.\" Automatically generated by Pod::Man 2.25 (Pod::Simple 3.16) .\" .\" Standard preamble: .\" ======================================================================== .de Sp \" Vertical space (when we can't use .PP) .if t .sp .5v .if n .sp .. .de Vb \" Begin verbatim text .ft CW .nf .ne \\$1 .. .de Ve \" End verbatim text .ft R .fi .. .\" Set up some character translations and predefined strings. \*(-- will .\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left .\" double quote, and \*(R" will give a right double quote. \*(C+ will .\" give a nicer C++. Capital omega is used to do unbreakable dashes and .\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff, .\" nothing in troff, for use with C<>. .tr \(*W- .ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p' .ie n \{\ . ds -- \(*W- . ds PI pi . if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch . if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch . ds L" "" . ds R" "" . ds C` "" . ds C' "" 'br\} .el\{\ . ds -- \|\(em\| . ds PI \(*p . ds L" `` . ds R" '' 'br\} .\" .\" Escape single quotes in literal strings from groff's Unicode transform. .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" .\" If the F register is turned on, we'll generate index entries on stderr for .\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index .\" entries marked with X<> in POD. Of course, you'll have to process the .\" output yourself in some meaningful fashion. .ie \nF \{\ . de IX . tm Index:\\$1\t\\n%\t"\\$2" .. . nr % 0 . rr F .\} .el \{\ . de IX .. .\} .\" .\" Accent mark definitions (@(#)ms.acc 1.5 88/02/08 SMI; from UCB 4.2). .\" Fear. Run. Save yourself. No user-serviceable parts. . \" fudge factors for nroff and troff .if n \{\ . ds #H 0 . ds #V .8m . ds #F .3m . ds #[ \f1 . ds #] \fP .\} .if t \{\ . ds #H ((1u-(\\\\n(.fu%2u))*.13m) . ds #V .6m . ds #F 0 . ds #[ \& . ds #] \& .\} . \" simple accents for nroff and troff .if n \{\ . ds ' \& . ds ` \& . ds ^ \& . ds , \& . ds ~ ~ . ds / .\} .if t \{\ . ds ' \\k:\h'-(\\n(.wu*8/10-\*(#H)'\'\h"|\\n:u" . ds ` \\k:\h'-(\\n(.wu*8/10-\*(#H)'\`\h'|\\n:u' . ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'^\h'|\\n:u' . ds , \\k:\h'-(\\n(.wu*8/10)',\h'|\\n:u' . ds ~ \\k:\h'-(\\n(.wu-\*(#H-.1m)'~\h'|\\n:u' . ds / \\k:\h'-(\\n(.wu*8/10-\*(#H)'\z\(sl\h'|\\n:u' .\} . \" troff and (daisy-wheel) nroff accents .ds : \\k:\h'-(\\n(.wu*8/10-\*(#H+.1m+\*(#F)'\v'-\*(#V'\z.\h'.2m+\*(#F'.\h'|\\n:u'\v'\*(#V' .ds 8 \h'\*(#H'\(*b\h'-\*(#H' .ds o \\k:\h'-(\\n(.wu+\w'\(de'u-\*(#H)/2u'\v'-.3n'\*(#[\z\(de\v'.3n'\h'|\\n:u'\*(#] .ds d- \h'\*(#H'\(pd\h'-\w'~'u'\v'-.25m'\f2\(hy\fP\v'.25m'\h'-\*(#H' .ds D- D\\k:\h'-\w'D'u'\v'-.11m'\z\(hy\v'.11m'\h'|\\n:u' .ds th \*(#[\v'.3m'\s+1I\s-1\v'-.3m'\h'-(\w'I'u*2/3)'\s-1o\s+1\*(#] .ds Th \*(#[\s+2I\s-2\h'-\w'I'u*3/5'\v'-.3m'o\v'.3m'\*(#] .ds ae a\h'-(\w'a'u*4/10)'e .ds Ae A\h'-(\w'A'u*4/10)'E . \" corrections for vroff .if v .ds ~ \\k:\h'-(\\n(.wu*9/10-\*(#H)'\s-2\u~\d\s+2\h'|\\n:u' .if v .ds ^ \\k:\h'-(\\n(.wu*10/11-\*(#H)'\v'-.4m'^\v'.4m'\h'|\\n:u' . \" for low resolution devices (crt and lpr) .if \n(.H>23 .if \n(.V>19 \ \{\ . ds : e . ds 8 ss . ds o a . ds d- d\h'-1'\(ga . ds D- D\h'-1'\(hy . ds th \o'bp' . ds Th \o'LP' . ds ae ae . ds Ae AE .\} .rm #[ #] #H #V #F C .\" ======================================================================== .