Patrice Auffret > Net-Frame-Dump-1.13 > Net::Frame::Dump::Offline

Download:
Net-Frame-Dump-1.13.tar.gz

Dependencies

Annotate this POD

View/Report Bugs
Source   Latest Release: Net-Frame-Dump-1.14

NAME ^

Net::Frame::Dump::Offline - tcpdump like implementation, offline mode

SYNOPSIS ^

   use Net::Frame::Dump::Offline;

   #
   # Simple offline anaysis
   #
   my $oDump = Net::Frame::Dump::Offline->new(file => $file);

   $oDump->start;

   my $count = 0;
   while (my $h = $oDump->next) {
      my $f = Net::Frame::Simple->new(
         raw        => $h->{raw},
         firstLayer => $h->{firstLayer},
         timestamp  => $h->{timestamp},
      );
      my $len = length($h->{raw});
      print 'o Frame number: '.$count++." (length: $len)\n";
      print $f->print."\n";
   }

   $oDump->stop;

   #
   # Default parameters on creation
   #
   my $oDumpDefault = Net::Frame::Dump::Offline->new(
      file          => "netframe-tmp-$$.$int.pcap",
      filter        => '',
      isRunning     => 0,
      keepTimestamp => 0,
   );

DESCRIPTION ^

This module implements a tcpdump-like program, for offline analysis.

ATTRIBUTES ^

The following are inherited attributes:

file

Name of the .pcap file to read.

filter

Pcap filter to use. Default to no filter.

firstLayer

Stores information about the first layer type contained on read frame. This attribute is filled only after a call to start method.

isRunning

Returns true if a call to start has been done, false otherwise or if a call to stop has been done.

keepTimestamp

Sometimes, when frames are captured and saved to a .pcap file, timestamps sucks. That is, you send a frame, and receive the reply, but your request appear to have been sent after the reply. So, to correct that, you can use Net::Frame::Dump own timestamping system. The default is 0. Set it manually to 1 if you need original .pcap frames timestamps.

METHODS ^

new
new (hash)

Object constructor. You can pass attributes that will overwrite default ones. See SYNOPSIS for default values.

start

When you want to start reading frames from the file, call this method.

stop

When you want to stop reading frames from the file, call this method.

next

Returns the next captured frame; undef if no more frames are awaiting.

store (Net::Frame::Simple object)

This method will store internally, sorted, the Net::Frame::Simple object passed as a single parameter. getKey methods, implemented in various Net::Frame::Layer objects will be used to efficiently retrieve (via getKeyReverse method) frames.

Basically, it is used to make recv method (from Net::Frame::Simple) to retrieve quickly the reply frame for a request frame.

getFramesFor

This will return an array of possible reply frames for the specified Net::Frame::Simple object. For example, reply frames for a UDP probe will be all the frames which have the same source port and destination port as the request.

flush

Will flush stored frames, the one which have been stored via store method.

SEE ALSO ^

Net::Frame::Dump

AUTHOR ^

Patrice <GomoR> Auffret

COPYRIGHT AND LICENSE ^

Copyright (c) 2006-2012, Patrice <GomoR> Auffret

You may distribute this module under the terms of the Artistic license. See LICENSE.Artistic file in the source distribution archive.

syntax highlighting: