NAME¶
NetPacket::TCP - Assemble and disassemble TCP (Transmission Control Protocol)
packets.
VERSION¶
version 1.3.0
SYNOPSIS¶
use NetPacket::TCP;
$tcp_obj = NetPacket::TCP->decode($raw_pkt);
$tcp_pkt = NetPacket::TCP->encode($ip_pkt);
$tcp_data = NetPacket::TCP::strip($raw_pkt);
DESCRIPTION¶
"NetPacket::TCP" provides a set of routines for assembling and
disassembling packets using TCP (Transmission Control Protocol).
Methods¶
- "NetPacket::TCP->decode([RAW PACKET])"
- Decode the raw packet data given and return an object
containing instance data. This method will quite happily decode garbage
input. It is the responsibility of the programmer to ensure valid packet
data is passed to this method.
- "NetPacket::TCP->encode($ip_obj)"
- Return a TCP packet encoded with the instance data
specified. Needs parts of the ip header contained in $ip_obj in order to
calculate the TCP checksum.
- "$packet-"parse_tcp_options>
- Returns a hash (or a hash ref in scalar context) contaning
the packet's options.
For now the method only recognizes well-known and widely used options (MSS,
noop, windows scale factor, SACK permitted, timestamp). If the packet
contains options unknown to the method, it may fail.
Functions¶
- "NetPacket::TCP::strip([RAW PACKET])"
- Return the encapsulated data (or payload) contained in the
TCP packet. This data is suitable to be used as input for other
"NetPacket::*" modules.
This function is equivalent to creating an object using the
"decode()" constructor and returning the "data" field
of that object.
Instance data¶
The instance data for the "NetPacket::TCP" object consists of the
following fields.
- src_port
- The source TCP port for the packet.
- dest_port
- The destination TCP port for the packet.
- seqnum
- The TCP sequence number for this packet.
- acknum
- The TCP acknowledgement number for this packet.
- hlen
- The header length for this packet.
- reserved
- The 6-bit "reserved" space in the TCP
header.
- flags
- Contains the urg, ack, psh, rst, syn, fin, ece and cwr
flags for this packet.
- winsize
- The TCP window size for this packet.
- cksum
- The TCP checksum.
- urg
- The TCP urgent pointer.
- options
- Any TCP options for this packet in binary form.
- data
- The encapsulated data (payload) for this packet.
Exports¶
- default
- FIN SYN RST PSH ACK URG ECE CWR Can be used to set the
appropriate flag.
- exportable
- tcp_strip
- tags
- The following tags group together related exportable
items.
- ":strip"
- Import the strip function "tcp_strip".
- ":ALL"
- All the above exportable items.
EXAMPLE¶
The following script is a primitive pop3 sniffer.
#!/usr/bin/perl -w
use strict;
use Net::PcapUtils;
use NetPacket::Ethernet qw(:strip);
use NetPacket::IP qw(:strip);
use NetPacket::TCP;
sub process_pkt {
my($arg, $hdr, $pkt) = @_;
my $tcp_obj = NetPacket::TCP->decode(ip_strip(eth_strip($pkt)));
if (($tcp_obj->{src_port} == 110) or ($tcp_obj->{dest_port} == 110)) {
print($tcp_obj->{data});
}
}
Net::PcapUtils::loop(\&process_pkt, FILTER => 'tcp');
The following uses NetPacket together with Net::Divert to add a syn flag to all
TCP packets passing through:
#!/usr/bin/perl
use Net::Divert;
use NetPacket::IP qw(IP_PROTO_TCP);
use NetPacket::TCP;
$divobj = Net::Divert->new('yourhostname',9999);
$divobj->getPackets(\&alterPacket);
sub alterPacket {
my($packet,$fwtag) = @_;
# decode the IP header
$ip_obj = NetPacket::IP->decode($packet);
# check if this is a TCP packet
if($ip_obj->{proto} == IP_PROTO_TCP) {
# decode the TCP header
$tcp_obj = NetPacket::TCP->decode($ip_obj->{data});
# set the syn flag
$tcp_obj->{flags} |= SYN;
# construct the new ip packet
$ip_obj->{data} = $tcp_obj->encode($ip_obj);
$packet = $ip_obj->encode;
}
# write it back out
$divobj->putPacket($packet,$fwtag);
}
TODO¶
- Assembly of TCP fragments into a data stream
- Option processing
- Nicer processing of TCP flags
COPYRIGHT¶
Copyright (c) 2001 Tim Potter and Stephanie Wehner.
Copyright (c) 1995,1996,1997,1998,1999 ANU and CSIRO on behalf of the
participants in the CRC for Advanced Computational Systems ('ACSys').
This module is free software. You can redistribute it and/or modify it under the
terms of the Artistic License 2.0.
This program is distributed in the hope that it will be useful, but without any
warranty; without even the implied warranty of merchantability or fitness for
a particular purpose.
AUTHOR¶
Tim Potter <tpot@samba.org>
Stephanie Wehner <atrak@itsx.com>