CGI/Perl Guide | Learning Center | Forums | Advertise | Login
Site Search: in

  Main Index MAIN
INDEX
Search Posts SEARCH
POSTS
Who's Online WHO'S
ONLINE
Log in LOG
IN

Home: Perl Programming Help: Intermediate:
$Log->Read() -Multiple Files Help-

 



jboy4
Novice

Jan 24, 2012, 2:25 PM

Post #1 of 15 (3245 views)
$Log->Read() -Multiple Files Help- Can't Post

Hi i have been working on a program to read my pcap files and having issues with the code reading multiple files. I had it hard coded before to read a single Pcap file at a time but we are now producing multiple pcap files and need it to be able to read a directory of pcap files at a time. Please help me with fix my code!




Code
 #!/usr/bin/perl -w   


use DBI;
use Net::TcpDumpLog;
use NetPacket::Ethernet;
use NetPacket::IP;
use NetPacket::TCP;
use Net::Pcap;


#Login to mysql
$dbh = DBI->connect('DBI:mysql:test', 'root', 'root'
) || die "Could not connect to +database: $DBI::errstr";

####HERE TO EXIT NEEDS WORK!my $dir = 'C:\\Documents and Settings\\jordant\\Desktop\\Dump\\';

opendir(DIR, $dir) or die $!;

while (my $file = readdir(DIR)) {

# We only want files
next unless (-f "$dir/$file");

# Use a regular expression to find files ending in .pcap
next unless ($file =~ m/\.pcap$/);

my $log = Net::TcpDumpLog->new();
$log->read($file)
}
print $file;
exit 0;




#INFO from PCAP file
foreach my $index ($log->indexes) {
my ($length_orig, $length_incl, $drops, $secs, $msecs) = $log->header($index);
my $data = $log->data($index);



my $eth_obj = NetPacket::Ethernet->decode($data);
next unless $eth_obj->{type} == NetPacket::Ethernet::ETH_TYPE_IP;


my $ip_obj = NetPacket::IP->decode($eth_obj->{data});
next unless $ip_obj->{proto} == NetPacket::IP::IP_PROTO_TCP;

my $tcp_obj = NetPacket::TCP->decode($ip_obj->{data});





#get date time stamp of packet
my ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime($secs + $msecs/1000);
$mon+=1;
my $time = sprintf("%02d-%02d %02d:%02d:%02d",
$mon, $mday, $hour, $min, $sec);





#Info in Table

$dbh->do( "INSERT INTO test2 (Date,Source,Destination,Packets,Port)
values (
'$time',
'$ip_obj->{src_ip}',
'$ip_obj->{dest_ip}',
'$ip_obj->{len}',
'$tcp_obj->{dest_port}')");


}





Right now my issue is it gives back a ERROR: Can't read log 2.pcap: no such file or directory.



The area that needs work is #### please let me know if you can help. Thanks


PS: The print and exit below the bold were only to diagnose the issue.


(This post was edited by jboy4 on Jan 24, 2012, 2:27 PM)


FishMonger
Veteran / Moderator

Jan 24, 2012, 2:45 PM

Post #2 of 15 (3242 views)
Re: [jboy4] $Log->Read() -Multiple Files Help- [In reply to] Can't Post

I have not looked at the code in detail, but start by changing:

Code
$log->read($file)

to:

Code
$log->read($dir/$file);


Also, change:

Code
$dir = 'C:\\Documents and Settings\\jordant\\Desktop\\Dump\\';

to:

Code
$dir = 'C:/Documents and Settings/jordant/Desktop/Dump';



(This post was edited by FishMonger on Jan 24, 2012, 2:47 PM)


jboy4
Novice

Jan 24, 2012, 3:02 PM

Post #3 of 15 (3238 views)
Re: [FishMonger] $Log->Read() -Multiple Files Help- [In reply to] Can't Post

switching 1 alone or switching both come up with the same error.

Argument "2.pcap" isnt numeric in division [/] at TcpDumpLog.pl line 29

Argument "C:/Docum......./Dump" isnt numeric in division (/) at line 29

Error: can't read log 0: no such file or directory


FishMonger
Veteran / Moderator

Jan 24, 2012, 5:25 PM

Post #4 of 15 (3225 views)
Re: [jboy4] $Log->Read() -Multiple Files Help- [In reply to] Can't Post

You must be executing a different version than whats been posted. There isn't division being done in that code.


saurabhsharma
Novice

Jan 25, 2012, 1:28 AM

Post #5 of 15 (3204 views)
Re: [jboy4] $Log->Read() -Multiple Files Help- [In reply to] Can't Post

Change your directory path to

$dir = 'C:/Documents and Settings/jordant/Desktop/Dump';

as explained by FishMonger

AND



Put the arguments you are passing to read() in double quotes and see if it helps,



$log->read("$dir/$file");



Since the error you are getting is "numeric in division [/]"




jboy4
Novice

Jan 25, 2012, 6:23 AM

Post #6 of 15 (3192 views)
Re: [saurabhsharma] $Log->Read() -Multiple Files Help- [In reply to] Can't Post

Ya its actually still the same code im not sure why im getting a division error as well. Switching the $log idea seemed to get it past those errors but now im running into another error.

Cant call method indexes on an undefined value.



#INFO from PCAP file
foreach my $index ($log->indexes) {




I also think there something wrong with the $file part of my code because when i do a print on $file i get the same error as above but with file. I am trying to read multiple pcap files... Is this just the wrong route to go about it?

I have a working code for hard coding single pcap files into it but im trying to get it to run all files within a directory with pcap extension.


