Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
Net::Frame::Dump::OfflUser3Contributed Perl DocumeNet::Frame::Dump::Offline(3)

NAME
       Net::Frame::Dump::Offline - tcpdump like	implementation,	offline	mode

SYNOPSIS
	  use Net::Frame::Dump::Offline;

	  #
	  # Simple offline anaysis
	  #
	  my $oDump = Net::Frame::Dump::Offline->new(file => $file);

	  $oDump->start;

	  my $count = 0;
	  while	(my $h = $oDump->next) {
	     my	$f = Net::Frame::Simple->new(
		raw	   => $h->{raw},
		firstLayer => $h->{firstLayer},
		timestamp  => $h->{timestamp},
	     );
	     my	$len = length($h->{raw});
	     print 'o Frame number: '.$count++." (length: $len)\n";
	     print $f->print."\n";
	  }

	  $oDump->stop;

	  #
	  # Default parameters on creation
	  #
	  my $oDumpDefault = Net::Frame::Dump::Offline->new(
	     file	   => "netframe-tmp-$$.$int.pcap",
	     filter	   => '',
	     isRunning	   => 0,
	     keepTimestamp => 0,
	  );

DESCRIPTION
       This module implements a	tcpdump-like program, for offline analysis.

ATTRIBUTES
       The following are inherited attributes:

       file
	   Name	of the .pcap file to read.

       filter
	   Pcap	filter to use. Default to no filter.

       firstLayer
	   Stores information about the	first layer type contained on read
	   frame. This attribute is filled only	after a	call to	start method.

       isRunning
	   Returns true	if a call to start has been done, false	otherwise or
	   if a	call to	stop has been done.

       keepTimestamp
	   Sometimes, when frames are captured and saved to a .pcap file,
	   timestamps sucks. That is, you send a frame,	and receive the	reply,
	   but your request appear to have been	sent after the reply. So, to
	   correct that, you can use Net::Frame::Dump own timestamping system.
	   The default is 0. Set it manually to	1 if you need original .pcap
	   frames timestamps.

METHODS
       new
       new (hash)
	   Object constructor. You can pass attributes that will overwrite
	   default ones. See SYNOPSIS for default values.

       start
	   When	you want to start reading frames from the file,	call this
	   method.

       stop
	   When	you want to stop reading frames	from the file, call this
	   method.

       next
	   Returns the next captured frame; undef if no	more frames are
	   awaiting.

       store (Net::Frame::Simple object)
	   This	method will store internally, sorted, the Net::Frame::Simple
	   object passed as a single parameter.	getKey methods,	implemented in
	   various Net::Frame::Layer objects will be used to efficiently
	   retrieve (via getKeyReverse method) frames.

	   Basically, it is used to make recv method (from Net::Frame::Simple)
	   to retrieve quickly the reply frame for a request frame.

       getFramesFor
	   This	will return an array of	possible reply frames for the
	   specified Net::Frame::Simple	object.	For example, reply frames for
	   a UDP probe will be all the frames which have the same source port
	   and destination port	as the request.

       flush
	   Will	flush stored frames, the one which have	been stored via	store
	   method.

SEE ALSO
       Net::Frame::Dump

AUTHOR
       Patrice <GomoR> Auffret

COPYRIGHT AND LICENSE
       Copyright (c) 2006-2020,	Patrice	<GomoR>	Auffret

       You may distribute this module under the	terms of the Artistic license.
       See LICENSE.Artistic file in the	source distribution archive.

perl v5.32.0			  2020-05-01	  Net::Frame::Dump::Offline(3)

NAME | SYNOPSIS | DESCRIPTION | ATTRIBUTES | METHODS | SEE ALSO | AUTHOR | COPYRIGHT AND LICENSE

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=Net::Frame::Dump::Offline&sektion=3&manpath=FreeBSD+12.2-RELEASE+and+Ports>

home | help