tcpdump mailing list archives
Problems with pcap filter between Net::Pcap and tcpdump
From: "Lee Hinman" <matthew.hinman () gmail com>
Date: Wed, 5 Sep 2007 16:11:07 -0600
Hi All, I'm trying to write a simple sniffer for AIM traffic, using "tcpdump -A -s0 tcp port 5190" works just great for capturing all the traffic, however, when I attemp to use the script I've written (below), it doesn't capture anything except for some extremely annoying UPnP packets (which aren't even on port 5190). The script: #!/usr/bin/perl use warnings; use strict; use Net::PcapUtils; use NetPacket::Ethernet; use NetPacket::IP; use NetPacket::TCP; #$| = 1; my ($address,$netmask,$err,$filter); sub grab_aim { my ($arg,$hdr,$pkt) = @_ ; my $eth_data = NetPacket::Ethernet::strip($pkt); my $ip = NetPacket::IP->decode($eth_data); my $tcp = NetPacket::TCP->decode($ip->{'data'}); print $ip->{'src_ip'} .":". $tcp->{'src_port'} . " -> " . $ip->{'dest_ip'} .":". $tcp->{'dest_port'} . "\n"; print "Data:\n" . $tcp->{'data'} . "\n"; } #my $interface = shift || "en0"; my $dev = shift || Net::Pcap::lookupdev(\$err) or die "Can't lookup device: $err\n"; #if (Net::Pcap::lookupnet($interface, \$address, \$netmask, \$err)==-1) { if (Net::Pcap::lookupnet($dev, \$address, \$netmask, \$err)==-1) { die 'Unable to look up device information for ', $dev, ' - ', $err; } print "Device: $dev\n"; my $object = Net::Pcap::open_live($dev, 65536, 1, 0, \$err) or die "Can't open device $dev: $err\n"; Net::Pcap::compile($object, \$filter, 'tcp port 5190', 0, $netmask); Net::Pcap::setfilter($object, $filter); Net::Pcap::loop($object, -1, \&grab_aim, ''); Am I compiling the filters wrong? - Lee - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
Current thread:
- Problems with pcap filter between Net::Pcap and tcpdump Lee Hinman (Aug 24)
- <Possible follow-ups>
- Problems with pcap filter between Net::Pcap and tcpdump Lee Hinman (Sep 06)