Patrice Auffret > Net-Packet-Shell-0.22 > Net::Packet::Shell



Annotate this POD

View/Report Bugs
Module Version: 0.22   Source  


Net::Packet::Shell - Scapy like implementation using Net::Packet, just to prove it


   perl -MNet::Packet::Shell -e nps

   # Optional, just to change default interface and related
   nps> $Env->updateDevInfo('')

   # Basic example IPv4 with TCP
   # See also examples/ for a scripted version
   nps> sd F(IPv4,TCP(dst=>443))

   # Advanced example: an IPv6 frame within IPv4
   # See also examples/ for a scripted version
   nps> $ip6=F(IPv6,TCP)
   nps> $Env->doIPv4Checksum(1); $Env->noFrameComputeLengths(1)
   nps> $ip4=F(ETH,IPv4(protocol=>NP_IPv4_PROTOCOL_IPv6, \
   nps> sr $ip4->raw.$ip6->raw

   # Sniffing (an IPv6 frame within IPv4 is shown)
   nps> sniff
   L2:+ETH: dst:ff:ff:ff:ff:ff:ff  src:ff:ff:ff:ff:ff:ff  type:0x0800
   L3:+IPv4: version:4  hlen:5  tos:0x00  length:60  id:36492
   L3: IPv4: flags:0x00  offset:0  ttl:128  protocol:0x29  checksum:0xae0a
   L3: IPv4: src:  dst:
   L3:+IPv6: version:6  trafficClass:0x00  flowLabel:0x00000  nextHeader:0x06
   L3: IPv6: payloadLength:20  hopLimit:255
   L3: IPv6: src:::1  dst:::1
   L4:+TCP: src:20692  dst:0  seq:0x7bf55f60  ack:0x0000 
   L4: TCP: off:0x05  x2:0x0  flags:0x2  win:65535  checksum:0x83b7  urp:0x00

   # Sniffing with filter
   nps> sniff('tcp')

   # Dsniff tiny implementation
   nps> dsniff

   # Dsniff tiny implementation with filter
   nps> dsniff('tcp and port 110')

   # Read a pcap file
   nps> read('file.pcap')


Net::Packet::Shell is, as the name imply, a shell program to use Net::Packet. With it, you will be able to send crafted frames (via Net::Packet::Frame), or send raw data using directly related layers you wish to use.

It is also scriptable, while personaly I prefer to directly use Net::Packet for scripted tasks. You can see examples scripts from examples directory in the source tarball.

The main behaviour of Net::Packet::Shell is driven by a Net::Packet::Env object. I suggest you to read the man page (... now). Basically, the default $Env object used has the following values set: noFramePadding(1), noFrameComputeLengths(0), noFrameComputeChecksums(0), doIPv4Checksum(0).

These default values change when you send a frame with sd2 or sd3 (and sd, we will see that), to comply with kernel restrictions, and hopefully to help the user automate simple tasks. But at the end of the send call, default values will be reset as they were originally.

You can use sr if you want to fully control the sending process. With this method, you simply pass a raw string (and not a Net::Packet::Frame object), and it is directly written at layer 2 on the network. In this case, you are in charge of handling checksums, and lengths of the frame. There are helpers, though.

For a guide on how to use these helpers, see Net::Packet::Frame and Net::Packet::Env.



This is the function to run for starting Net::Packet::Shell. You will then be able to use the following functions. You do not use this function at all if you want to script Net::Packet::Shell. See SYNOPSIS.

sr (raw scalar string)

You pass a raw string as a parameter, and it is directly written to the network, with no analyze at all. No checksums, no lengths will be computed before sending, you are on your own.

sd (Net::Packet::Frame)

This one is a wrapper around sd2 and sd3. That is, it will use internally sd2 to send frame if it has a layer 2 built-in. If will use internally sd3 if the frame has a layer3 buil-in, and no a layer 2.

After a successfull call to sd, or sd2, or sd3, Net::Packet::Env env object will be reinitialized to default behaviour for Net::Packet::Shell.

sd2 (Net::Packet::Frame)

Sending frame here will auto-compute checksums and lengths, when implemented in the respective layers. Frame will be sent at layer 2.

sd3 (Net::Packet::Frame)

Sending frame here will auto-compute checksums and lengths, when implemented in the respective layers. Frame will be sent at layer 3.

read (file)

You pass a pcap file as a parameter, and it will be decoded and each frames printed to standard output.

sniff [ (pcap filter) ]

This function will sniff the network using the default interface (set by default Net::Packet::Env env object). It will decode each seen frames, and print them to standard output.

You can pass a pcap filter as a parameter to select only the traffic you want.

dsniff [ (pcap filter) ]

This is a small implementation of Dug Song's Dsniff tool.

You can pass a pcap filter as a parameter to select only the traffic you want.


Function packager for various layers. This is equivalent to Net::Packet::Frame. When a frame object is created with various layers, they will be packed, and assembled into a raw string.

If Net::Packet::Env env object has its attributes noFrameComputeChecksums, noFrameComputeLengths, doIPv4Checksum set to true of false values, it will have an impact on the packing of the frame.

So, the packing will compute checksums and lengths, only if you tell it via this Net::Packet::Env env object.


All the following functions handles respective layers. To know more about parameters they take, see respective Net::Packet pod (example for ETH: Net::Packet::ETH).

ARP [ (hash) ]
CDP [ (hash) ]
ETH [ (hash) ]
ICMPv4 [ (hash) ]
IGMPv4 [ (hash) ]
IPv4 [ (hash) ]
IPv6 [ (hash) ]
LLC [ (hash) ]
NULL [ (hash) ]
OSPF [ (hash) ]
PPP [ (hash) ]
PPPLCP [ (hash) ]
PPPoE [ (hash) ]
RAW [ (hash) ]
SLL [ (hash) ]
STP [ (hash) ]
TCP [ (hash) ]
UDP [ (hash) ]
VLAN [ (hash) ]


Net::Packet, Net::Packet::Env, Net::Packet::Frame


Patrice <GomoR> Auffret


Copyright (c) 2006-2010, Patrice <GomoR> Auffret

You may distribute this module under the terms of the Artistic license. See LICENSE.Artistic file in the source distribution archive.

syntax highlighting: