merrittr
New User
Jun 19, 2011, 10:50 PM
Post #1 of 4
(2196 views)
|
|
using pcap with perl problems
|
Can't Post
|
|
i am trying to adapt the code below to compile stats on packet types
in a series of pcap files unfortunatly when I go to run it I get:
root@zork:/scripts# ./pcapParse.pl
Can't locate package Exporter for @NetPacket::Ethernet::ISA at ./pcapParse.pl line 3.
Can't locate package Exporter for @NetPacket::ISA at /usr/local/share/perl/5.10.0/NetPacket/IP.pm line 17.
Can't locate package Exporter for @NetPacket::IP::ISA at ./pcapParse.pl line 4.
Can't locate package Exporter for @NetPacket::TCP::ISA at ./pcapParse.pl line 5.
Killed
any ideas?
#!/usr/bin/perl -w
use Net::TcpDumpLog;
use NetPacket::Ethernet;
use NetPacket::IP;
use NetPacket::TCP;
use strict;
use warnings;
my $log = Net::TcpDumpLog->new();
$log->read("/pcaps/pcap_2011-05-27-03:00:01.pcap");
foreach my $index ($log->indexes) {
my ($length_orig, $length_incl, $drops, $secs, $msecs) = $log->header($index);
my $data = $log->data($index);
my $eth_obj = NetPacket::Ethernet->decode($data);
next unless $eth_obj->{type} == NetPacket::Ethernet::ETH_TYPE_IP;
my $ip_obj = NetPacket::IP->decode($eth_obj->{data});
next unless $ip_obj->{proto} == NetPacket::IP::IP_PROTO_TCP;
my $tcp_obj = NetPacket::TCP->decode($ip_obj->{data});
my ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime($secs + $msecs/1000);
print sprintf("%02d-%02d %02d:%02d:%02d.%d",
$mon, $mday, $hour, $min, $sec, $msecs),
" ", $eth_obj->{src_mac}, " -> ",
$eth_obj->{dest_mac}, "\n";
print "\t", $ip_obj->{src_ip}, ":", $tcp_obj->{src_port},
" -> ",
$ip_obj->{dest_ip}, ":", $tcp_obj->{dest_port}, "\n";
}
|
MAIN
SEARCH
WHO'S 
LOG 