Passive network discovery

1. #!/usr/bin/perl
2. #===============================================================================
3. #
4. #         FILE:  Detect.pl
5. #
6. #        USAGE:  ./Detect.pl  
7. #
8. #  DESCRIPTION:  
9. #
10. #      OPTIONS:  ---
11. # REQUIREMENTS:  ---
12. #         BUGS:  ---
13. #        NOTES:  ---
14. #       AUTHOR:  YOUR NAME (),
15. #      COMPANY:  
16. #      VERSION:  1.0
17. #      CREATED:  12/04/2012 14:23:31
18. #     REVISION:  ---
19. #===============================================================================
20.  
21. use strict;
22. use warnings;
23.  
24.  
25. use Net::Pcap;
26. use Data::Dumper;
27. use Net::Frame::Layer::ARP qw(:consts);
28. use Net::Frame::Layer::ETH qw(:consts);
29. use Net::Frame::Layer::IPv4 qw(:consts);
30. use Net::Frame::Layer::TCP qw(:consts);
31. use Net::Frame::Layer::UDP qw(:consts);
32.  
33. use Net::Frame::Simple;
34. my $hardware = {};
35. my $ip = {};
36. my $tcp = {};
37. my $udp = {};
38.  
39.  
40. my $err = '';
41. my $dev = 'em0';
42.  
43. my $pcap = pcap_open_live($dev, 1024,1,10,\$err)
44.     or die "can't open $dev: $err";
45.  
46. pcap_loop($pcap, 1000, \&process_packet, 0);
47.  
48.  
49.  
50. pcap_close($pcap);
51.  
52. print "hardware addresses found:\n";
53.  
54. print Dumper($hardware);
55.  
56. print "network addresses found:\n";
57. print Dumper($ip);
58.  
59. print "tcp connections found:\n";
60. print Dumper($tcp);
61.  
62. print "udp datagrams found:\n";
63. print Dumper($udp);
64.  
65. sub process_packet {
66.     my ($user_data, $header, $packet) = @_;
67.     my $eth = Net::Frame::Simple->new(
68.         raw => $packet,
69.         firstLayer => 'ETH'
70.     );
71.     my $dip;
72.     my $sip;
73.     foreach my $layer($eth->layers){
74.         if($layer->layer eq 'ETH'){
75.             $hardware->{$layer->dst} = 1;
76.             $hardware->{$layer->src} = 1;
77.         } elsif ($layer->layer eq 'ARP'){
78.             $hardware->{$layer->dst} = 1;
79.             $hardware->{$layer->src} = 1;
80.             $ip->{$layer->dstIp} = 1;
81.             $ip->{$layer->srcIp} = 1;
82.         } elsif ($layer->layer eq 'IPv4'){
83.             $ip->{$layer->src} = 1;
84.             $ip->{$layer->dst} = 1;
85.             $dip = $layer->dst;
86.             $sip = $layer->src;
87.  
88.         } elsif($layer->layer eq 'IPv6'){
89.             $ip->{$layer->src} = 1;
90.             $ip->{$layer->dst} = 1;
91.             $dip = $layer->dst;
92.             $sip = $layer->src;
93.         } elsif($layer->layer eq 'IP'){
94.             $ip->{$layer->src} = 1;
95.             $ip->{$layer->dst} = 1;
96.             $dip = $layer->dst;
97.             $sip = $layer->src;
98.         }
99.         elsif($layer->layer eq 'TCP'){
100.             my $ps = $sip . ":" . $layer->src;
101.             my $pd = $dip . ":" . $layer->dst;
102.             $tcp->{"Dst: " . $ps} = 1;
103.             $tcp->{"Src: " . $pd} = 1;
104.         } elsif($layer->layer eq 'UDP'){
105.             my $ps = $sip . ":" . $layer->src;
106.             my $pd = $dip . ":" . $layer->dst;
107.             $udp->{"Dst: " . $ps} = 1;
108.             $udp->{"Src: " . $pd} = 1;
109.         }
110.  
111.  
112.     }
113. }