CGI/Perl Guide | Learning Center | Forums | Advertise | Login
Site Search: in

  Main Index MAIN
INDEX
Search Posts SEARCH
POSTS
Who's Online WHO'S
ONLINE
Log in LOG
IN

Home: Perl Programming Help: Intermediate: $Log->Read() -Multiple Files Help-: Edit Log



jboy4
Novice

Jan 24, 2012, 2:25 PM


Views: 3079
$Log->Read() -Multiple Files Help-

Hi i have been working on a program to read my pcap files and having issues with the code reading multiple files. I had it hard coded before to read a single Pcap file at a time but we are now producing multiple pcap files and need it to be able to read a directory of pcap files at a time. Please help me with fix my code!




Code
 #!/usr/bin/perl -w   


use DBI;
use Net::TcpDumpLog;
use NetPacket::Ethernet;
use NetPacket::IP;
use NetPacket::TCP;
use Net::Pcap;


#Login to mysql
$dbh = DBI->connect('DBI:mysql:test', 'root', 'root'
) || die "Could not connect to +database: $DBI::errstr";

####HERE TO EXIT NEEDS WORK!my $dir = 'C:\\Documents and Settings\\jordant\\Desktop\\Dump\\';

opendir(DIR, $dir) or die $!;

while (my $file = readdir(DIR)) {

# We only want files
next unless (-f "$dir/$file");

# Use a regular expression to find files ending in .pcap
next unless ($file =~ m/\.pcap$/);

my $log = Net::TcpDumpLog->new();
$log->read($file)
}
print $file;
exit 0;




#INFO from PCAP file
foreach my $index ($log->indexes) {
my ($length_orig, $length_incl, $drops, $secs, $msecs) = $log->header($index);
my $data = $log->data($index);



my $eth_obj = NetPacket::Ethernet->decode($data);
next unless $eth_obj->{type} == NetPacket::Ethernet::ETH_TYPE_IP;


my $ip_obj = NetPacket::IP->decode($eth_obj->{data});
next unless $ip_obj->{proto} == NetPacket::IP::IP_PROTO_TCP;

my $tcp_obj = NetPacket::TCP->decode($ip_obj->{data});





#get date time stamp of packet
my ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime($secs + $msecs/1000);
$mon+=1;
my $time = sprintf("%02d-%02d %02d:%02d:%02d",
$mon, $mday, $hour, $min, $sec);





#Info in Table

$dbh->do( "INSERT INTO test2 (Date,Source,Destination,Packets,Port)
values (
'$time',
'$ip_obj->{src_ip}',
'$ip_obj->{dest_ip}',
'$ip_obj->{len}',
'$tcp_obj->{dest_port}')");


}





Right now my issue is it gives back a ERROR: Can't read log 2.pcap: no such file or directory.



The area that needs work is #### please let me know if you can help. Thanks


PS: The print and exit below the bold were only to diagnose the issue.


(This post was edited by jboy4 on Jan 24, 2012, 2:27 PM)


Edit Log:
Post edited by jboy4 (Novice) on Jan 24, 2012, 2:27 PM


Search for (options) Powered by Gossamer Forum v.1.2.0

Web Applications & Managed Hosting Powered by Gossamer Threads
Visit our Mailing List Archives