Net::Frame::Dump::Offline - tcpdump like implementation, offline mode
use Net::Frame::Dump::Offline;
#
# Simple offline anaysis
#
my $oDump = Net::Frame::Dump::Offline->new(file => $file);
$oDump->start;
my $count = 0;
while (my $h = $oDump->next) {
my $f = Net::Frame::Simple->new(
raw => $h->{raw},
firstLayer => $h->{firstLayer},
timestamp => $h->{timestamp},
);
my $len = length($h->{raw});
print 'o Frame number: '.$count++." (length: $len)\n";
print $f->print."\n";
}
$oDump->stop;
#
# Default parameters on creation
#
my $oDumpDefault = Net::Frame::Dump::Offline->new(
file => "netframe-tmp-$$.$int.pcap",
filter => '',
isRunning => 0,
keepTimestamp => 0,
);
This module implements a tcpdump-like program, for offline analysis.
The following are inherited attributes:
- file
- Name of the .pcap file to read.
- filter
- Pcap filter to use. Default to no filter.
- firstLayer
- Stores information about the first layer type contained on read frame.
This attribute is filled only after a call to start method.
- isRunning
- Returns true if a call to start has been done, false otherwise or if a
call to stop has been done.
- keepTimestamp
- Sometimes, when frames are captured and saved to a .pcap file, timestamps
sucks. That is, you send a frame, and receive the reply, but your request
appear to have been sent after the reply. So, to correct that, you can use
Net::Frame::Dump own timestamping system. The default is 0. Set it
manually to 1 if you need original .pcap frames timestamps.
- new
- new (hash)
- Object constructor. You can pass attributes that will overwrite default
ones. See SYNOPSIS for default values.
- start
- When you want to start reading frames from the file, call this
method.
- stop
- When you want to stop reading frames from the file, call this method.
- next
- Returns the next captured frame; undef if no more frames are
awaiting.
- store (Net::Frame::Simple object)
- This method will store internally, sorted, the Net::Frame::Simple
object passed as a single parameter. getKey methods, implemented in
various Net::Frame::Layer objects will be used to efficiently
retrieve (via getKeyReverse method) frames.
Basically, it is used to make recv method (from
Net::Frame::Simple) to retrieve quickly the reply frame for a
request frame.
- getFramesFor
- This will return an array of possible reply frames for the specified
Net::Frame::Simple object. For example, reply frames for a UDP
probe will be all the frames which have the same source port and
destination port as the request.
- flush
- Will flush stored frames, the one which have been stored via store
method.
Copyright (c) 2006-2020, Patrice <GomoR> Auffret
You may distribute this module under the terms of the Artistic
license. See LICENSE.Artistic file in the source distribution archive.