1NetPacket::TCP(3)     User Contributed Perl Documentation    NetPacket::TCP(3)
2
3
4

NAME

6       NetPacket::TCP - Assemble and disassemble TCP (Transmission Control
7       Protocol) packets.
8

VERSION

10       version 1.7.2
11

SYNOPSIS

13         use NetPacket::TCP;
14
15         $tcp_obj = NetPacket::TCP->decode($raw_pkt);
16         $tcp_pkt = $tcp_obj->encode($ip_pkt);
17         $tcp_data = NetPacket::TCP::strip($raw_pkt);
18

DESCRIPTION

20       "NetPacket::TCP" provides a set of routines for assembling and
21       disassembling packets using TCP (Transmission Control Protocol).
22
23   Methods
24       "NetPacket::TCP->decode([RAW PACKET])"
25           Decode the raw packet data given and return an object containing
26           instance data.  This method will quite happily decode garbage
27           input.  It is the responsibility of the programmer to ensure valid
28           packet data is passed to this method.
29
30       "NetPacket::TCP->encode($ip_obj)"
31           Return a TCP packet encoded with the instance data specified.
32           Needs parts of the ip header contained in $ip_obj in order to
33           calculate the TCP checksum.
34
35       "$packet->parse_tcp_options"
36           Returns a hash (or a hash ref in scalar context) containing the
37           packet's options.
38
39           For now the method only recognizes well-known and widely used
40           options (MSS, noop, windows scale factor, SACK permitted, SACK,
41           timestamp).  If the packet contains options unknown to the method,
42           it may fail.
43
44   Functions
45       "NetPacket::TCP::strip([RAW PACKET])"
46           Return the encapsulated data (or payload) contained in the TCP
47           packet.  This data is suitable to be used as input for other
48           "NetPacket::*" modules.
49
50           This function is equivalent to creating an object using the
51           "decode()" constructor and returning the "data" field of that
52           object.
53
54   Instance data
55       The instance data for the "NetPacket::TCP" object consists of the
56       following fields.
57
58       src_port
59           The source TCP port for the packet.
60
61       dest_port
62           The destination TCP port for the packet.
63
64       seqnum
65           The TCP sequence number for this packet.
66
67       acknum
68           The TCP acknowledgement number for this packet.
69
70       hlen
71           The header length for this packet.
72
73       reserved
74           The 6-bit "reserved" space in the TCP header.
75
76       flags
77           Contains the urg, ack, psh, rst, syn, fin, ece and cwr flags for
78           this packet.
79
80       winsize
81           The TCP window size for this packet.
82
83       cksum
84           The TCP checksum.
85
86       urg The TCP urgent pointer.
87
88       options
89           Any TCP options for this packet in binary form.
90
91       data
92           The encapsulated data (payload) for this packet.
93
94   Exports
95       default
96           FIN SYN RST PSH ACK URG ECE CWR Can be used to set the appropriate
97           flag.
98
99       exportable
100           tcp_strip
101
102       tags
103           The following tags group together related exportable items.
104
105           ":strip"
106               Import the strip function "tcp_strip".
107
108           ":ALL"
109               All the above exportable items.
110

EXAMPLE

112       The following script is a primitive pop3 sniffer.
113
114         #!/usr/bin/perl -w
115
116         use strict;
117         use Net::PcapUtils;
118         use NetPacket::Ethernet qw(:strip);
119         use NetPacket::IP qw(:strip);
120         use NetPacket::TCP;
121
122         sub process_pkt {
123             my($arg, $hdr, $pkt) = @_;
124
125             my $tcp_obj = NetPacket::TCP->decode(ip_strip(eth_strip($pkt)));
126
127             if (($tcp_obj->{src_port} == 110) or ($tcp_obj->{dest_port} == 110)) {
128                 print($tcp_obj->{data});
129             }
130         }
131
132         Net::PcapUtils::loop(\&process_pkt, FILTER => 'tcp');
133
134       The following uses NetPacket together with Net::Divert to add a syn
135       flag to all TCP packets passing through:
136
137         #!/usr/bin/perl
138
139         use Net::Divert;
140         use NetPacket::IP qw(IP_PROTO_TCP);
141         use NetPacket::TCP;
142
143
144         $divobj = Net::Divert->new('yourhostname',9999);
145
146         $divobj->getPackets(\&alterPacket);
147
148         sub alterPacket {
149             my($packet,$fwtag) = @_;
150
151             # decode the IP header
152             $ip_obj = NetPacket::IP->decode($packet);
153
154             # check if this is a TCP packet
155             if($ip_obj->{proto} == IP_PROTO_TCP) {
156
157                 # decode the TCP header
158                 $tcp_obj = NetPacket::TCP->decode($ip_obj->{data});
159
160                 # set the syn flag
161                 $tcp_obj->{flags} |= SYN;
162
163                 # construct the new ip packet
164                 $ip_obj->{data} = $tcp_obj->encode($ip_obj);
165                 $packet = $ip_obj->encode;
166
167             }
168
169             # write it back out
170             $divobj->putPacket($packet,$fwtag);
171          }
172

TODO

174       Assembly of TCP fragments into a data stream
175       Option processing
176       Nicer processing of TCP flags
177
179       Copyright (c) 2001 Tim Potter and Stephanie Wehner.
180
181       Copyright (c) 1995,1996,1997,1998,1999 ANU and CSIRO on behalf of the
182       participants in the CRC for Advanced Computational Systems ('ACSys').
183
184       This module is free software.  You can redistribute it and/or modify it
185       under the terms of the Artistic License 2.0.
186
187       This program is distributed in the hope that it will be useful, but
188       without any warranty; without even the implied warranty of
189       merchantability or fitness for a particular purpose.
190

AUTHOR

192       Tim Potter <tpot@samba.org>
193
194       Stephanie Wehner <atrak@itsx.com>
195
196
197
198perl v5.30.1                      2020-01-30                 NetPacket::TCP(3)
Impressum