CGI/Perl Guide | Learning Center | Forums | Advertise | Login
Site Search: in

  Main Index MAIN
INDEX 		Search Posts SEARCH
POSTS 		Who's Online WHO'S
ONLINE 		Log in LOG
IN

Home: Perl Programming Help: Intermediate:
$Log->Read() -Multiple Files Help-

 


jboy4
Novice

Jan 24, 2012, 2:25 PM

Post #1 of 15 (2453 views)
$Log->Read() -Multiple Files Help- Can't Post
Hi i have been working on a program to read my pcap files and having issues with the code reading multiple files. I had it hard coded before to read a single Pcap file at a time but we are now producing multiple pcap files and need it to be able to read a directory of pcap files at a time. Please help me with fix my code!



Code
 #!/usr/bin/perl -w   
  
  
 use DBI;  
 use Net::TcpDumpLog;  
 use NetPacket::Ethernet;  
 use NetPacket::IP;  
 use NetPacket::TCP;  
 use Net::Pcap;   
  
  
 #Login to mysql  
$dbh = DBI->connect('DBI:mysql:test', 'root', 'root'  
            ) || die "Could not connect to +database: $DBI::errstr";   
  
  ####HERE TO EXIT NEEDS WORK!my $dir = 'C:\\Documents and Settings\\jordant\\Desktop\\Dump\\';   
  
    opendir(DIR, $dir) or die $!;   
  
    while (my $file = readdir(DIR)) {   
  
        # We only want files  
        next unless (-f "$dir/$file");   
  
        # Use a regular expression to find files ending in .pcap  
        next unless ($file =~ m/\.pcap$/);   
  
     my $log = Net::TcpDumpLog->new();  
      $log->read($file)  
      }  
       print $file;  
    exit 0;   
  
  
  
  
   #INFO from PCAP file  
foreach my $index ($log->indexes) {  
  my ($length_orig, $length_incl, $drops, $secs, $msecs) = $log->header($index);  
  my $data = $log->data($index);   
  
  
  
  my $eth_obj = NetPacket::Ethernet->decode($data);  
  next unless $eth_obj->{type} == NetPacket::Ethernet::ETH_TYPE_IP;   
  
  
  my $ip_obj = NetPacket::IP->decode($eth_obj->{data});  
  next unless $ip_obj->{proto} == NetPacket::IP::IP_PROTO_TCP;   
  
  my $tcp_obj = NetPacket::TCP->decode($ip_obj->{data});   
  
  
  
  
  
      #get date time stamp of packet  
my ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime($secs + $msecs/1000);  
    $mon+=1;  
  my $time = sprintf("%02d-%02d %02d:%02d:%02d",  
    $mon, $mday, $hour, $min, $sec);   
  
  
  
  
  
  #Info in Table   
  
  $dbh->do( "INSERT INTO  test2 (Date,Source,Destination,Packets,Port)  
                        values (  
                        '$time',  
                        '$ip_obj->{src_ip}',  
                        '$ip_obj->{dest_ip}',  
                        '$ip_obj->{len}',  
                        '$tcp_obj->{dest_port}')");   
  
  
  }



Right now my issue is it gives back a ERROR: Can't read log 2.pcap: no such file or directory.



The area that needs work is #### please let me know if you can help. Thanks


PS: The print and exit below the bold were only to diagnose the issue.


(This post was edited by jboy4 on Jan 24, 2012, 2:27 PM)


FishMonger
Veteran

Jan 24, 2012, 2:45 PM

Post #2 of 15 (2450 views)
Re: [jboy4] $Log->Read() -Multiple Files Help- [In reply to] Can't Post
I have not looked at the code in detail, but start by changing:
Code
$log->read($file)
to:
Code
$log->read($dir/$file);
Also, change:
Code
$dir = 'C:\\Documents and Settings\\jordant\\Desktop\\Dump\\';
to:
Code
$dir = 'C:/Documents and Settings/jordant/Desktop/Dump';

(This post was edited by FishMonger on Jan 24, 2012, 2:47 PM)


jboy4
Novice

Jan 24, 2012, 3:02 PM

Post #3 of 15 (2446 views)
Re: [FishMonger] $Log->Read() -Multiple Files Help- [In reply to] Can't Post
switching 1 alone or switching both come up with the same error.

