Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- use strict;
- use Net::Pcap qw(:functions);
- use NetPacket::Ethernet qw(:strip);
- use NetPacket::IP qw(:strip);
- use NetPacket::TCP qw(:strip);
- use Geo::IP;
- use Socket;
- my $gi = Geo::IP->open("GeoLiteCity.dat", GEOIP_STANDARD);
- my $pcap_file = @ARGV[0];
- my $err = undef;
- sub process_pkt {
- my ($arg, $hdr, $pkt) = @_;
- my $eth_obj ;
- my $ip_obj ;
- if (@ARGV[1] eq '-c') {
- $eth_obj = unpack("x[16]a*", $pkt);
- $ip_obj = NetPacket::IP->decode($eth_obj);
- }
- else {
- $eth_obj = NetPacket::Ethernet->decode($pkt);
- $ip_obj = NetPacket::IP->decode($eth_obj->{data});
- }
- my $tcp_obj = NetPacket::TCP->decode($ip_obj->{data});
- my $tcpdest = $tcp_obj->{dest_port} ;
- my $ipsrc = $ip_obj->{src_ip} ;
- my $tcpproto;
- my $iaddr = inet_aton($ipsrc); # or whatever address
- my $hostname = gethostbyaddr($iaddr, AF_INET);
- my $record = $gi->record_by_addr($ipsrc);
- my $pais;
- my $ciudad;
- if($record) {
- $pais =$record->country_code ;
- $ciudad = $record->city ;
- }
- print "$ipsrc,$hostname,$pais,$ciudad\n";
- }
- my $pcap = Net::Pcap::pcap_open_offline($pcap_file, \$err) or die "Can't read $pcap_file : $err\n";
- Net::Pcap::pcap_loop($pcap, -1, \&process_pkt, undef);
- Net::Pcap::pcap_close($pcap);
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
