[Chicago-talk] pcapy question

John Kristoff jtk at depaul.edu
Tue Nov 30 10:15:18 PST 2010


On Sun, Nov 28, 2010 at 06:22:47PM -0600, packet wrote:
> I got a very god question if i am right do i need the Net::Pcap so i can
> makea tool like pcapy in perl  just have a hard time thinking how i going to
> start this tool.Hope someone can give me some pointers in the right way:)

I wrote this awhile back as a simple pcap summarization tool.  You
are free to adapt it for your uses:

  <http://www.cymru.com/jtk/code/pcapsum.pl>

A few notes about the modules however...

Myself and a number of others have found Net::Pcap versions 0.15 and
0.16 to be broken by default on a number of systems.  I advise using
0.14 if you run into trouble.

I like using the NetPacket modules when possible, but it has a limited
set of protocols it supports.  The alternative is either Net::Packet
or it's successor Net::Frame.  Net::Packet has not only been
discontinued by the author, but will always send messages to stderr by
default, telling you it is obsolete.  Unfortunatley, Net::Frame lacks
some protocol support that Net::Packet had.  So depending on what you
are trying to do, you might have to hack the distribution, use a
combination of modules or contribute some code.

One additional note that you may care about, as I recall, installing
Net::Packet resulted in my having to also install a seemingly tremendous
amount of other modules that were not in my typical Perl installation.
I believe Net::Frame has many of the same module requirements.

John


More information about the Chicago-talk mailing list