NAME
Net::Pkt::Dump - an interface for a tcpdump-like process and a frame analyzer
SYNOPSIS
#
# Example offline analysis
#
use Net::Pkt::Dump;
my $dump = Net::Pkt::Dump->new(filter => "tcp and dst host $Net::Pkt::Ip");
$dump->start;
# Code sending packets
$dump->stop;
for ($dump->analyze) {
# Play with what have been captured
# See Net::Pkt::Frame for packet format
}
#
# Example live analysis
#
use Net::Pkt::Dump;
my $dump = Net::Pkt::Dump->new(
filter => "tcp and dst host $Net::Pkt::Ip",
timeoutOnNext => 5,
callStart => 1,
);
until ($Net::Pkt::Timeout) {
# Code sending packets here
if ($dump->next) {
$dump->nextFrame->l3->print;
# Code analyzing reply here
}
}DESCRIPTION
This module provides an interface for a tcpdump-like process creator and a frame analyzer. When you call the new method, an object is returned with some default values set.
OPTIONS
- callStart < BOOL >
-
If set to a true value, the start method will be called on the new object creation. The default is false.
- file < SCALAR >
-
This specifies in which file to store the captured frames, stored in a .pcap format file. The default is to create a randomly named file (like netpkt-tmp-PID-RANDOM32BITSINT.pcap).
- unlinkAfterAnalyze < SCALAR >
-
When set to 1, the file used to capture frames will be deleted after the call to analyze method (and the array frames contains the parsed frames). The default is to not remove the file after analyze.
- filter < SCALAR >
-
This sets the filter used to capture frames, in a pcap filter format. You can use the method Net::Pkt::Frame::getFilter to automatically set it from a Net::Pkt::Frame object. See Net::Pkt::Frame. The default is to set an empty filter, in order to capture all frames.
- overwrite < SCALAR >
-
When set to 1, will overwrite an existing file. If not, it will only analyze an existing one, or create a new file if it does not exist. The default is to not overwrite.
- waitOnStop < SCALAR >
-
When you call the stop method, you can specify a timeout before stopping the capture. The default is to sleep for 3 seconds.
- noStore < SCALAR >
-
When set to 1, the method next will not add the analyzed frame into the frames array, in order to avoid memory exhaustion. The default is to store frames (so to perform memory exhaustion ;) ).
- timeoutOnNext < SCALAR >
-
When set to a value, a timeout will occur if no new frame is received within the SCALAR value seconds. The default is 3 seconds. A 0 value means no timeout at all. If a timeout occur, the global $Net::Pkt::Dump is set to a true value.
METHODS
- new ( OPTIONS )
-
Create an object. The global $Net::Pkt::Dump variable will be set to the newly created object.
- start
-
Start packet capture, the file specified is created, unless it exists and the overwrite option is not set.
- stop
-
Stop packet capture.
- analyze
-
Parse captured packets (from a .pcap file) and return an array of Net::Pkt::Frame objects. The file is removed is the unlinkAfterAnalyze option is set.
- frames
-
Returns the analyzed frames as an array of Net::Pkt::Frame objects, or an empty array if none have been analyzed.
- next
-
Returns the next captured frame as a Net::Pkt::Frame object. Returns undef if no frame is waiting to be analyzed. By default, all new captured frames are stored into the frames array (accessed through frames method). The noStore option avoids this. If you have used the timeoutOnNext option, the global $Net::Pkt::Timeout will be set to a true value, and undef value returned. Also, when the next awaiting frame is captured, it is stored in the nextFrame object data.
AUTHOR
Patrice <GomoR> Auffret
COPYRIGHT AND LICENSE
Copyright (c) 2004, Patrice <GomoR> Auffret
You may distribute this module under the terms of the Artistic license. See Copying file in the source distribution archive.