使用perl和Net::Pcap和Net::PcapUtils从特定ip过滤数据包
我一直在尝试编写一个脚本,从设备中过滤数据包,并从该设备上的特定ip地址过滤数据包 当您选择特定设备并使用ip.src==xx.xx.xx.xx时,我希望数据与我从wireshark获得的输出类似 到目前为止,我的计划是这样的使用perl和Net::Pcap和Net::PcapUtils从特定ip过滤数据包,perl,pcap,packet-capture,Perl,Pcap,Packet Capture,我一直在尝试编写一个脚本,从设备中过滤数据包,并从该设备上的特定ip地址过滤数据包 当您选择特定设备并使用ip.src==xx.xx.xx.xx时,我希望数据与我从wireshark获得的输出类似 到目前为止,我的计划是这样的 #!/usr/bin/perl -w my $interface='eth1'; sub process_pkt #Packet processing routine { my ($user_data,$header, $packet) = @_; my
#!/usr/bin/perl -w
my $interface='eth1';
sub process_pkt #Packet processing routine
{
my ($user_data,$header, $packet) = @_;
my $minipacket = substr($packet,0,54);
print ("\n## raw: ###\n");
print ($minipacket);
print ("\n==Byte# / Hex / Dec / Bin==\n");
for ($i=0;$i<55;$i++)
{
$hexval = unpack('H2',substr($packet,$i,1));
$decval = hex(unpack('H2',substr($packet,$i,1)));
printf ("%03s-%02s-%03s-%08b\n", $i, $hexval, $decval, $decval);
}
}
# ######################################################################
# Here we are invoking the NetPcap module and looping through forever.
Net::PcapUtils::loop(\&process_pkt,
SNAPLEN => 65536, #Size of data to get from packet
PROMISC => 1, #Put in promiscuous mode
FILTER => 'tcp', #only pass TCP packets
DEV => $interface, );
之后
FILTER => 'tcp'
代码中的行?
我能否以某种方式包括数据包的数据长度,以便过滤数据长度=86的数据包
我用于获取数据包有效载荷的替代程序:
#!/usr/bin/perl -w
# #########################
#
use Net::PcapUtils;
use NetPacket::Ethernet qw(:strip);
use NetPacket::IP;
use NetPacket::TCP;
use NetPacket::IP qw(:strip);
my $interface= 'eth1';
my $snaplen= 65536;
my $filter='tcp';
my $promisc = 1;
my $timeout = 10000 ;
my $err;
sub process_pkt
{
my ($user_data,$header,$packet) = @_;
$ip= NetPacket::IP->decode(eth_strip($packet));
$tcp= NetPacket::TCP->decode($ip->{data});
$payload = $tcp->{data};
print ("payload: \n ".$payload." \n----end-----\n");
for($i=0;$i<55;$i++){
$hexval = unpack('H2',substr($payload,$i,1));
open (MYFILE, '>>perldata1.txt');
print MYFILE ($i." :hex: ". $hexval."\n");
close (MYFILE);
}
}
Net::PcapUtils::loop(\&process_pkt,
SNAPLEN => 65536,
PROMISC => 1,
FILTER => 'tcp',
FILTER => 'ip src 129.7.236.40',
DEV => $interface, );
但我仍然无法确定如何获得数据字段的长度:
谢谢
代码将来自特定源的数据过滤到数组中,您可以对其执行任何操作
#!/usr/bin/perl -w
# #########################
#
use Net::PcapUtils;
use NetPacket::Ethernet qw(:strip);
use NetPacket::IP;
use NetPacket::TCP;
use NetPacket::IP qw(:strip);
my $interface= 'eth1';
my $snaplen= 65536;
my $filter='tcp';
my $promisc = 1;
my $timeout = 10000 ;
my $err;
sub process_pkt
{
my ($user_data,$header,$packet) = @_;
$ip= NetPacket::IP->decode(eth_strip($packet));
$tcp= NetPacket::TCP->decode($ip->{data});
$payload = $tcp->{data};
print ("payload: \n ".$payload." \n----end-----\n");
for($i=0;$i<55;$i++){
$hexval = unpack('H2',substr($payload,$i,1));
open (MYFILE, '>>perldata1.txt');
print MYFILE ($i." :hex: ". $hexval."\n");
close (MYFILE);
}
}
Net::PcapUtils::loop(\&process_pkt,
SNAPLEN => 65536,
PROMISC => 1,
FILTER => 'tcp',
FILTER => 'ip src 129.7.236.40',
DEV => $interface, );
#!/usr/bin/perl -w
# #########################
#
use Net::PcapUtils;
use NetPacket::Ethernet qw(:strip);
use NetPacket::IP;
use NetPacket::TCP;
use NetPacket::IP qw(:strip);
use strict;
use Data::Dumper;
#use warnings;
my $interface= 'eth1';
my $snaplen= 65536;
my $filter='tcp';
my $promisc = 1;
my $timeout = 10000 ;
my $err;
my @array;
sub process_pkt
{
my ($user_data,$header,$packet) = @_;
my $ip= NetPacket::IP->decode(eth_strip($packet));
my $tcp= NetPacket::TCP->decode($ip->{data});
my $payload = $tcp->{data};
if(length($payload)==32)
{
for(my $decode=0;$decode<32;$decode++)
{
$array[$decode] = unpack('H2',substr($payload,$decode,1));
}
my $length= scalar(@array);
open (MYFILE, '>doorstatus.tab');
if($array[22] eq '0c')
{
print MYFILE ( " Decision: Granted\n");
}
elsif($array[22] eq '04')
{
print MYFILE ("Decision: Denied\n");
}
elsif($array[22] eq '0d')
{
print MYFILE ("Decision: Locked\n");
}
else
{
print MYFILE ("Decision: unknown \n");
}
#print MYFILE ( " Data: \n".Dumper(\@array)." \n");
close (MYFILE);
}
}
Net::PcapUtils::loop(\&process_pkt,
SNAPLEN => 65536,
PROMISC => 1,
FILTER => 'tcp',
FILTER => 'ip src xx.xx.xx.xx',
DEV => $interface, );