parsing packets and user defined data structures

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
I'm using the perl pcap module to read in captured pcap files.  I
would like to write code to parse certain packet types.  In the past
when using C to do this type of processing, I would define a structure
that details the format of the underlying data, and then overlay the
structure at the right byte offset in the packet and then pull out the
fields in the structure (p->len, p->data, etc.).

Is there a similar mechanism in perl?  Right now, I'm doing this by
manually walking through the packet with perl code per field and
underlying data type.  It's doable, but time consuming and prone to
errors.  I'm hoping there's a cleaner way to do this by overlaying a
structure and pulling the data out through the structure.

Note that the packets I'm interesting in parsing don't have any
predefined perl modules to help with the parsing (eg IP, UDP, etc.)


Re: parsing packets and user defined data structures

Quoted text here. Click to load it

perl calls it a template.

binmode FH;
read FH,$packet,$recordlen or die "Cannot read";
($len, $data, $etc) = unpack 'l2A3',$packet;

reads two 4-byte integers and 3  ASCII chars such as "ETC".

Site Timeline