parsing packets and user defined data structures


B

bergenpeak

I'm using the perl pcap module to read in captured pcap files. I
would like to write code to parse certain packet types. In the past
when using C to do this type of processing, I would define a structure
that details the format of the underlying data, and then overlay the
structure at the right byte offset in the packet and then pull out the
fields in the structure (p->len, p->data, etc.).

Is there a similar mechanism in perl? Right now, I'm doing this by
manually walking through the packet with perl code per field and
underlying data type. It's doable, but time consuming and prone to
errors. I'm hoping there's a cleaner way to do this by overlaying a
structure and pulling the data out through the structure.

Note that the packets I'm interesting in parsing don't have any
predefined perl modules to help with the parsing (eg IP, UDP, etc.)

Thanks
 
Ad

Advertisements

S

smallpond

I'm using the perl pcap module to read in captured pcap files.  I
would like to write code to parse certain packet types.  In the past
when using C to do this type of processing, I would define a structure
that details the format of the underlying data, and then overlay the
structure at the right byte offset in the packet and then pull out the
fields in the structure (p->len, p->data, etc.).

Is there a similar mechanism in perl?  Right now, I'm doing this by
manually walking through the packet with perl code per field and
underlying data type.  It's doable, but time consuming and prone to
errors.  I'm hoping there's a cleaner way to do this by overlaying a
structure and pulling the data out through the structure.

Note that the packets I'm interesting in parsing don't have any
predefined perl modules to help with the parsing (eg IP, UDP, etc.)

Thanks

perl calls it a template.

binmode FH;
read FH,$packet,$recordlen or die "Cannot read";
($len, $data, $etc) = unpack 'l2A3',$packet;

reads two 4-byte integers and 3 ASCII chars such as "ETC".
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top