1Pcap(3) User Contributed Perl Documentation Pcap(3)
2
6 Net::Pcap - Interface to pcap(3) LBL packet capture library
7
9 Version 0.14
10
12 use Net::Pcap;
13 my $err = '';
15 my $dev = Net::Pcap::lookupdev(\$err); # find a device
16 # open the device for live listening
18 my $pcap = Net::Pcap::open_live($dev, 1024, 1, 0, \$err);
19 # loop over next 10 packets
21 Net::Pcap::loop($pcap, 10, \&process_packet, "just for the demo");
22 # close the device
24 Net::Pcap::close($pcap);
25 sub process_packet {
27 my($user_data, $header, $packet) = @_;
28 # do something ...
29 }
30
32 "Net::Pcap" is a Perl binding to the LBL pcap(3) library. The README
33 for libpcap describes itself as:
34 "a system-independent interface for user-level packet capture.
36 libpcap provides a portable framework for low-level network
37 monitoring. Applications include network statistics collection,
38 security monitoring, network debugging, etc."
39
41 "Net::Pcap" supports the following "Exporter" tags:
42 · ":bpf" exports a few BPF related constants:
44 BPF_ALIGNMENT BPF_MAJOR_VERSION BPF_MAXBUFSIZE BPF_MAXINSNS
46 BPF_MEMWORDS BPF_MINBUFSIZE BPF_MINOR_VERSION BPF_RELEASE
47 · ":datalink" exports the data link types macros:
49 DLT_AIRONET_HEADER DLT_APPLE_IP_OVER_IEEE1394 DLT_ARCNET
51 DLT_ARCNET_LINUX DLT_ATM_CLIP DLT_ATM_RFC1483 DLT_AURORA DLT_AX25
52 DLT_CHAOS DLT_CHDLC DLT_CISCO_IOS DLT_C_HDLC DLT_DOCSIS DLT_ECONET
53 DLT_EN10MB DLT_EN3MB DLT_ENC DLT_FDDI DLT_FRELAY DLT_HHDLC
54 DLT_IBM_SN DLT_IBM_SP DLT_IEEE802 DLT_IEEE802_11 DLT_IEEE802_11_RADIO
55 DLT_IEEE802_11_RADIO_AVS DLT_IPFILTER DLT_IP_OVER_FC DLT_JUNIPER_ATM1
56 DLT_JUNIPER_ATM2 DLT_JUNIPER_ES DLT_JUNIPER_GGSN DLT_JUNIPER_MFR
57 DLT_JUNIPER_MLFR DLT_JUNIPER_MLPPP DLT_JUNIPER_MONITOR DLT_JUNIPER_SERVICES
58 DLT_LINUX_IRDA DLT_LINUX_SLL DLT_LOOP DLT_LTALK DLT_NULL DLT_OLD_PFLOG
59 DLT_PCI_EXP DLT_PFLOG DLT_PFSYNC DLT_PPP DLT_PPP_BSDOS DLT_PPP_ETHER
60 DLT_PPP_SERIAL DLT_PRISM_HEADER DLT_PRONET DLT_RAW DLT_RIO DLT_SLIP
61 DLT_SLIP_BSDOS DLT_SUNATM DLT_SYMANTEC_FIREWALL DLT_TZSP DLT_USER0
62 DLT_USER1 DLT_USER2 DLT_USER3 DLT_USER4 DLT_USER5 DLT_USER6 DLT_USER7
63 DLT_USER8 DLT_USER9 DLT_USER10 DLT_USER11 DLT_USER12 DLT_USER13
64 DLT_USER14 DLT_USER15
65 · ":pcap" exports the following "pcap" constants:
67 PCAP_ERRBUF_SIZE PCAP_IF_LOOPBACK
69 PCAP_VERSION_MAJOR PCAP_VERSION_MINOR
70 · ":mode" exports the following constants:
72 MODE_CAPT MODE_MON MODE_STAT
74 · ":openflag" exports the following constants:
76 OPENFLAG_PROMISCUOUS OPENFLAG_DATATX_UDP OPENFLAG_NOCAPTURE_RPCAP
78 · ":source" exports the following constants:
80 PCAP_SRC_FILE PCAP_SRC_IFLOCAL PCAP_SRC_IFREMOTE
82 · ":sample" exports the following constants:
84 PCAP_SAMP_NOSAMP PCAP_SAMP_1_EVERY_N PCAP_SAMP_FIRST_AFTER_N_MS
86 · ":rpcap" exports the following constants:
88 RMTAUTH_NULL RMTAUTH_PWD
90 · ":functions" exports the function names, so that you can write
92 "lookupdev()" instead of "Net::Pcap::lookupdev()" for example. As
93 some functions would have the same name as existing Perl functions,
94 they have been prefixed by "pcap_". This is the case for "open()",
95 "close()", "next()", "dump()", "file()", "fileno()".
