Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- use Net::TcpDumpLog;
- use NetPacket::Ethernet;
- use NetPacket::IP;
- use NetPacket::TCP;
- use strict;
- use warnings;
- use diagnostics;
- #http://hype-free.blogspot.com/2010/03/parsing-pcap-files-with-perl.html
- my $log = Net::TcpDumpLog->new();
- $log->read("log.pcap");
- foreach my $index ($log->indexes) {
- my ($length_orig, $length_incl, $drops, $secs, $msecs) = $log->header($index);
- my $data = $log->data($index);
- my $eth_obj = NetPacket::Ethernet->decode($data);
- next unless $eth_obj->{type} == NetPacket::Ethernet::ETH_TYPE_IP;
- my $ip_obj = NetPacket::IP->decode($eth_obj->{data});
- next unless $ip_obj->{proto} == NetPacket::IP::IP_PROTO_TCP;
- my $tcp_obj = NetPacket::TCP->decode($ip_obj->{data});
- my ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime($secs + $msecs/1000);
- print sprintf("Time: %02D-%02d %02d:%02d:%02d.%d\n",
- $mon, $mday, $hour, $min, $sec, $msecs);
- print "\tIP Address Source: ", $ip_obj->{src_ip}, "\n\t\tMac Address Source: ", $eth_obj->{src_mac},
- "\n\t\tPort Numbers: ", $tcp_obj->{src_port};
- print "\n\tIP Address Destination: ", $ip_obj->{dest_ip}, "\n\t\tMac Address Destination: ", $eth_obj->{dest_mac}, " \n",
- "\t\tPort Numbers: ", $tcp_obj->{dest_port}, "\n";
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
