,TCP)
nps> $Env->doIPv4Checksum(1); $Env->noFrameComputeLengths(1)
nps> $ip4=F(ETH,IPv4(protocol=>NP_IPv4_PROTOCOL_IPv6, \
length=>NP_IPv4_HDR_LEN+$ip6->getLength))
nps> sr $ip4->raw.$ip6->raw
# Sniffing (an IPv6 frame within IPv4 is shown)
nps> sniff
L2:+ETH: dst:ff:ff:ff:ff:ff:ff src:ff:ff:ff:ff:ff:ff type:0x0800
L3:+IPv4: version:4 hlen:5 tos:0x00 length:60 id:36492
L3: IPv4: flags:0x00 offset:0 ttl:128 protocol:0x29 checksum:0xae0a
L3: IPv4: src:127.0.0.1 dst:127.0.0.1
L3:+IPv6: version:6 trafficClass:0x00 flowLabel:0x00000 nextHeader:0x06
L3: IPv6: payloadLength:20 hopLimit:255
L3: IPv6: src:::1 dst:::1
L4:+TCP: src:20692 dst:0 seq:0x7bf55f60 ack:0x0000
L4: TCP: off:0x05 x2:0x0 flags:0x2 win:65535 checksum:0x83b7 urp:0x00
# Sniffing with filter
nps> sniff('tcp')
# Dsniff tiny implementation
nps> dsniff
# Dsniff tiny implementation with filter
nps> dsniff('tcp and port 110')
# Read a pcap file
nps> read('file.pcap')
DESCRIPTION
Net::Packet::Shell is, as the name imply, a shell program to use Net::Packet. With it, you will be able to send crafted frames (via Net::Packet::Frame), or send raw data using directly related layers you wish to use.
It is also scriptable, while personaly I prefer to directly use Net::Packet for scripted tasks. You can see examples scripts from examples directory in the source tarball.
The main behaviour of Net::Packet::Shell is driven by a Net::Packet::Env object. I suggest you to read the man page (... now). Basically, the default $Env object used has the following values set: noFramePadding(1), noFrameComputeLengths(0), noFrameComputeChecksums(0), doIPv4Checksum(0).
These default values change when you send a frame with sd2 or sd3 (and sd, we will see that), to comply with kernel restrictions, and hopefully to help the user automate simple tasks. But at the end of the send call, default values will be reset as they were originally.
You can use sr if you want to fully control the sending process. With this method, you simply pass a raw string (and not a Net::Packet::Frame object), and it is directly written at layer 2 on the network. In this case, you are in charge of handling checksums, and lengths of the frame. There are helpers, though.
For a guide on how to use these helpers, see Net::Packet::Frame and Net::Packet::Env.
GENERAL FUNCTIONS
- nps
-
This is the function to run for starting Net::Packet::Shell. You will then be able to use the following functions. You do not use this function at all if you want to script Net::Packet::Shell. See SYNOPSIS.
- sr (raw scalar string)
-
You pass a raw string as a parameter, and it is directly written to the network, with no analyze at all. No checksums, no lengths will be computed before sending, you are on your own.
- sd (Net::Packet::Frame)
-
This one is a wrapper around sd2 and sd3. That is, it will use internally sd2 to send frame if it has a layer 2 built-in. If will use internally sd3 if the frame has a layer3 buil-in, and no a layer 2.
After a successfull call to sd, or sd2, or sd3, Net::Packet::Env env object will be reinitialized to default behaviour for Net::Packet::Shell.
- sd2 (Net::Packet::Frame)
-
Sending frame here will auto-compute checksums and lengths, when implemented in the respective layers. Frame will be sent at layer 2.
- sd3 (Net::Packet::Frame)
-
Sending frame here will auto-compute checksums and lengths, when implemented in the respective layers. Frame will be sent at layer 3.
- read (file)
-
You pass a pcap file as a parameter, and it will be decoded and each frames printed to standard output.
- sniff [ (pcap filter) ]
-
This function will sniff the network using the default interface (set by default Net::Packet::Env env object). It will decode each seen frames, and print them to standard output.
You can pass a pcap filter as a parameter to select only the traffic you want.
- dsniff [ (pcap filter) ]
-
This is a small implementation of Dug Song's Dsniff tool.
You can pass a pcap filter as a parameter to select only the traffic you want.
- F
-
Function packager for various layers. This is equivalent to Net::Packet::Frame. When a frame object is created with various layers, they will be packed, and assembled into a raw string.
If Net::Packet::Env env object has its attributes noFrameComputeChecksums, noFrameComputeLengths, doIPv4Checksum set to true of false values, it will have an impact on the packing of the frame.
So, the packing will compute checksums and lengths, only if you tell it via this Net::Packet::Env env object.
LAYER FUNCTIONS
All the following functions handles respective layers. To know more about parameters they take, see respective Net::Packet pod (example for ETH: Net::Packet::ETH).
- ARP [ (hash) ]
- CDP [ (hash) ]
- ETH [ (hash) ]
- ICMPv4 [ (hash) ]
- IGMPv4 [ (hash) ]
- IPv4 [ (hash) ]
- IPv6 [ (hash) ]
- LLC [ (hash) ]
- NULL [ (hash) ]
- OSPF [ (hash) ]
- PPP [ (hash) ]
- PPPLCP [ (hash) ]
- PPPoE [ (hash) ]
- RAW [ (hash) ]
- SLL [ (hash) ]
- STP [ (hash) ]
- TCP [ (hash) ]
- UDP [ (hash) ]
- VLAN [ (hash) ]
SEE ALSO
Net::Packet, Net::Packet::Env, Net::Packet::Frame
AUTHOR
Patrice <GomoR> Auffret
COPYRIGHT AND LICENSE
Copyright (c) 2006-2010, Patrice <GomoR> Auffret
You may distribute this module under the terms of the Artistic license. See LICENSE.Artistic file in the source distribution archive.