96 The symbols from the ":datalink" and ":pcap" tags are exported by
98 default.
99
101 All functions defined by "Net::Pcap" are direct mappings to the libpcap
102 functions. Consult the pcap(3) documentation and source code for more
103 information.
104 Arguments that change a parameter, for example
106 "Net::Pcap::lookupdev()", are passed that parameter as a reference.
107 This is to retain compatibility with previous versions of Net::Pcap.
108 Lookup functions
110 lookupdev(\$err)
112 Net::Pcap::lookupdev(\$err)
113 Returns the name of a network device that can be used with
114 "Net::Pcap::open_live()" function. On error, the $err parameter is
115 filled with an appropriate error message else it is undefined.
116 Example
118 $dev = Net::Pcap::lookupdev();
120 findalldevs(\%devinfo, \$err)
122 Net::Pcap::findalldevs(\%devinfo, \$err)
123 Returns a list of all network device names that can be used with
124 "Net::Pcap::open_live()" function. On error, the $err parameter is
125 filled with an appropriate error message else it is undefined.
126 Example
128 @devs = Net::Pcap::findalldevs(\%devinfo, \$err);
130 for my $dev (@devs) {
131 print "$dev : $devinfo{$dev}\n"
132 }
133 Note: For backward compatibility reasons, this function can also be
135 called using the following signatures:
136 @devs = Net::Pcap::findalldevs(\$err);
138 @devs = Net::Pcap::findalldevs(\$err, \%devinfo);
140 The first form was introduced by Marco Carnut in "Net::Pcap" ver‐
142 sion 0.05 and kept intact in versions 0.06 and 0.07. The second
143 form was introduced by Jean-Louis Morel for the Windows only,
144 ActivePerl port of "Net::Pcap", in versions 0.04.01 and 0.04.02.
145 The new syntax has been introduced for consistency with the rest of
147 the Perl API and the C API of libpcap(3), where $err is always the
148 last argument.
149 lookupnet($dev, \$net, \$mask, \$err)
151 Net::Pcap::lookupnet($dev, \$net, \$mask, \$err)
152 Determine the network number and netmask for the device specified
153 in $dev. The function returns 0 on success and sets the $net and
154 $mask parameters with values. On failure it returns -1 and the
155 $err parameter is filled with an appropriate error message.
156 Packet capture functions
158 open_live($dev, $snaplen, $promisc, $to_ms, \$err)
160 Net::Pcap::open_live($dev, $snaplen, $promisc, $to_ms, \$err)
161 Returns a packet capture descriptor for looking at packets on the
162 network. The $dev parameter specifies which network interface to
163 capture packets from. The $snaplen and $promisc parameters specify
164 the maximum number of bytes to capture from each packet, and
165 whether to put the interface into promiscuous mode, respectively.
166 The $to_ms parameter specifies a read timeout in milliseconds. The
167 packet descriptor will be undefined if an error occurs, and the
168 $err parameter will be set with an appropriate error message.
