Check::NetworkSpans - See if bidirectional traffic is being seen on spans.
Version 0.0.2
use Check::NetworkSpans;
my $span_checker = Check::NetworkSpans->new(
['em0', 'em1'],
['em2', 'em3'],
Initiates the object.
- spans :: A array of arrays. Each sub array is a list of interfaces
to check. If not defined it will check all interfaces and treat
them as one span.
- Default :: undef
- ignore_IPs :: A array of IPs to ignore.
- Default :: undef
- auto_ignore :: If true, then will ignore all IP on that machine. Only
for the first IP of the interface.
- Default :: 1
- packets :: Number of packets to gather for a interface for checking.
- Default :: 5000
- duration :: Number of seconds to limit the run to.
- Default :: 60
- ports :: Common ports to look for. Anything here will override the defaults.
- Default :: [ 22, 53, 80, 88, 135, 389, 443, 445, 3389, 3306, 5432 ]
- additional_ports :: Additional ports to look for.
- Default :: [ ]
- span_names :: Optional name for spans. Name corresponds to index of spans array.
- Default :: [ ]
my $span_checker = Check::NetworkSpans->new(
spans => \@spans,
ignore_IPs => \@ignore_IPs,
auto_ignore => $auto_ignore,
packets => $packets,
duration => $duration,
ports => \@ports,
additional_ports => \@additional_ports,
no_packets => 2,
no_packets_to_ignore => {},
low_packets => 1,
low_packets_to_ignore => {},
no_streams => 2,
no_streams_to_ignore => {},
missing_interface => 3,
missing_interface_to_ignore => {},
Below are the options controlling alerting and what to ignore.
- no_packets :: If the span has no packets.
Value :: alert level
Default :: 2
- no_packets_to_ignore ::
Value :: array of spans or span names
Default :: []
- low_packets :: If the span has fewer packets than the amount specified by packets.
Value :: alert level
Default :: 1
- low_packets_to_ignore :: What to ignore for low_packets.
Value :: array of spans or span names
Default :: []
- no_streams :: No bidirectional TCP/UDP streams were found between IP addresses.
Value :: alert level
Default :: 2
- no_streams_to_ignore :: What to ignore for no_streams.
Value :: array of spans or span names
Default :: []
- missing_interface :: A interface is missing.
Value :: alert level
Default :: 3
- missing_interface_to_ignore :: What to ignore for missing_interface.
Value :: array interfaces
Default :: []
- port_check :: No traffic was found on the expected ports.
Value :: alert level
Default :: 1
- port_check_to_ignore :: What to ignore for port_check.
Value :: array of spans or span names
Default :: []
Levels are as below.
- 0 :: OK
- 1 :: WARNING
- 2 :: ALERT
- 3 :: ERROR
Runs the check. This will call tshark and then disect that captured PCAPs.
my $results = $span_checker->check;
use Data::Dumper;
print Dumper($results);
The returned value is a hash. The keys are as below.
- oks :: An array of items that were considered OK.
- warnings :: An array of items that were considered warnings.
- criticals :: An array of items that were considered criticals.
- ignored :: An array of items that were ignored.
- status :: Alert status integer.
Returns span name for display purposes.
Returns span name for check purposes.
Zane C. Bowers-Hadley, <vvelox at>
Please report any bugs or feature requests to bug-check-networkspans at
, or through the web interface at I will be notified, and then you'll automatically be notified of progress on your bug as I make changes.
You can find documentation for this module with the perldoc command.
perldoc Check::NetworkSpans
You can also look for information at:
RT: CPAN's request tracker (report bugs here)
CPAN Ratings
Search CPAN
This software is Copyright (c) 2024 by Zane C. Bowers-Hadley.
This is free software, licensed under:
The GNU General Public License, Version 2, June 1991