Argument "2.pcap" isnt numeric in division [/] at TcpDumpLog.pl line 29

Argument "C:/Docum......./Dump" isnt numeric in division (/) at line 29

Error: can't read log 0: no such file or directory


FishMonger
Veteran

Jan 24, 2012, 5:25 PM

Post #4 of 15 (2433 views)
Re: [jboy4] $Log->Read() -Multiple Files Help- [In reply to] Can't Post
You must be executing a different version than whats been posted. There isn't division being done in that code.


saurabhsharma
Novice

Jan 25, 2012, 1:28 AM

Post #5 of 15 (2412 views)
Re: [jboy4] $Log->Read() -Multiple Files Help- [In reply to] Can't Post
Change your directory path to

$dir = 'C:/Documents and Settings/jordant/Desktop/Dump';

as explained by FishMonger

AND



Put the arguments you are passing to read() in double quotes and see if it helps,



$log->read("$dir/$file");



Since the error you are getting is "numeric in division [/]"




jboy4
Novice

Jan 25, 2012, 6:23 AM

Post #6 of 15 (2400 views)
Re: [saurabhsharma] $Log->Read() -Multiple Files Help- [In reply to] Can't Post
Ya its actually still the same code im not sure why im getting a division error as well. Switching the $log idea seemed to get it past those errors but now im running into another error.

Cant call method indexes on an undefined value.



#INFO from PCAP file
foreach my $index ($log->indexes) {




I also think there something wrong with the $file part of my code because when i do a print on $file i get the same error as above but with file. I am trying to read multiple pcap files... Is this just the wrong route to go about it?

I have a working code for hard coding single pcap files into it but im trying to get it to run all files within a directory with pcap extension.


(This post was edited by jboy4 on Jan 25, 2012, 7:49 AM)


FishMonger
Veteran

Jan 25, 2012, 7:44 AM

Post #7 of 15 (2393 views)
Re: [jboy4] $Log->Read() -Multiple Files Help- [In reply to] Can't Post
It's a scoping issue.

$log is declared in the while loop and is not accessible after that loop.

You need to add the strict and warnings pragmas. The strict pragma would have told you about that scoping proplem.

Code
use strict; 
use warnings;


jboy4
Novice

Jan 25, 2012, 8:21 AM

Post #8 of 15 (2392 views)
Re: [FishMonger] $Log->Read() -Multiple Files Help- [In reply to] Can't Post
I had issues with my first code not working when strict was present.... When it was removed it seemed to work right away?

moving the log outside of the } after next usless will fix my issue??


FishMonger
Veteran

Jan 25, 2012, 8:28 AM

Post #9 of 15 (2390 views)
Re: [jboy4] $Log->Read() -Multiple Files Help- [In reply to] Can't Post
Ignoring the problems that the strict pragma points out is a really bad approach.

Your starting point is to add the strict pragma back in and fix those problems, one of which is the one that prompted you to post your original question.

Also, you should fix your code indentation, it's very inconsistent. Clean code with proper indentation is much easier to troubleshoot.


jboy4
Novice

Jan 25, 2012, 8:42 AM

Post #10 of 15 (2388 views)
Re: [FishMonger] $Log->Read() -Multiple Files Help- [In reply to] Can't Post
Alright, so here is my orignal code with strict and warning. I get no errors and it outputs to mysql just fine. Everything is working.