169 Example
171 $dev = Net::Pcap::lookupdev();
173 $pcap = Net::Pcap::open_live($dev, 1024, 1, 0, \$err)
174 or die "Can't open device $dev: $err\n";
175 open_dead($linktype, $snaplen)
177 Net::Pcap::open_dead($linktype, $snaplen)
178 Creates and returns a new packet descriptor to use when calling the
179 other functions in "libpcap". It is typically used when just using
180 "libpcap" for compiling BPF code.
181 Example
183 $pcap = Net::Pcap::open_dead(0, 1024);
185 open_offline($filename, \$err)
187 Net::Pcap::open_offline($filename, \$err)
188 Return a packet capture descriptor to read from a previously cre‐
189 ated "savefile". The returned descriptor is undefined if there was
190 an error and in this case the $err parameter will be filled. Save‐
191 files are created using the "Net::Pcap::dump_*" commands.
192 Example
194 $pcap = Net::Pcap::open_offline($dump, \$err)
196 or die "Can't read '$dump': $err\n";
197 loop($pcap, $count, \&callback, $user_data)
199 Net::Pcap::loop($pcap, $count, \&callback, $user_data)
200 Read $count packets from the packet capture descriptor $pcap and
201 call the perl function &callback with an argument of $user_data.
202 If $count is negative, then the function loops forever or until an
203 error occurs. Returns 0 if $count is exhausted, -1 on error, and -2
204 if the loop terminated due to a call to pcap_breakloop() before any
205 packets were processed.
206 The callback function is also passed packet header information and
208 packet data like so:
209 sub process_packet {
211 my($user_data, $header, $packet) = @_;
212 ...
214 }
215 The header information is a reference to a hash containing the fol‐
217 lowing fields.
218 * "len"
220 The total length of the packet.
221 * "caplen"
223 The actual captured length of the packet data. This corre‐
224 sponds to the snapshot length parameter passed to
225 "Net::Pcap::open_live()".
226 * "tv_sec"
228 Seconds value of the packet timestamp.
229 * "tv_usec"
231 Microseconds value of the packet timestamp.
232 Example
234 Net::Pcap::loop($pcap, 10, \&process_packet, "user data");
236 sub process_packet {
238 my($user_data, $header, $packet) = @_;
239 # ...
240 }
241 breakloop($pcap)
243 Net::Pcap::breakloop($pcap)
244 Sets a flag that will force "Net::Pcap::dispatch()" or
245 "Net::Pcap::loop()" to return rather than looping; they will return
246 the number of packets that have been processed so far, or -2 if no
247 packets have been processed so far.
248 This routine is safe to use inside a signal handler on UNIX or a
250 console control handler on Windows, as it merely sets a flag that
251 is checked within the loop.
252 Please see the section on "pcap_breakloop()" in pcap(3) for more
254 information.
255 pcap_close($pcap)
257 Net::Pcap::close($pcap)
258 Close the packet capture device associated with the descriptor
259 $pcap.
260 dispatch($pcap, $count, \&callback, $user_data)
262 Net::Pcap::dispatch($pcap, $count, \&callback, $user_data)
263 Collect $count packets and process them with callback function
264 &callback. if $count is -1, all packets currently buffered are
265 processed. If $count is 0, process all packets until an error
266 occurs.
267 pcap_next($pcap, \%header)
269 Net::Pcap::next($pcap, \%header)
270 Return the next available packet on the interface associated with
271 packet descriptor $pcap. Into the %header hash is stored the
272 received packet header. If not packet is available, the return
273 value and header is undefined.
274 pcap_next_ex($pcap, \%header, \$packet)
276 Net::Pcap::next_ex($pcap, \%header, \$packet)
277 Reads the next available packet on the interface associated with
278 packet descriptor $pcap, stores its header in "\%header" and its
279 data in "\$packet" and returns a success/failure indication:
280 * 1 means that the packet was read without problems;
282 * 0 means that packets are being read from a live capture, and
284 the timeout expired;
285 * "-1" means that an error occurred while reading the packet;
287 * "-2" packets are being read from a dump file, and there are no
289 more packets to read from the savefile.
