1NetPacket::TCP(3)     User Contributed Perl Documentation    NetPacket::TCP(3)
2
3
4

NAME

6       NetPacket::TCP - Assemble and disassemble TCP (Transmission Control
7       Protocol) packets.
8

VERSION

10       version 1.7.2
11

SYNOPSIS

13         use NetPacket::TCP;
14
15         $tcp_obj = NetPacket::TCP->decode($raw_pkt);
16         $tcp_pkt = $tcp_obj->encode($ip_pkt);
17         $tcp_data = NetPacket::TCP::strip($raw_pkt);
18

DESCRIPTION

20       "NetPacket::TCP" provides a set of routines for assembling and
21       disassembling packets using TCP (Transmission Control Protocol).
22
23   Methods
24       "NetPacket::TCP->decode([RAW PACKET])"
25           Decode the raw packet data given and return an object containing
26           instance data.  This method will quite happily decode garbage
27           input.  It is the responsibility of the programmer to ensure valid
28           packet data is passed to this method.
29
30       "NetPacket::TCP->encode($ip_obj)"
31           Return a TCP packet encoded with the instance data specified.
32           Needs parts of the ip header contained in $ip_obj in order to
33           calculate the TCP checksum.
34
35       "$packet->parse_tcp_options"
36           Returns a hash (or a hash ref in scalar context) containing the
37           packet's options.
38
39           For now the method only recognizes well-known and widely used
40           options (MSS, noop, windows scale factor, SACK permitted, SACK,
41           timestamp).  If the packet contains options unknown to the method,
42           it may fail.
43
44   Functions
45       "NetPacket::TCP::strip([RAW PACKET])"
46           Return the encapsulated data (or payload) contained in the TCP
47           packet.  This data is suitable to be used as input for other
48           "NetPacket::*" modules.
49
50           This function is equivalent to creating an object using the
51           decode() constructor and returning the "data" field of that object.
52
53   Instance data
54       The instance data for the "NetPacket::TCP" object consists of the
55       following fields.
56
57       src_port
58           The source TCP port for the packet.
59
60       dest_port
61           The destination TCP port for the packet.
62
63       seqnum
64           The TCP sequence number for this packet.
65
66       acknum
67           The TCP acknowledgement number for this packet.
68
69       hlen
70           The header length for this packet.
71
72       reserved
73           The 6-bit "reserved" space in the TCP header.
74
75       flags
76           Contains the urg, ack, psh, rst, syn, fin, ece and cwr flags for
77           this packet.
78
79       winsize
80           The TCP window size for this packet.
81
82       cksum
83           The TCP checksum.
84
85       urg The TCP urgent pointer.
86
87       options
88           Any TCP options for this packet in binary form.
89
90       data
91           The encapsulated data (payload) for this packet.
92
93   Exports
94       default
95           FIN SYN RST PSH ACK URG ECE CWR Can be used to set the appropriate
96           flag.
97
98       exportable
99           tcp_strip
100
101       tags
102           The following tags group together related exportable items.
103
104           ":strip"
105               Import the strip function "tcp_strip".
106
107           ":ALL"
108               All the above exportable items.
109

EXAMPLE

111       The following script is a primitive pop3 sniffer.
112
113         #!/usr/bin/perl -w
114
115         use strict;
116         use Net::PcapUtils;
117         use NetPacket::Ethernet qw(:strip);
118         use NetPacket::IP qw(:strip);
119         use NetPacket::TCP;
120
121         sub process_pkt {
122             my($arg, $hdr, $pkt) = @_;
123
124             my $tcp_obj = NetPacket::TCP->decode(ip_strip(eth_strip($pkt)));
125
126             if (($tcp_obj->{src_port} == 110) or ($tcp_obj->{dest_port} == 110)) {
127                 print($tcp_obj->{data});
128             }
129         }
130
131         Net::PcapUtils::loop(\&process_pkt, FILTER => 'tcp');
132
133       The following uses NetPacket together with Net::Divert to add a syn
134       flag to all TCP packets passing through:
135
136         #!/usr/bin/perl
137
138         use Net::Divert;
139         use NetPacket::IP qw(IP_PROTO_TCP);
140         use NetPacket::TCP;
141
142
143         $divobj = Net::Divert->new('yourhostname',9999);
144
145         $divobj->getPackets(\&alterPacket);
146
147         sub alterPacket {
148             my($packet,$fwtag) = @_;
149
150             # decode the IP header
151             $ip_obj = NetPacket::IP->decode($packet);
152
153             # check if this is a TCP packet
154             if($ip_obj->{proto} == IP_PROTO_TCP) {
155
156                 # decode the TCP header
157                 $tcp_obj = NetPacket::TCP->decode($ip_obj->{data});
158
159                 # set the syn flag
160                 $tcp_obj->{flags} |= SYN;
161
162                 # construct the new ip packet
163                 $ip_obj->{data} = $tcp_obj->encode($ip_obj);
164                 $packet = $ip_obj->encode;
165
166             }
167
168             # write it back out
169             $divobj->putPacket($packet,$fwtag);
170          }
171

TODO

173       Assembly of TCP fragments into a data stream
174       Option processing
175       Nicer processing of TCP flags
176
178       Copyright (c) 2001 Tim Potter and Stephanie Wehner.
179
180       Copyright (c) 1995,1996,1997,1998,1999 ANU and CSIRO on behalf of the
181       participants in the CRC for Advanced Computational Systems ('ACSys').
182
183       This module is free software.  You can redistribute it and/or modify it
184       under the terms of the Artistic License 2.0.
185
186       This program is distributed in the hope that it will be useful, but
187       without any warranty; without even the implied warranty of
188       merchantability or fitness for a particular purpose.
189

AUTHOR

191       Tim Potter <tpot@samba.org>
192
193       Stephanie Wehner <atrak@itsx.com>
194
195
196
197perl v5.38.0                      2023-07-21                 NetPacket::TCP(3)
Impressum