@RISK Online - The Security Blog

Web Hosting by Netfirms | Free Domain Names by Netfirms

iptraffic: setup instructions

As explained, this application is built completely in PERL. Several modules need to be installed to support this application. Most *nix distributions come with PERL installed. Windows, however, does not have any native support for PERL. I use ActivePerl from ActiveState. This is, by far, the most flexible PERL support I've found for Windows, and they do also have a version for Linux. The most powerful aspect of ActivePerl is the Perl Package Manager (PPM) which will automatically search and download pre-compiled modules for you. Most *nix users will get their PERL modules are available via the Comprehensive Perl Archive Network (CPAN). The following modules are used in this application.

First, we have to be able to capture packets off the wire. For that we use Net::Pcap and Net::PcapUtils.

• Net::Pcap/Net::PcapUtils for Win32
  
  
• Net::Pcap from CPAN
• Net::PcapUtils from CPAN

Next, we need to be able to assemble/disassemble network packets at the protocol level. NetPacket is the primary module that handles this for PERL. I originally used Win32::NetPacket, but this does not seem to be needed any more. All has been incorporated into standard NetPacket at CPAN. I include Win32::NetPacket here for completeness.

• Win32::NetPacket
• NetPacket from CPAN

There are multiple modules to support various protocols. They are:

• NetPacket::ARP Assemble and disassemble ARP (Address Resolution Protocol) packets.
• NetPacket::Ethernet Assemble and disassemble ethernet packets.
• NetPacket::ICMP Assemble and disassemble ICMP (Internet Control Message Protocol) packets.
• NetPacket::IGMP Assemble and disassemble IGMP (Internet Group Mangement Protocol) packets.
• NetPacket::IP Assemble and disassemble IP (Internet Protocol) packets.
• NetPacket::TCP Assemble and disassemble TCP (Transmission Control Protocol) packets.
• NetPacket::UDP Assemble and disassemble UDP (User Datagram Protocol) packets.
• NetPacket::LLC Assemble and disassemble IEEE 802.3 LLC protocol packets.
• NetPacket::SpanningTree Assemble and disassemble IEEE 802.1D Spanning Tree protocol packets.

MySQL Database support is enabled with the following modules:

• DBI Database independent interface for Perl
• DBD-mysql MySQL driver for the Perl5 Database Interface (DBI)

And finally, I use the following module to intercept keystrokes. Specifically, press a key to cleanly end the capture process in the application:

• Term::ReadKey A perl module for simple terminal control

Navigation:

My Blogroll:

Security Advisories:

Defacements Archive:

Security News:

Security Tools: