Home > Archive > PERL Beginners > November 2005 > Deciphering TCP payload (i.e,. output of NetPacket::TCP->decode())
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Deciphering TCP payload (i.e,. output of NetPacket::TCP->decode())
|
|
| Eric Pretorious 2005-11-23, 7:56 am |
| I'm attempting to write a small program to decode OSCAR packets and just
can't get my mind wrapped-around whatever it is that
NetPacket::TCP->decode() is returning when stripping-away the ethernet,
IP, and TCP encapsulation from OSCAR packets. (Maybe it's unicode? Maybe
it's hex? I don't quite understand how to work with anything but ASCII.)
> #!/usr/bin/perl -w
>
> use Net::PcapUtils;
> use NetPacket::Ethernet qw( :strip );
> use NetPacket::TCP;
> use NetPacket::IP qw( :strip );
>
> my $pkt_descriptor = Net::PcapUtils::open(
> FILTER => 'port 5190',
> SNAPLEN => 1500,
> DEV => 'eth1'
> );
>
> if (!ref($pkt_descriptor)) {
> print "Net::PcapUtils::open returned: $pkt_descriptor\n";
> exit;
> }
>
> while (1) {
> my ($packet,%header) = Net::PcapUtils::next($pkt_descriptor);
> &process($packet);
> }
>
> sub process() {
> my $packet = shift;
> my $tcp = NetPacket::TCP->decode(ip_strip(eth_strip($packet)));
> # How to check the value of the first byte?
> # How to remove the first six bytes?
> }
Being new to network programming I'm hoping that somebody can recommend
some tutorials/articles on how to decode the payload of the OSCAR
segment and work with the payload on a byte-by-byte basis. e.g.,
Checking the value of each of the first six bytes?
I'd _really_ appreciate any guidance. TIA!
Eric P.
Sunnyvale, CA
| |
| Zentara 2005-11-23, 6:56 pm |
| On Wed, 23 Nov 2005 01:13:22 -0800, eric@pretorious.net (Eric
Pretorious) wrote:
> Maybe
>it's hex? I don't quite understand how to work with anything but ASCII.)
>
>
>Being new to network programming I'm hoping that somebody can recommend
>some tutorials/articles on how to decode the payload of the OSCAR
>segment and work with the payload on a byte-by-byte basis. e.g.,
>Checking the value of each of the first six bytes?
>
Here is a little snippet, but I'm also an ascii-slave myself. :-)
perlmonks.org has some people who probably can help you.
#!/usr/bin/perl -w
use strict;
use Net::PcapUtils;
use NetPacket::Ethernet qw(:strip);
use NetPacket::IP;
sub process_pkt {
my ($user, $hdr, $pkt) = @_;
my $ip_obj = NetPacket::IP->decode(eth_strip($pkt));
print("$ip_obj->{src_ip}:$ip_obj->{dest_ip} $ip_obj->{proto}\n");
}
Net::PcapUtils::loop(\&process_pkt, FILTER => 'ip');
--
I'm not really a human, but I play one on earth.
http://zentara.net/japh.html
|
|
|
|
|