Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
Net::Analysis::ListeneUserCContributed Perl DocNet::Analysis::Listener::TCP(3)

NAME
       Net::Analysis::Listener::TCP - listens to packets, emits	streams

SYNOPSIS
       This module subclasses Net::Analysis::Listener::Base, and manages TCP
       sessions	behind the scenes.

       Listens for:
	 _internal_tcp_packet -	note: augments packet, for downstream
       listeners

       Emits:
	 tcp_session_start
	 tcp_session_end
	 tcp_monologue	   - a series of data packets

DESCRIPTION
       Each raw	packet is slotted into the relevant TCP	session. The
       TCPSession module does most of the analysis on the packet, allowing
       this one	to emit	"tcp_monologue"	events as they are completed.

       The tcp_monologue event is the backbone of higher level protocol
       analysers. It is	not a good example for writing your own	listener.

CONFIGURATION
	v - verbosity; a bitmask for logging to	stdout:
	     0x01 - per-packet
	     0x02 - per-monologue
	     0x04 - per-session

	k - a TCP-session key to suddenly get verbose about

	dump - dumps out monologues as files into the current directory

	max_session_size - discard packets once	this many bytes	have been seen

EMITTED	EVENTS
   "tcp_session_start"
       Emitted when we see a new TCP session get successfully estabished.
       Contains	the following arguments:

	socketpair_key - uniquely identifies the TCP session
	pkt	       - the Net::Analysis::Packet which established the session

       Note that "pkt" is the final packet in the setup	handshake; it is not
       the initail SYN,	or the first data packet. You can get the SYN packets
       from the	TCPSession object if you want to dig around.

   "tcp_session_end"
       Emitted when we see the end of the session; either because of a proper
       handshake, or because we	ran out	of data. Contains the following
       arguments:

	socketpair_key - uniquely identifies the TCP session
	pkt	       - the Net::Analysis::Packet which closed	the session

       Note that "pkt" will be "undef" if we ran out of	data.

   "tcp_monologue"
       As packets travel in one	direction, we gather them up. When we see a
       (data) packet in	the other direction, or	the end	of the TCP session, we
       combine the gathered packetes into a monologue object and emit this
       event. Contains the following arguments:

	socketpair_key - uniquely identifies the TCP session
	monologue      - a Net::Analysis::TCPMonologue object

METHODS
       You probably don't need to read the rest	of this	...

   new ( )
       Simple wrapper on top of	"Listener::Base::new()", which ensures that
       the TCP listener	is put first in	the queue for listening	to events.

       This queue-jumping is to	allow the "tcp_packet" handler to add extra
       info to the packet that higher level analysers might want to see. This
       info is derived from its	state in the TCP session.

   EXPORT
       None by default.

SEE ALSO
       Net::Analysis::Listener::Base Net::Analysis::TCPSession
       Net::Analysis::TCPMonologue

AUTHOR
       Adam B. Worrall,	<worrall@cpan.org>

COPYRIGHT AND LICENSE
       Copyright (C) 2004 by Adam B. Worrall

       This library is free software; you can redistribute it and/or modify it
       under the same terms as Perl itself, either Perl	version	5.8.5 or, at
       your option, any	later version of Perl 5	you may	have available.

perl v5.32.1			  2010-04-10   Net::Analysis::Listener::TCP(3)

NAME | SYNOPSIS | DESCRIPTION | CONFIGURATION | EMITTED EVENTS | METHODS | SEE ALSO | AUTHOR | COPYRIGHT AND LICENSE

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=Net::Analysis::Listener::TCP&sektion=3&manpath=FreeBSD+13.0-RELEASE+and+Ports>

home | help