NAME

Net::RawIP - Perl extension for manipulate raw ip packet whith interface to libpcap

SYNOPSIS

use Net::RawIP;
$a = new Net::RawIP;
$a->set({ip => {saddr => www.mustdie.com,daddr => www.mustdie.com},
         tcp => {source => 139,dest => 139,psh => 1, syn => 1}});
$a->send;	   

DESCRIPTION

This package provides a class object which can be used for creating, manipulating and sending a raw ip packets.

Exported constants

PCAP_ERRBUF_SIZE PCAP_VERSION_MAJOR PCAP_VERSION_MINOR lib_pcap_h

Exported functions

open_live open_offline dump_open lookupdev lookupnet dispatch loop dump compile setfilter next datalink snapshot is_swapped major_version minor_version stats file fileno perror geterr strerror close dump_close eth_tcp_pkt_parse tcp_pkt_creat rawsock host_to_ip set_sockaddr pkt_send

By default exported functions is a loop,dispatch,dump_open, dump,open_live. Use export tag pcap for export all pcap functions. Please read the docs for libpcap. Exported functions loop and dispatch can run perl code refs as callback for packet analyzing and printing. If dump_open open and return a valid file descriptor,this descriptor can be used in perlcallback as perl filehandle. Function next return a string scalar (next packet). Please look at examples.

CONSTRUCTOR

new ({ ip => {IPKEY => IPVALUE,...}, ARGPROTO => {PROTOKEY => PROTOVALUE,...} })

ip is a key of hash which value is a reference of hash whith parameters iphdr in current ip packet.

IPKEY is one of they (version ihl tos tot_len id frag_off ttl protocol check saddr daddr). You may specify all parameters even check.If you not specify parameter, default value is used.Default values is (4,5,16,0,0,0x4000,64,6,0,0,0). Of course checksum will be calculated if you not specify non-zero value. Values of saddr and daddr may look like www.oracle.com or 205.227.44.16, even this may look like integer if you know how look 205.227.44.16 as unsigned int ;).

ARGPROTO is one of they (tcp udp icmp),this key define subclass of Net::RawIP. Default value is tcp.

NOTE: Currently only tcp is implemented !

PROTOKEY is one of they (source dest seq ack_seq doff res1 res2 urg ack psh rst syn fin window check urg_ptr data) Default values is (0,0,0,0,0,0,0,0,0,0,0,0,0,0xffff,0,0,''). Valid values for urg ack psh rst syn fin is 0 or 1. Value of data is a string. Length of result packet will be calculated if you not specify non-zero value for tot_len.

METHODS

proto return name of subclass current object e.g. tcp.

set is a method for setting parameters current object. Given parameters must look like parameters for constructor.

bset is a method for setting parameters current object. Single parameter is a scalar which contain binary structure (ip packet). This scalar must match whith subclass current object.

get is a method for getting parameters from current object. This method return array which filled whith asked parameters in order as it ordered in ip packet. Input parameter is a hash reference. In this hash may be two keys. They is a ip and one of ARGPROTOs. Value must be a array reference. This array contain asked parameters. E.g. you want know current value of tos from iphdr and flags which contain tcphdr. Here is a code :

  ($tos,$urg,$ack,$psh,$rst,$syn,$fin) = $packet->get({
            ip => [qw(tos)],
	    tcp => [qw(psh syn urg ack rst fin)]
	    });
Members in array can be given in any order.

send($delay,$times) is a method which used for send raw ip packet. Input parameters is a delay seconds and a times for repeat sending. If you not specifies parameters for send,then packet will be send once whithout delay. If you specifies for times negative value packet will be send forever. E.g. you want send packet 10 times whith delay equal 1 second. Here is a code :

$packet->send(1,10);

pcapinit($device,$filter,$psize,$timeout) is a method for some pcap init. Input parameters is a device,string whith program for filter,packet size,timeout. This method call pcap functons open_live,then compile filter string, set filter and return pcap_t *.

AUTHOR

Sergey Kolychev <ksv@al.lg.ua>

COPYRIGHT

Copyright (c) 1998 Sergey Kolychev. All rights reserved. This program is free software; you can redistribute it and/or modify it under the same terms as Perl itself.

SEE ALSO

perl(1) ,tcpdump(1),RFC 791,RFC 793.