Another Problem with Network Analyzer...! please help me

Discussion of programming on Linux, including shell scripting, perl, python, c/c++, mono, java. Whatever tickles your fancy.

Another Problem with Network Analyzer...! please help me

Postby talalshah » Sat Apr 22, 2006 7:40 pm

Hi all,
Thankyou very much for your help for installation of Pcap Libraries.
But I was in hurry and i changed OS to Red Hat 9.0
I am right now using Pcap, Net::Pcap, Net::PcapUtils and NetPcaket libraries.
I checked it on P2P it start catching the packets, but after 15 to 20 Packets I dont know what happens suddenly the language of the terminal window change and it start showing different types of ASCI characters instead of simple english. and no matter i close the script it still dont go back to its original shape. I am not sure why it happens. can anyone help me preventing that...?
here is the code sample which i am running

####################

use strict;

use Net::PcapUtils;

sub gap
{
print "I have a Packet\n";

}


my $pkt_desc = Net::PcapUtils::open;

if(!ref($pkt_desc))
{
print "Open returned: $pkt_desc\n";
exit;
}

while(1)
{
my($packet,%header) = Net::PcapUtils::next($pkt_desc);
print "Packet information is $packet\n";
gap;
}

############################


Also when i come to run this at Switch I get no reply. I went through alot of ebooks and found that by ARP Spoofing I can do packet reading on switch. but there is no method or way defined anywhere. I downloaded Net::ARP library but i am not sure how to use it.
Can anyone help me in this regard too please. and does anyone know how Ethereal do Packet reading on Switch...?

Please Hope I get some reply.
Regards
and so Thankful

Talal Shah Bukhari
stalal@gmail.com
talalshah
Cadet
 
Posts: 5
Joined: Mon Apr 10, 2006 2:33 pm

Postby talalshah » Sat Apr 22, 2006 7:43 pm

Also I am not exactly sure How to understand the information Getting from Packet what libraries i am suppose to use for it.
The resource I have say that use XtraType.pm for further programming but i didnt find it in either in perl nor anywhere on Internet. The book i am referring to is "Programming The Network With Perl". How Can I do That.
Thanks again.

Talal Shah Bukhari
stalal@gmail.com
talalshah
Cadet
 
Posts: 5
Joined: Mon Apr 10, 2006 2:33 pm

Postby Kdaemon » Tue Apr 25, 2006 9:24 am

I think code snippt I mentioned in this post should help in.

btw you are not closing the interface handle gained through statement

Code: Select all

my $pkt_desc = Net::PcapUtils::open;

I didn't get your point about Ethereal and Switch?
Usually if you run NIC in promisious mode it'll capture all the traffic.

You can check Net::ARP.
reg linux user #298274
Kdaemon
Naib Subedar
 
Posts: 346
Joined: Sat Nov 30, 2002 12:22 pm
Location: Islamabad. GPS: LHR

Postby talalshah » Thu Apr 27, 2006 10:34 am

I did with Promiscus mode on. but still it didnt work. I read on internet at quite a few places that by only promiscus mode ON NIC dont detect all the traffic on switched networks, and so is happening, it works on hubs not on switches.

By the way I got solved all the problems except to sniff on switched networks.

I went from OPEN and NEXT statements to LOOP Statment, I found that easy so I think there is no need to terminate that "Net::PcapUtils::loop". is there?

I read some features and programs about doing sniffing on switched networks but mostly they dont use PCAP instead writter uses his own written Libraries. I am still not that good programmer to accomplish that task with all the code Experts write without any consult, that's why ui am still in need to know how to do it on switch ???
talalshah
Cadet
 
Posts: 5
Joined: Mon Apr 10, 2006 2:33 pm

Postby soni » Fri Apr 28, 2006 2:16 am

talalshah wrote:I did with Promiscus mode on. but still it didnt work. I read on internet at quite a few places that by only promiscus mode ON NIC dont detect all the traffic on switched networks, and so is happening, it works on hubs not on switches.


It is right, in the case of switches a host either gets a packet unicast/ multicast to it or the
IP or ARP broadcasts. Other than these it does not get any thing.

talashah wrote:I read some features and programs about doing sniffing on switched networks but mostly they dont use PCAP instead writter uses his own written Libraries. I am still not that good programmer to accomplish that task with all the code Experts write without any consult, that's why ui am still in need to know how to do it on switch ???


