Skip to content

A Perl utility that uses LibPcap and a set of input JSON rules to parse packets captured on a network interface (or a .pcap file), and to extract certain elements of the stream into a set of JSON objects

License

Notifications You must be signed in to change notification settings

2dpetkov/net-dissector-pl

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

18 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

net-dissector-pl

A Perl utility that uses LibPcap and a set of input JSON rules to parse packets captured on a network interface (or a .pcap file), and to extract certain elements of the stream into a set of JSON objects

Dependencies

Dependencies are also listed in dep.list and utests/dep.list for easier access on the console

./Net/PcapUtils.pm

Net-PcapUtils

on Linux

libjson-perl libnet-pcap-perl libclone-perl

on Windows

On Windows, you can run this under WSL (same dependencies as bove), but bear in mind that sniffing on network interfaces within WSL isn't easy, so you might want to parse already captured .pcap files.

Rumor has it that WSL 2 (with Windows Kali) handles networking pretty well, but I haven't tested this yet.

Unit tests deps

libtest-output-perl

Accessing the help of the tool

./net-dissector.pl -h

Example usage

If your active network interface is eth0, run

sudo ./net-dissector.pl -i eth0 -p examples/conf-example.json

Then open a web browser and access a website, that is not using HTTPS. The script will output some captured and dissected packets on the stdout. The example JSON parser simply extracts some data from the captured HTTP (not HTTPS) requests (not responses), including some fields from the underlying TCP packets, and suggests a way to arrange them in the output.

Running the Unit tests

cd utests;

./harnes.pl;

From perl to exe

Using PAR::Packer

pp net-dissector.pl -o net-dissector.exe -M PerlIO::encoding -M Net::Pcap -M Net::PcapUtils -M AutoLoader -M Clone -I libs

License

This project is licensed under the GNU GPLv3 - see the LICENSE file for details

About

A Perl utility that uses LibPcap and a set of input JSON rules to parse packets captured on a network interface (or a .pcap file), and to extract certain elements of the stream into a set of JSON objects

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages