The Perl Toolchain Summit needs more sponsors. If your company depends on Perl, please support this very important event.
 / 
Net-Analysis-0.41
River stage one • 1 direct dependent • 1 total dependent
++
/ Net::Analysis::EventLoop 
            return Net::Analysis::Packet->new
              ({to    => "$ip_obj->{dest_ip}:$tcp_obj->{dest_port}",
                from  => "$ip_obj->{src_ip}:$tcp_obj->{src_port}",
                flags => $tcp_obj->{flags},
                data  => $tcp_obj->{data},
                seqnum => $tcp_obj->{seqnum},
                acknum => $tcp_obj->{acknum},
                pkt_number => $self->{pkt_number}++,

                # These are turned into the object $pkt->{time}
                tv_sec  => $wire_hdrs->{tv_sec},
                tv_usec => $wire_hdrs->{tv_usec},
               } );

NAME

Net::Analysis::EventLoop - generate a stream of packets

SYNOPSIS

 use Net::Analysis::Dispatcher;
 use Net::Analysis::EventLoop;

 my ($d)  = Net::Analysis::Dispatcher->new();
 my ($el) = Net::Analysis::EventLoop->new (dispatcher => $d);

 ... register some listener modules onto the dispatcher ...

 # Now run it over a file ...
 $el->loop_file (filename => 'some.tpcdump');

 # ... or run it over many files ...
 $d->emit_event (name => 'setup'); # need to handle setup/teardown by hand
 foreach (qw(file1 file2 ...)) {
   $el->loop_file (filename => $_, no_setup_teardown => 1);
 }
 $d->emit_event (name => 'teardown');

 # ... or try live capture (using the same filter syntax as tcpdump et al)
 $el->loop_net (filter => 'port 80');

 exit 0;

DESCRIPTION

This module provides the glue between the main dispatcher/listener stuff, and the underlying source of packets.

It gets packets (currently via the NetPacket layer on top of Net::Pcap), turns them into Net::Analysis::Packets, and then dispatches them to any listeners who care about 'tcp_packets'.

Current limitations:

  • Only TCP packets are handled

  • It's not designed to be fast; don't run on GB files unless you're about to go home. Live capture on busy servers may not be the best either; make the most specific filter you can, to allow Net::Pcap to reduce the number of packets that get to here. And watch your memory; it's likely to leak.

  • Live capture is not perfectly integrated; there is no way to cleanly stop capture at this time.

EXPORT

None by default.

SEE ALSO

Net::Analysis::Dispatcher

AUTHOR

Adam B. Worrall, <worrall@cpan.org>

COPYRIGHT AND LICENSE

Copyright (C) 2004 by Adam B. Worrall

This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself, either Perl version 5.8.5 or, at your option, any later version of Perl 5 you may have available.