290 compile($pcap, \$filter, $filter_str, $optimize, $netmask)
292 Net::Pcap::compile($pcap, \$filter, $filter_str, $optimize, $netmask)
293 Compile the filter string contained in $filter_str and store it in
294 $filter. A description of the filter language can be found in the
295 libpcap source code, or the manual page for tcpdump(8) . The fil‐
296 ter is optimized if the $optimize variable is true. The netmask of
297 the network device must be specified in the $netmask parameter.
298 The function returns 0 if the compilation was successful, or -1 if
299 there was a problem.
300 compile_nopcap($snaplen, $linktype, \$filter, $filter_str, $optimize,
302 $netmask)
303 Net::Pcap::compile_nopcap($snaplen, $linktype, \$filter, $filter_str,
304 $optimize, $netmask)
305 Similar to "compile()" except that instead of passing a $pcap
306 descriptor, one passes $snaplen and $linktype directly. Returns -1
307 if there was an error, but the error message is not available.
308 setfilter($pcap, $filter)
310 Net::Pcap::setfilter($pcap, $filter)
311 Associate the compiled filter stored in $filter with the packet
312 capture descriptor $pcap.
313 freecode($filter)
315 Net::Pcap::freecode($filter)
316 Used to free the allocated memory used by a compiled filter, as
317 created by "pcap_compile()".
318 setnonblock($pcap, $mode, \$err)
320 Net::Pcap::setnonblock($pcap, $mode, \$err)
321 Set the non-blocking mode of a live capture descriptor, depending
322 on the value of $mode (zero to activate and non-zero to deacti‐
323 vate). It has no effect on offline descriptors. If there is an
324 error, it returns -1 and sets $err.
325 In non-blocking mode, an attempt to read from the capture descrip‐
327 tor with "pcap_dispatch()" will, if no packets are currently avail‐
328 able to be read, return 0 immediately rather than blocking waiting
329 for packets to arrive. "pcap_loop()" and "pcap_next()" will not
330 work in non-blocking mode.
331 getnonblock($pcap, \$err)
333 Net::Pcap::getnonblock($pcap, \$err)
334 Returns the non-blocking state of the capture descriptor $pcap.
335 Always returns 0 on savefiles. If there is an error, it returns -1
336 and sets $err.
337 Savefile commands
339 dump_open($pcap, $filename)
341 Net::Pcap::dump_open($pcap, $filename)
342 Open a savefile for writing and return a descriptor for doing so.
343 If $filename is "-" data is written to standard output. On error,
344 the return value is undefined and "Net::Pcap::geterr()" can be used
345 to retrieve the error text.
346 pcap_dump($dumper, \%header, $packet)
348 Net::Pcap::dump($dumper, \%header, $packet)
349 Dump the packet described by header %header and packet data $packet
350 to the savefile associated with $dumper. The packet header has the
351 same format as that passed to the "Net::Pcap::loop()" callback.
352 Example
354 my $dump_file = 'network.dmp';
356 my $dev = Net::Pcap::lookupdev();
357 my $pcap = Net::Pcap::open_live($dev, 1024, 1, 0, \$err);
358 my $dumper = Net::Pcap::dump_open($pcap, $dump_file);
360 Net::Pcap::loop($pcap, 10, \&process_packet, '');
361 Net::Pcap::dump_close($dumper);
362 sub process_packet {
364 my($user_data, $header, $packet) = @_;
365 Net::Pcap::dump($dumper, $header, $packet);
366 }
367 dump_file($dumper)
369 Net::Pcap::dump_file($dumper)
370 Returns the filehandle associated with a savefile opened with
371 "Net::Pcap::dump_open()".
372 dump_flush($dumper)
374 Net::Pcap::dump_flush($dumper)
375 Flushes the output buffer to the corresponding save file, so that
376 any packets written with "Net::Pcap::dump()" but not yet written to
377 the save file will be written. Returns -1 on error, 0 on success.
