Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View

Hi there,

I was working on program of mine on TCP-IP these days,
but I was getting odd results, so I tried a simple example on:

In particular this code:

#!/usr/bin/perl -w

  use strict;
  use Net::PcapUtils;
  use NetPacket::Ethernet qw(:strip);
  use NetPacket::IP qw(:strip);
  use NetPacket::TCP;

  sub process_pkt {
      my($arg, $hdr, $pkt) = @_;

      my $tcp_obj = NetPacket::TCP->decode(ip_strip(eth_strip($pkt)));

      if (($tcp_obj-> == 110) or ($tcp_obj-> ==
110)) {

  Net::PcapUtils::loop(\&process_pkt, FILTER => 'tcp');


What I noticed is that
looks like truncated.

For example examining a FTP connection I get only:
"220 XXX.XXX.X.X FTP server (tnftpd"
instead of the complete:
"220 XXX.XXX.X.X FTP server (tnftpd 20061217) ready."

I know about fragmentation...
but shouldn't the code be supposed to collect all the packets?
So I'm expecting to have the information splitted not truncated
with the ending part of the message lost.

Thanks for any idea,

I used:

This is perl, v5.10.0 built for darwin-thread-multi-2level
(with 2 registered patches, see perl -V for more detail)

on a system:
Darwin XXXXXXXX 10.3.1 Darwin Kernel Version 10.3.1: Mon Mar 22 15:13:15
PDT 2010; root:xnu-1504.3.52~1/RELEASE_I386 i386 i386

Re: NetPacket::TCP

the solution is: SNAPLEN

Site Timeline