Scroll to navigation

Net::Frame::Dump::Online2(3pm) User Contributed Perl Documentation Net::Frame::Dump::Online2(3pm)

NAME

Net::Frame::Dump::Online2 - tcpdump like implementation, online mode and non-blocking

SYNOPSIS

   use Net::Frame::Dump::Online2;
   #
   # Simply create a Dump object
   #
   my $oDump = Net::Frame::Dump::Online2->new(
      dev => 'eth0',
   );
   $oDump->start;
   # Gather frames
   while (1) {
      if (my $f = $oDump->next) {
         my $raw            = $f->{raw};
         my $firstLayerType = $f->{firstLayer};
         my $timestamp      = $f->{timestamp};
      }
   }
   $oDump->stop;
   #
   # Default parameters on creation
   #
   my $oDumpDefault = Net::Frame::Dump::Online2->new(
      timeoutOnNext => 3,
      timeout       => 0,
      promisc       => 0,
      snaplen       => 1514,
      file          => '',
      overwrite     => 0,
   );

DESCRIPTION

This module implements a tcpdump-like program, for live capture from networks.

ATTRIBUTES

The network interface to listen on. No default value.
Each time you call next method, an internal counter is updated. This counter tells you if you have not received any data since timeoutOnNext seconds. When a timeout occurred, timeout is set to true.
When timeoutOnNext seconds has been reached, this variable is set to true, and never reset. See timeoutReset if you want to reset it.
If you want to capture a different snaplen, set it a number. Default to 1514.
By default, interface is not put into promiscuous mode, set this parameter to true if you want it.

The following are inherited attributes:

Pcap filter to use. Default to no filter.
Stores information about the first layer type contained on read frame. This attribute is filled only after a call to start method.
Returns true if a call to start has been done, false otherwise or if a call to stop has been done.
Sometimes, when frames are captured and saved to a .pcap file, timestamps sucks. That is, you send a frame, and receive the reply, but your request appear to have been sent after the reply. So, to correct that, you can use Net::Frame::Dump own timestamping system. The default is 0. Set it manually to 1 if you need original .pcap frames timestamps.

METHODS

Object constructor. You can pass attributes that will overwrite default ones. See SYNOPSIS for default values.
When you want to start reading frames from network, call this method.
When you want to stop reading frames from network, call this method.
Returns the next captured frame; undef if none awaiting. Each time this method is called, a comparison is done to see if no frame has been captured during timeoutOnNext number of seconds. If so, timeout attribute is set to 1 to reflect the pending timeout.
This method will store internally, sorted, the Net::Frame::Simple object passed as a single parameter. getKey methods, implemented in various Net::Frame::Layer objects will be used to efficiently retrieve (via getKeyReverse method) frames.

Basically, it is used to make recv method (from Net::Frame::Simple) to retrieve quickly the reply frame for a request frame.

This will return an array of possible reply frames for the specified Net::Frame::Simple object. For example, reply frames for a UDP probe will be all the frames which have the same source port and destination port as the request.
Will flush stored frames, the one which have been stored via store method.
Reset the internal timeout state (timeout attribute).
Tries to get packet statistics on an open descriptor. It returns a reference to a hash that has to following fields: ps_recv, ps_drop, ps_ifdrop.

SEE ALSO

Net::Frame::Dump

AUTHOR

Patrice <GomoR> Auffret

COPYRIGHT AND LICENSE

Copyright (c) 2006-2020, Patrice <GomoR> Auffret

You may distribute this module under the terms of the Artistic license. See LICENSE.Artistic file in the source distribution archive.

2022-11-19 perl v5.36.0