NAME
Net::Sharktools - Use Wireshark's packet inspection capabilities in Perl
SYNOPSIS
use Net::Sharktools qw(perlshark_read);
my $frames = perlshark_read(
filename => 'capture1.pcap',
fieldnames => [qw(
frame.number
ip.version
tcp.seq
udp.dstport
frame.len
)],
dfilter => 'ip.version eq 4'
# optional decode_as
);
or
use Net::Sharktools qw(perlshark_read_xs);
my $frames = perlshark_read_xs(
'capture1.pcap',
[qw(
frame.number
ip.version
tcp.seq
udp.dstport
frame.len
)],
'ip.version eq 4'
# optional decode_as
);
DESCRIPTION
Net::Sharktools
is an adaptation of the Python interface provided with the Sharktools
package which is a "small set of tools that allow use of Wireshark's deep packet inspection capabilities in interpreted programming languages."
Sharktools can be obtained obtained Armen Babikyan's web site at http://www.mit.edu/~armenb/sharktools/. To use Net::Sharktools
, you must first build the Sharktools C library successfully as described in the README for the Sharktools package (the version of this file bundled with Sharktools v.0.1.5 is included in this module for your reference).
Net::Sharktools
is almost a direct translation of the Python interface pyshark
included with Sharktools.
==head1 BUILD and INSTALLATION
Sharktools is closely coupled with the internals of Wireshark. Before attempting to build Net::Sharktools
, you should ensure that you are able to build and run the Python module pyshark
distributed with Sharktools. Note that you should use python2
to test pyshark
.
The build process for Sharktools requires you to install Wireshark and also have the full source tree for Wireshark accessible. You will need the same to build Sharktools as well.
Currently, the Makefile.PL
for Net::Sharktools
makes no attempt to automatically deduce the locations for your WireShark and Sharktools distributions. You will need to edit Makefile.PL
to point both the compiler and linker to the correct locations.
You can do that by specifying command line options when you generate the Makefile:
perl Makefile.PL --PREFIX=/install/path \
--sharktools-src /home/user/sharktools-0.1.5/src \
--wireshark-src /home/user/shark/wireshark-1.4.3 \
[ --lib-path /additional/library/paths ] \
[ --inc-path /additional/include/paths ]
--inc-path and --lib-path are array valued options, so they can be specified multiple times on the command line.
You should definitely specify those (in addition to the Sharktools and Wireshark source directories) if you encounter any difficulties related to locating glib headers and/or glib and Wireshark libraries on your system.
I have use Devel::CheckLib to perform a sanity check prior to WriteMakefile using a select few headers and libraries. If the checks fail, no Makefile will be generated. Ensure that you have the requisite libraries installed, make sure you have built Sharktools according to its instructions prior to attempting to build Net::Sharktools, and specified the correct paths when invoking Makefile.PL.
Once a Makefile is generated, you can do:
make
make test
make install
EXPORT
The module does not export any functions by default. You can request either perlshark_read
which accepts arguments in a hash ref or as a flattened hash or perlshark_read_xs
which expects positional arguments.
perlshark_read
You can either pass the arguments to this function in a hashref or as a flattened hash. The function does some argument checking and passes the arguments in the correct order to perlshark_read_xs
which uses positional arguments.
The arguments are:
- filename
-
The name of the capture file to be analyzed.
- fieldnames
-
The names of the fields to be extracted.
- dfilter
-
Filter expressions to apply.
perlshark_read_xs
This is the XS routine. It expects 3 or 4 positional arguments.
SEE ALSO
Sharktools http://www.mit.edu/~armenb/sharktools/ and Wireshark http://www.wireshark.org.
ACKNOWLEDGEMENTS
This work was commissioned by brian d foy and the Perl Review.
The XS code is a straightforward translation of the Python interface provided in pyshark.c
AUTHOR
A. Sinan Unur, <nanis@cpan.org>
COPYRIGHT AND LICENSE
Copyright (C) 2011 by A. Sinan Unur
This work was sponsored by brian d foy and The Perl Review.
This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself, either Perl version 5.8.1 or, at your option, any later version of Perl 5 you may have available.