378 dump_close($dumper)
380 Net::Pcap::dump_close($dumper)
381 Close the savefile associated with the descriptor $dumper.
382 Status functions
384 datalink($pcap)
386 Net::Pcap::datalink($pcap)
387 Returns the link layer type associated with the given pcap descrip‐
388 tor.
389 Example
391 $linktype = Net::Pcap::datalink($pcap);
393 set_datalink($pcap, $linktype)
395 Net::Pcap::set_datalink($pcap, $linktype)
396 Sets the data link type of the given pcap descriptor to the type
397 specified by $linktype. Returns -1 on failure.
398 datalink_name_to_val($name)
400 Net::Pcap::datalink_name_to_val($name)
401 Translates a data link type name, which is a "DLT_" name with the
402 "DLT_" part removed, to the corresponding data link type value. The
403 translation is case-insensitive. Returns -1 on failure.
404 Example
406 $linktype = Net::Pcap::datalink_name_to_val('LTalk'); # returns DLT_LTALK
408 datalink_val_to_name($linktype)
410 Net::Pcap::datalink_val_to_name($linktype)
411 Translates a data link type value to the corresponding data link
412 type name.
413 Example
415 $name = Net::Pcap::datalink_val_to_name(DLT_LTALK); # returns 'LTALK'
417 datalink_val_to_description($linktype)
419 Net::Pcap::datalink_val_to_description($linktype)
420 Translates a data link type value to a short description of that
421 data link type.
422 Example
424 $descr = Net::Pcap::datalink_val_to_description(DLT_LTALK); # returns 'Localtalk'
426 snapshot($pcap)
428 Net::Pcap::snapshot($pcap)
429 Returns the snapshot length (snaplen) specified in the call to
430 "Net::Pcap::open_live()".
431 is_swapped($pcap)
433 Net::Pcap::is_swapped($pcap)
434 This function returns true if the endianness of the currently open
435 savefile is different from the endianness of the machine.
436 major_version($pcap)
438 Net::Pcap::major_version($pcap)
439 Return the major version number of the pcap library used to write
440 the currently open savefile.
441 minor_version($pcap)
443 Net::Pcap::minor_version($pcap)
444 Return the minor version of the pcap library used to write the cur‐
445 rently open savefile.
446 stats($pcap, \%stats)
448 Net::Pcap::stats($pcap, \%stats)
449 Returns a hash containing information about the status of packet
450 capture device $pcap. The hash contains the following fields.
451 * "ps_recv"
453 The number of packets received by the packet capture software.
454 * "ps_drop"
456 The number of packets dropped by the packet capture software.
457 * "ps_ifdrop"
459 The number of packets dropped by the network interface.
460 pcap_file($pcap)
462 Net::Pcap::file($pcap)
463 Returns the filehandle associated with a savefile opened with
464 "Net::Pcap::open_offline()" or "undef" if the device was opened
465 with "Net::pcap::open_live()"..
466 pcap_fileno($pcap)
468 Net::Pcap::fileno($pcap)
469 Returns the file number of the network device opened with
470 "Net::Pcap::open_live()".
471 get_selectable_fd($pcap)
473 Net::Pcap::get_selectable_fdfileno($pcap)
474 Returns, on Unix, a file descriptor number for a file descriptor on
475 which one can do a "select()" or "poll()" to wait for it to be pos‐
476 sible to read packets without blocking, if such a descriptor
477 exists, or -1, if no such descriptor exists. Some network devices
478 opened with "Net::Pcap::open_live()" do not support "select()" or
479 "poll()", so -1 is returned for those devices. See pcap(3) for
480 more details.
481 Error handling
483 geterr($pcap)
485 Net::Pcap::geterr($pcap)
486 Returns an error message for the last error associated with the
487 packet capture device $pcap.