I'm working on a packet sniffer, I'm not using any libraries etc, but really like to read the documents which address the libraries to change the default behavior of the switches, so please do post the links of such documents.

Regards.
soni
Naik
 
Posts: 70
Joined: Sat Oct 04, 2003 1:44 pm
Website: http://www.cyberian.pk
Location: Karachi

Postby Kdaemon » Sat Apr 29, 2006 5:00 pm

soni wrote:I'm working on a packet sniffer, I'm not using any libraries etc,
Regards.


That's interesting, how you are capturing the packets, through kernel ?
reg linux user #298274
Kdaemon
Naib Subedar
 
Posts: 346
Joined: Sat Nov 30, 2002 12:22 pm
Location: Islamabad. GPS: LHR

Postby soni » Sat Apr 29, 2006 8:27 pm

Kdaemon wrote:
soni wrote:I'm working on a packet sniffer, I'm not using any libraries etc,
Regards.


That's interesting, how you are capturing the packets, through kernel ?


It is using the standard system calls to create and close socket, bind a device and receive from it., get/set sockoptions. The phrase "not using libraries" was used in the context of libraries used by tcpdump(like the pcap lib, addessed in the original post), to select/(receive from) the device, clear/put it in the promiscuous mode, and then set the BPF/LPF filters, for this detail I'm not using any libraries.

http://www.stupidcomputing.com/downloads/sniffer/#code

Regards.
soni
Naik
 
Posts: 70
Joined: Sat Oct 04, 2003 1:44 pm
Website: http://www.cyberian.pk
Location: Karachi

Re: Another Problem with Network Analyzer...! please help me

Postby lambda » Sat Apr 29, 2006 10:09 pm

talalshah wrote:I checked it on P2P it start catching the packets, but after 15 to 20 Packets I dont know what happens suddenly the language of the terminal window change and it start showing different types of ASCI characters instead of simple english. and no matter i close the script it still dont go back to its original shape.

you're displaying the packets you capture on your screen. the problem is that some packets contain control character that change how your terminal displays text. you can get the same effect by typing 'cat /bin/ls' or some other binary.

you can fix this if you're in an xterm by holding down the control key, holding down the middle mouse button to get the menu, and selecting the 'reset and clear saved lines' menu item. if you're working on the console, or from a remote machine (using telnet or ssh), try typing 'tput reset'. if that doesn't work, type

Code: Select all

printf '\033c'
exactly like that.
lambda
Major General
 
Posts: 3452
Joined: Tue May 27, 2003 7:04 pm
Website: http://www.hungry.com/~fn/
Location: Lahore

Postby lambda » Sat Apr 29, 2006 10:14 pm

talalshah wrote:Also I am not exactly sure How to understand the information Getting from Packet what libraries i am suppose to use for it.

there are no standard libraries for this sort of stuff. if you want to understand the packets going by on your network, you have to understand the protocol used by the p2p application. only then can you decode the packets.
lambda
Major General
 
Posts: 3452
Joined: Tue May 27, 2003 7:04 pm
Website: http://www.hungry.com/~fn/
Location: Lahore

Postby Kdaemon » Tue May 02, 2006 1:20 pm

soni wrote:
Kdaemon wrote:
soni wrote:I'm working on a packet sniffer, I'm not using any libraries etc,
Regards.


That's interesting, how you are capturing the packets, through kernel ?


It is using the standard system calls to create and close socket, bind a device and receive from it., get/set sockoptions. The phrase "not using libraries" was used in the context of libraries used by tcpdump(like the pcap lib, addessed in the original post), to select/(receive from) the device, clear/put it in the promiscuous mode, and then set the BPF/LPF filters, for this detail I'm not using any libraries.

http://www.stupidcomputing.com/downloads/sniffer/#code

Regards.


Thanks. soni for providing that URL, I'll for sure go through the source code.
reg linux user #298274
Kdaemon
Naib Subedar
 
Posts: 346
Joined: Sat Nov 30, 2002 12:22 pm
Location: Islamabad. GPS: LHR


Return to “%s” Programming

Who is online

Users browsing this forum: No registered users and 1 guest

cron