Code
  
 
#!/usr/bin/perl  
 
 
 use DBI; 
 use Net::TcpDumpLog; 
 use NetPacket::Ethernet; 
 use NetPacket::IP; 
 use NetPacket::TCP; 
 use Net::Pcap; 
 use strict; 
 use warnings;  
 
 #Login to mysql 
 my $dbh = DBI->connect('DBI:mysql:test', 'root', 'nstar' 
            ) || die "Could not connect to +database: $DBI::errstr";  
 
 
 #Pcap file to log 
 my $log = Net::TcpDumpLog->new(); 
   $log->read("C:\\Documents and Settings\\jordant\\Desktop\\Dump\\m1.pcap");  
 
 #INFO from PCAP file 
foreach my $index ($log->indexes) { 
 my ($length_orig, $length_incl, $drops, $secs, $msecs) = $log->header($index); 
 my $data = $log->data($index);  
 
   
 
 my $eth_obj = NetPacket::Ethernet->decode($data); 
   next unless $eth_obj->{type} == NetPacket::Ethernet::ETH_TYPE_IP;  
 
 
 my $ip_obj = NetPacket::IP->decode($eth_obj->{data}); 
   next unless $ip_obj->{proto} == NetPacket::IP::IP_PROTO_TCP;  
 
 my $tcp_obj = NetPacket::TCP->decode($ip_obj->{data});  
 
   
 
   
 
      #get date time stamp of packet 
 my ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime($secs + $msecs/1000); 
    $mon+=1; 
 my $time = sprintf("%02d-%02d %02d:%02d:%02d", 
    $mon, $mday, $hour, $min, $sec);  
 
   
 
   
 
  #Info in Table  
 
        $dbh->do( "INSERT INTO  test2 (Date,Source,Destination,Packets,Port) 
                        values ( 
                        '$time', 
                        '$ip_obj->{src_ip}', 
                        '$ip_obj->{dest_ip}', 
                        '$ip_obj->{len}', 
                        '$tcp_obj->{dest_port}')"); 
  }



Now i want to beable to read multiple pcap files within a directory i create under that Dump folder on my desktop. What is the best method to go about this?

I tred using a loop method with opendir and readdir before....

I appreciate the help Fish you have been awesome!


FishMonger
Veteran

Jan 25, 2012, 8:51 AM

Post #11 of 15 (2385 views)
Re: [jboy4] $Log->Read() -Multiple Files Help- [In reply to] Can't Post
I'm in the middle of something here at work. I'll get back to you a little later.


jboy4
Novice

Jan 27, 2012, 8:28 AM

Post #12 of 15 (2287 views)
Re: [FishMonger] $Log->Read() -Multiple Files Help- [In reply to] Can't Post
I got it working using opendir and readdir. I had it finishing my loop then stopping. Only doing 1 file at a time. I did some tweaking and got it working. Thanks for your help FISH.


FishMonger
Veteran

Jan 27, 2012, 8:33 AM

Post #13 of 15 (2286 views)
Re: [jboy4] $Log->Read() -Multiple Files Help- [In reply to] Can't Post
Sorry I did respond earlier. I was tied up on something else and then forgot.

Good to hear that you figured it out.


jboy4
Novice

Jan 27, 2012, 9:35 AM

Post #14 of 15 (2282 views)
Re: [FishMonger] $Log->Read() -Multiple Files Help- [In reply to] Can't Post
Ya thanks again. Just a quick qestion could you point me in the right direction or explain how to add in to my code to stop it from over writing my last one.

Im having to delete the pcap file after it goes into mysql,otherwise, it will add it again if its in the dump folder.

I am in no hurry if i have to ill just delete the pcap files after i get them into the database.


FishMonger
Veteran

Jan 27, 2012, 9:43 AM

Post #15 of 15 (2280 views)
Re: [jboy4] $Log->Read() -Multiple Files Help- [In reply to] Can't Post
Once you're done with the file and have closed any open filehandle to it, you would use Perl's ulink function to delete it.

http://perldoc.perl.org/functions/unlink.html

 
 


Search for (options) Powered by Gossamer Forum v.1.2.0

Web Applications & Managed Hosting Powered by Gossamer Threads
Visit our Mailing List Archives