(This post was edited by jboy4 on Jan 25, 2012, 7:49 AM)


FishMonger
Veteran / Moderator

Jan 25, 2012, 7:44 AM

Post #7 of 15 (3185 views)
Re: [jboy4] $Log->Read() -Multiple Files Help- [In reply to] Can't Post

It's a scoping issue.

$log is declared in the while loop and is not accessible after that loop.

You need to add the strict and warnings pragmas. The strict pragma would have told you about that scoping proplem.


Code
use strict; 
use warnings;



jboy4
Novice

Jan 25, 2012, 8:21 AM

Post #8 of 15 (3184 views)
Re: [FishMonger] $Log->Read() -Multiple Files Help- [In reply to] Can't Post

I had issues with my first code not working when strict was present.... When it was removed it seemed to work right away?

moving the log outside of the } after next usless will fix my issue??


FishMonger
Veteran / Moderator

Jan 25, 2012, 8:28 AM

Post #9 of 15 (3182 views)
Re: [jboy4] $Log->Read() -Multiple Files Help- [In reply to] Can't Post

Ignoring the problems that the strict pragma points out is a really bad approach.

Your starting point is to add the strict pragma back in and fix those problems, one of which is the one that prompted you to post your original question.

Also, you should fix your code indentation, it's very inconsistent. Clean code with proper indentation is much easier to troubleshoot.


jboy4
Novice

Jan 25, 2012, 8:42 AM

Post #10 of 15 (3180 views)
Re: [FishMonger] $Log->Read() -Multiple Files Help- [In reply to] Can't Post

Alright, so here is my orignal code with strict and warning. I get no errors and it outputs to mysql just fine. Everything is working.




Code
  

#!/usr/bin/perl


use DBI;
use Net::TcpDumpLog;
use NetPacket::Ethernet;
use NetPacket::IP;
use NetPacket::TCP;
use Net::Pcap;
use strict;
use warnings;

#Login to mysql
my $dbh = DBI->connect('DBI:mysql:test', 'root', 'nstar'
) || die "Could not connect to +database: $DBI::errstr";


#Pcap file to log
my $log = Net::TcpDumpLog->new();
$log->read("C:\\Documents and Settings\\jordant\\Desktop\\Dump\\m1.pcap");

#INFO from PCAP file
foreach my $index ($log->indexes) {
my ($length_orig, $length_incl, $drops, $secs, $msecs) = $log->header($index);
my $data = $log->data($index);



my $eth_obj = NetPacket::Ethernet->decode($data);
next unless $eth_obj->{type} == NetPacket::Ethernet::ETH_TYPE_IP;


my $ip_obj = NetPacket::IP->decode($eth_obj->{data});
next unless $ip_obj->{proto} == NetPacket::IP::IP_PROTO_TCP;

my $tcp_obj = NetPacket::TCP->decode($ip_obj->{data});





#get date time stamp of packet
my ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime($secs + $msecs/1000);
$mon+=1;
my $time = sprintf("%02d-%02d %02d:%02d:%02d",
$mon, $mday, $hour, $min, $sec);





#Info in Table

$dbh->do( "INSERT INTO test2 (Date,Source,Destination,Packets,Port)
values (
'$time',
'$ip_obj->{src_ip}',
'$ip_obj->{dest_ip}',
'$ip_obj->{len}',
'$tcp_obj->{dest_port}')");
}





Now i want to beable to read multiple pcap files within a directory i create under that Dump folder on my desktop. What is the best method to go about this?

I tred using a loop method with opendir and readdir before....

I appreciate the help Fish you have been awesome!


FishMonger
Veteran / Moderator

Jan 25, 2012, 8:51 AM

Post #11 of 15 (3177 views)
Re: [jboy4] $Log->Read() -Multiple Files Help- [In reply to] Can't Post

I'm in the middle of something here at work. I'll get back to you a little later.


jboy4
Novice

Jan 27, 2012, 8:28 AM

Post #12 of 15 (3079 views)
Re: [FishMonger] $Log->Read() -Multiple Files Help- [In reply to] Can't Post

I got it working using opendir and readdir. I had it finishing my loop then stopping. Only doing 1 file at a time. I did some tweaking and got it working. Thanks for your help FISH.


FishMonger
Veteran / Moderator

Jan 27, 2012, 8:33 AM

Post #13 of 15 (3078 views)
Re: [jboy4] $Log->Read() -Multiple Files Help- [In reply to] Can't Post

Sorry I did respond earlier. I was tied up on something else and then forgot.

Good to hear that you figured it out.


jboy4
Novice

Jan 27, 2012, 9:35 AM

Post #14 of 15 (3074 views)
Re: [FishMonger] $Log->Read() -Multiple Files Help- [In reply to] Can't Post

Ya thanks again. Just a quick qestion could you point me in the right direction or explain how to add in to my code to stop it from over writing my last one.

Im having to delete the pcap file after it goes into mysql,otherwise, it will add it again if its in the dump folder.

I am in no hurry if i have to ill just delete the pcap files after i get them into the database.


FishMonger
Veteran / Moderator

Jan 27, 2012, 9:43 AM

Post #15 of 15 (3072 views)
Re: [jboy4] $Log->Read() -Multiple Files Help- [In reply to] Can't Post

Once you're done with the file and have closed any open filehandle to it, you would use Perl's ulink function to delete it.

http://perldoc.perl.org/functions/unlink.html

 
 


Search for (options) Powered by Gossamer Forum v.1.2.0

Web Applications & Managed Hosting Powered by Gossamer Threads
Visit our Mailing List Archives