488 strerror($errno)
490 Net::Pcap::strerror($errno)
491 Returns a string describing error number $errno.
492 perror($pcap, $prefix)
494 Net::Pcap::perror($pcap, $prefix)
495 Prints the text of the last error associated with descriptor $pcap
496 on standard error, prefixed by $prefix.
497 Information
499 lib_version()
501 Net::Pcap::lib_version()
502 Returns the name and version of the "pcap" library the module was
503 linked against.
504 WinPcap specific functions
506 The following functions are only available with WinPcap, the Win32 port
508 of the Pcap library. If a called function is not available, it will
509 cleanly "croak()".
510 createsrcstr(\$source, $type, $host, $port, $name, \$err)
512 Net::Pcap::createsrcstr(\$source, $type, $host, $port, $name, \$err)
513 Accepts a set of strings (host name, port, ...), and stores the
514 complete source string according to the new format (e.g.
515 "rpcap://1.2.3.4/eth0") in $source.
516 This function is provided in order to help the user creating the
518 source string according to the new format. An unique source string
519 is used in order to make easy for old applications to use the
520 remote facilities. Think about tcpdump(1), for example, which has
521 only one way to specify the interface on which the capture has to
522 be started. However, GUI-based programs can find more useful to
523 specify hostname, port and interface name separately. In that case,
524 they can use this function to create the source string before pass‐
525 ing it to the "pcap_open()" function.
526 Returns 0 if everything is fine, -1 if some errors occurred. The
528 string containing the complete source is returned in the $source
529 variable.
530 parsesrcstr($source, \$type, \$host, \$port, \$name, \$err)
532 Net::Pcap::parsesrcstr($source, \$type, \$host, \$port, \$name, \$err)
533 Parse the source string and stores the pieces in which the source
534 can be split in the corresponding variables.
535 This call is the other way round of "pcap_createsrcstr()". It
537 accepts a null-terminated string and it returns the parameters
538 related to the source. This includes:
539 * the type of the source (file, WinPcap on a remote adapter, Win‐
541 Pcap on local adapter), which is determined by the source pre‐
542 fix ("PCAP_SRC_IF_STRING" and so on);
543 * the host on which the capture has to be started (only for
545 remote captures);
546 * the raw name of the source (file name, name of the remote
548 adapter, name of the local adapter), without the source prefix.
549 The string returned does not include the type of the source
550 itself (i.e. the string returned does not include "file://" or
551 "rpcap://" or such).
552 The user can omit some parameters in case it is not interested in
554 them.
555 Returns 0 if everything is fine, -1 if some errors occurred. The
557 requested values (host name, network port, type of the source) are
558 returned into the proper variables passed by reference.
559 pcap_open($source, $snaplen, $flags, $read_timeout, \$auth, \$err)
561 Net::Pcap::open($source, $snaplen, $flags, $read_timeout, \$auth,
562 \$err)
563 Open a generic source in order to capture / send (WinPcap only)
564 traffic.
565 The "pcap_open()" replaces all the "pcap_open_xxx()" functions with
567 a single call.
568 This function hides the differences between the different
570 "pcap_open_xxx()" functions so that the programmer does not have to
571 manage different opening function. In this way, the true "open()"
572 function is decided according to the source type, which is included
573 into the source string (in the form of source prefix).
574 Returns a pointer to a pcap descriptor which can be used as a
576 parameter to the following calls ("compile()" and so on) and that
577 specifies an opened WinPcap session. In case of problems, it
578 returns "undef" and the $err variable keeps the error message.
579 setbuff($pcap, $dim)
581 Net::Pcap::setbuff($pcap, $dim)
582 Sets the size of the kernel buffer associated with an adapter.
583 $dim specifies the size of the buffer in bytes. The return value
584 is 0 when the call succeeds, -1 otherwise.
585 If an old buffer was already created with a previous call to "set‐
587 buff()", it is deleted and its content is discarded. "open_live()"
588 creates a 1 MB buffer by default.
