use strict;
use Net::Pcap qw(:functions);
use NetPacket::Ethernet qw(:strip);
use NetPacket::IP qw(:strip);
use NetPacket::TCP qw(:strip);
use Geo::IP;
use Socket;
my $gi = Geo::IP->open("GeoLiteCity.dat", GEOIP_STANDARD);
my $pcap_file = @ARGV[0];
my $err = undef;
sub process_pkt {
my ($arg, $hdr, $pkt) = @_;
my $eth_obj ;
my $ip_obj ;
if (@ARGV[1] eq '-c') {
$eth_obj = unpack("x[16]a*", $pkt);
$ip_obj = NetPacket::IP->decode($eth_obj);
}
else {
$eth_obj = NetPacket::Ethernet->decode($pkt);
$ip_obj = NetPacket::IP->decode($eth_obj->{data});
}
my $tcp_obj = NetPacket::TCP->decode($ip_obj->{data});
my $tcpdest = $tcp_obj->{dest_port} ;
my $ipsrc = $ip_obj->{src_ip} ;
my $tcpproto;
my $iaddr = inet_aton($ipsrc); # or whatever address
my $hostname = gethostbyaddr($iaddr, AF_INET);
my $record = $gi->record_by_addr($ipsrc);
my $pais;
my $ciudad;
if($record) {
$pais =$record->country_code ;
$ciudad = $record->city ;
}
print "$ipsrc,$hostname,$pais,$ciudad\n";
}
my $pcap = Net::Pcap::pcap_open_offline($pcap_file, \$err) or die "Can't read $pcap_file : $err\n";
Net::Pcap::pcap_loop($pcap, -1, \&process_pkt, undef);
Net::Pcap::pcap_close($pcap);