\" .IX Title "NetPacket::TCP 3pm" .TH NetPacket::TCP 3pm "2011-11-20" "perl v5.14.2" "User Contributed Perl Documentation" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l .nh .SH "NAME" NetPacket::TCP \- Assemble and disassemble TCP (Transmission Control Protocol) packets. .SH "VERSION" .IX Header "VERSION" version 1.3.0 .SH "SYNOPSIS" .IX Header "SYNOPSIS" .Vb 1 \& use NetPacket::TCP; \& \& $tcp_obj = NetPacket::TCP\->decode($raw_pkt); \& $tcp_pkt = NetPacket::TCP\->encode($ip_pkt); \& $tcp_data = NetPacket::TCP::strip($raw_pkt); .Ve .SH "DESCRIPTION" .IX Header "DESCRIPTION" \&\f(CW\*(C`NetPacket::TCP\*(C'\fR provides a set of routines for assembling and disassembling packets using \s-1TCP\s0 (Transmission Control Protocol). .SS "Methods" .IX Subsection "Methods" .ie n .IP """NetPacket::TCP\->decode([RAW PACKET])""" 4 .el .IP "\f(CWNetPacket::TCP\->decode([RAW PACKET])\fR" 4 .IX Item "NetPacket::TCP->decode([RAW PACKET])" Decode the raw packet data given and return an object containing instance data. This method will quite happily decode garbage input. It is the responsibility of the programmer to ensure valid packet data is passed to this method. .ie n .IP """NetPacket::TCP\->encode($ip_obj)""" 4 .el .IP "\f(CWNetPacket::TCP\->encode($ip_obj)\fR" 4 .IX Item "NetPacket::TCP->encode($ip_obj)" Return a \s-1TCP\s0 packet encoded with the instance data specified. Needs parts of the ip header contained in \f(CW$ip_obj\fR in order to calculate the \s-1TCP\s0 checksum. .ie n .IP """$packet\-""parse_tcp_options>" 4 .el .IP "\f(CW$packet\-\fRparse_tcp_options>" 4 .IX Item "$packet-parse_tcp_options>" Returns a hash (or a hash ref in scalar context) contaning the packet's options. .Sp For now the method only recognizes well-known and widely used options (\s-1MSS\s0, noop, windows scale factor, \s-1SACK\s0 permitted, timestamp). If the packet contains options unknown to the method, it may fail. .SS "Functions" .IX Subsection "Functions" .ie n .IP """NetPacket::TCP::strip([RAW PACKET])""" 4 .el .IP "\f(CWNetPacket::TCP::strip([RAW PACKET])\fR" 4 .IX Item "NetPacket::TCP::strip([RAW PACKET])" Return the encapsulated data (or payload) contained in the \s-1TCP\s0 packet. This data is suitable to be used as input for other \&\f(CW\*(C`NetPacket::*\*(C'\fR modules. .Sp This function is equivalent to creating an object using the \&\f(CW\*(C`decode()\*(C'\fR constructor and returning the \f(CW\*(C`data\*(C'\fR field of that object. .SS "Instance data" .IX Subsection "Instance data" The instance data for the \f(CW\*(C`NetPacket::TCP\*(C'\fR object consists of the following fields. .IP "src_port" 4 .IX Item "src_port" The source \s-1TCP\s0 port for the packet. .IP "dest_port" 4 .IX Item "dest_port" The destination \s-1TCP\s0 port for the packet. .IP "seqnum" 4 .IX Item "seqnum" The \s-1TCP\s0 sequence number for this packet. .IP "acknum" 4 .IX Item "acknum" The \s-1TCP\s0 acknowledgement number for this packet. .IP "hlen" 4 .IX Item "hlen" The header length for this packet. .IP "reserved" 4 .IX Item "reserved" The 6\-bit \*(L"reserved\*(R" space in the \s-1TCP\s0 header. .IP "flags" 4 .IX Item "flags" Contains the urg, ack, psh, rst, syn, fin, ece and cwr flags for this packet. .IP "winsize" 4 .IX Item "winsize" The \s-1TCP\s0 window size for this packet. .IP "cksum" 4 .IX Item "cksum" The \s-1TCP\s0 checksum. .IP "urg" 4 .IX Item "urg" The \s-1TCP\s0 urgent pointer. .IP "options" 4 .IX Item "options" Any \s-1TCP\s0 options for this packet in binary form. .IP "data" 4 .IX Item "data" The encapsulated data (payload) for this packet. .SS "Exports" .IX Subsection "Exports" .IP "default" 4 .IX Item "default" \&\s-1FIN\s0 \s-1SYN\s0 \s-1RST\s0 \s-1PSH\s0 \s-1ACK\s0 \s-1URG\s0 \s-1ECE\s0 \s-1CWR\s0 Can be used to set the appropriate flag. .IP "exportable" 4 .IX Item "exportable" tcp_strip .IP "tags" 4 .IX Item "tags" The following tags group together related exportable items. .RS 4 .ie n .IP """:strip""" 4 .el .IP "\f(CW:strip\fR" 4 .IX Item ":strip" Import the strip function \f(CW\*(C`tcp_strip\*(C'\fR. .ie n .IP """:ALL""" 4 .el .IP "\f(CW:ALL\fR" 4 .IX Item ":ALL" All the above exportable items. .RE .RS 4 .RE .SH "EXAMPLE" .IX Header "EXAMPLE" The following script is a primitive pop3 sniffer. .PP .Vb 1 \& #!/usr/bin/perl \-w \& \& use strict; \& use Net::PcapUtils; \& use NetPacket::Ethernet qw(:strip); \& use NetPacket::IP qw(:strip); \& use NetPacket::TCP; \& \& sub process_pkt { \& my($arg, $hdr, $pkt) = @_; \& \& my $tcp_obj = NetPacket::TCP\->decode(ip_strip(eth_strip($pkt))); \& \& if (($tcp_obj\->{src_port} == 110) or ($tcp_obj\->{dest_port} == 110)) { \& print($tcp_obj\->{data}); \& } \& } \& \& Net::PcapUtils::loop(\e&process_pkt, FILTER => \*(Aqtcp\*(Aq); .Ve .PP The following uses NetPacket together with Net::Divert to add a syn flag to all \s-1TCP\s0 packets passing through: .PP .Vb 1 \& #!/usr/bin/perl \& \& use Net::Divert; \& use NetPacket::IP qw(IP_PROTO_TCP); \& use NetPacket::TCP; \& \& \& $divobj = Net::Divert\->new(\*(Aqyourhostname\*(Aq,9999); \& \& $divobj\->getPackets(\e&alterPacket); \& \& sub alterPacket { \& my($packet,$fwtag) = @_; \& \& # decode the IP header \& $ip_obj = NetPacket::IP\->decode($packet); \& \& # check if this is a TCP packet \& if($ip_obj\->{proto} == IP_PROTO_TCP) { \& \& # decode the TCP header \& $tcp_obj = NetPacket::TCP\->decode($ip_obj\->{data}); \& \& # set the syn flag \& $tcp_obj\->{flags} |= SYN; \& \& # construct the new ip packet \& $ip_obj\->{data} = $tcp_obj\->encode($ip_obj); \& $packet = $ip_obj\->encode; \& \& } \& \& # write it back out \& $divobj\->putPacket($packet,$fwtag); \& } .Ve .SH "TODO" .IX Header "TODO" .IP "Assembly of \s-1TCP\s0 fragments into a data stream" 4 .IX Item "Assembly of TCP fragments into a data stream" .PD 0 .IP "Option processing" 4 .IX Item "Option processing" .IP "Nicer processing of \s-1TCP\s0 flags" 4 .IX Item "Nicer processing of TCP flags" .PD .SH "COPYRIGHT" .IX Header "COPYRIGHT" Copyright (c) 2001 Tim Potter and Stephanie Wehner. .PP Copyright (c) 1995,1996,1997,1998,1999 \s-1ANU\s0 and \s-1CSIRO\s0 on behalf of the participants in the \s-1CRC\s0 for Advanced Computational Systems ('ACSys'). .PP This module is free software. You can redistribute it and/or modify it under the terms of the Artistic License 2.0. .PP This program is distributed in the hope that it will be useful, but without any warranty; without even the implied warranty of merchantability or fitness for a particular purpose. .SH "AUTHOR" .IX Header "AUTHOR" Tim Potter .PP Stephanie Wehner