589 setuserbuffer($pcap, $size)
591 Net::Pcap::setbuff($pcap, $size)
592 Note: Undocumented public function
593 setmode($pcap, $mode)
595 Net::Pcap::setmode($pcap, $mode)
596 Sets the working mode of the interface $pcap to $mode. Valid val‐
597 ues for $mode are "MODE_CAPT" (default capture mode) and
598 "MODE_STAT" (statistical mode).
599 setmintocopy($pcap, $size)
601 Net::Pcap::setmintocopy($pcap_t, $size)
602 Changes the minimum amount of data in the kernel buffer that causes
603 a read from the application to return (unless the timeout expires).
604 getevent($pcap)
606 Net::Pcap::getevent($pcap)
607 Returns the "Win32::Event" object associated with the interface
608 $pcap. Can be used to wait until the driver's buffer contains some
609 data without performing a read. See Win32::Event.
610 sendpacket($pcap, $packet)
612 Net::Pcap::sendpacket($pcap, $packet)
613 Send a raw packet to the network. $pcap is the interface that will
614 be used to send the packet, $packet contains the data of the packet
615 to send (including the various protocol headers). The MAC CRC
616 doesn't need to be included, because it is transparently calculated
617 and added by the network interface driver. The return value is 0 if
618 the packet is successfully sent, -1 otherwise.
619 sendqueue_alloc($memsize)
621 Net::Pcap::sendqueue_alloc($memsize)
622 This function allocates and returns a send queue, i.e. a buffer
623 containing a set of raw packets that will be transmitted on the
624 network with "sendqueue_transmit()".
625 $memsize is the size, in bytes, of the queue, therefore it deter‐
627 mines the maximum amount of data that the queue will contain. This
628 memory is automatically deallocated when the queue ceases to exist.
629 sendqueue_queue($queue, \%header, $packet)
631 Net::Pcap::sendqueue_queue($queue, \%header, $packet)
632 Adds a packet at the end of the send queue pointed by $queue. The
633 packet header %header has the same format as that passed to the
634 "loop()" callback. $ackekt is a buffer with the data of the packet.
635 The %headerr header structure is the same used by WinPcap and libp‐
637 cap to store the packets in a file, therefore sending a capture
638 file is straightforward. "Raw packet" means that the sending appli‐
639 cation will have to include the protocol headers, since every
640 packet is sent to the network as is. The CRC of the packets needs
641 not to be calculated, because it will be transparently added by the
642 network interface.
643 sendqueue_transmit($pcap, $queue, $sync)
645 Net::Pcap::sendqueue_transmit($pcap, $queue, $sync)
646 This function transmits the content of a queue to the wire. $pcapt
647 is the interface on which the packets will be sent, $queue is to a
648 "send_queue" containing the packets to send, $sync determines if
649 the send operation must be synchronized: if it is non-zero, the
650 packets are sent respecting the timestamps, otherwise they are sent
651 as fast as possible.
652 The return value is the amount of bytes actually sent. If it is
654 smaller than the size parameter, an error occurred during the send.
655 The error can be caused by a driver/adapter problem or by an incon‐
656 sistent/bogus send queue.
657
659 "Net::Pcap" exports by default the names of several constants in order
660 to ease the development of programs. See "EXPORTS" for details about
661 which constants are exported.
662 Here are the descriptions of a few data link types. See pcap(3) for a
664 more complete description and semantics associated with each data link.
665 · "DLT_NULL" - BSD loopback encapsulation
667 · "DLT_EN10MB" - Ethernet (10Mb, 100Mb, 1000Mb, and up)
669 · "DLT_RAW" - raw IP
671 · "DLT_IEEE802" - IEEE 802.5 Token Ring
673 · "DLT_IEEE802_11" - IEEE 802.11 wireless LAN
675 · "DLT_FRELAY" - Frame Relay
677 · "DLT_FDDI" - FDDI
679 · "DLT_SLIP" - Serial Line IP
681 · "DLT_PPP" - PPP (Point-to-point Protocol)
683 · "DLT_PPP_SERIAL" - PPP over serial with HDLC encapsulation
685 · "DLT_PPP_ETHER" - PPP over Ethernet
687 · "DLT_IP_OVER_FC" - RFC 2625 IP-over-Fibre Channel
689 · "DLT_AX25" - Amateur Radio AX.25
691 · "DLT_LINUX_IRDA" - Linux-IrDA
693 · "DLT_LTALK" - Apple LocalTalk
695 · "DLT_APPLE_IP_OVER_IEEE1394" - Apple IP-over-IEEE 1394 (a.k.a.
697 Firewire)
698
700 arg%d not a scalar ref
701 arg%d not a hash ref
702 arg%d not a reference
703 (F) These errors occur if you forgot to give a reference to a func‐
704 tion which expect one or more of its arguments to be references.
705
707 The following limitations apply to this version of "Net::Pcap".
708 · At present, only one callback function and user data scalar can be
710 current at any time as they are both stored in global variables.
711
713 Please report any bugs or feature requests to
714 "bug-Net-Pcap@rt.cpan.org", or through the web interface at
715 <https://rt.cpan.org/NoAuth/Bugs.html?Dist=Net-Pcap>. I will be noti‐
716 fied, and then you'll automatically be notified of progress on your bug
717 as I make changes.
718 Currently known bugs:
720 · the "ps_recv" field is not correctly set; see t/07-stats.t
722 · "Net::Pcap::file()" seems to always returns "undef" for live con‐
724 nection and causes segmentation fault for dump files; see
725 t/10-fileno.t
726 · "Net::Pcap::fileno()" is documented to return -1 when called on
728 save file, but seems to always return an actual file number. See
729 t/10-fileno.t
730 · "Net::Pcap::dump_file()" seems to corrupt something somewhere, and
732 makes scripts dump core. See t/05-dump.t
733
735 See the eg/ and t/ directories of the "Net::Pcap" distribution for
736 examples on using this module.
737
739 pcap(3), tcpdump(8)
740 The source code for the pcap(3) library is available from
742 <http://www.tcpdump.org/>
743 The source code and binary for the Win32 version of the pcap library,
745 WinPcap, is available from <http://www.winpcap.org/>
746 Hacking Linux Exposed: Sniffing with Net::Pcap to stealthily managing
748 iptables rules remotely, <http://www.hackinglinuxexposed.com/arti‐
749 cles/20030730.html>
750 PerlMonks node about "Net::Pcap", <http://perl‐
752 monks.org/?node_id=170648>
753
755 Current maintainer is Sebastien Aperghis-Tramoni (SAPER)
756 <sebastien@aperghis.net> with the help of Jean-Louis Morel (JLMOREL)
757 <jl_morel@bribes.org> for WinPcap support.
758 Previous authors & maintainers:
760 · Marco Carnut (KCARNUT) <kiko@tempest.com.br>
762 · Tim Potter (TIMPOTTER) <tpot@frungy.org>
764 · Bo Adler (BOADLER) <thumper@alumni.caltech.edu>
766 · Peter Lister (PLISTER) <p.lister@cranfield.ac.uk>
768
770 To Paul Johnson for his module "Devel::Cover" and his patience for
771 helping me using it with XS code, which revealed very useful for writ‐
772 ing more tests.
773 To the beta-testers: Jean-Louis Morel, Max Maischen, Philippe Bruhat,
775 David Morel, Scott Lanning, Rafael Garcia-Suarez, Karl Y. Pradene.
776
778 Copyright (C) 2005, 2006 Sebastien Aperghis-Tramoni. All rights
779 reserved.
780 Copyright (C) 2003 Marco Carnut. All rights reserved.
782 Copyright (C) 1999-2000 Tim Potter. All rights reserved.
784 Copyright (C) 1998 Bo Adler. All rights reserved.
786 Copyright (C) 1997 Peter Lister. All rights reserved.
788 This program is free software; you can redistribute it and/or modify it
790 under the same terms as Perl itself.
791perl v5.8.8 2006-09-04 Pcap(3)