NetPacket::TCP - Assemble and disassemble TCP (Transmission Control Protocol) packets.

NetPacket documentation Contained in the NetPacket distribution.

Index

Code Index:

NAME

Top

NetPacket::TCP - Assemble and disassemble TCP (Transmission Control Protocol) packets.

VERSION

Top

version 1.1.2

SYNOPSIS

Top

  use NetPacket::TCP;

  $tcp_obj = NetPacket::TCP->decode($raw_pkt);
  $tcp_pkt = NetPacket::TCP->encode($ip_pkt);
  $tcp_data = NetPacket::TCP::strip($raw_pkt);

DESCRIPTION

Top

NetPacket::TCP provides a set of routines for assembling and disassembling packets using TCP (Transmission Control Protocol).

Methods

NetPacket::TCP->decode([RAW PACKET])

Decode the raw packet data given and return an object containing instance data. This method will quite happily decode garbage input. It is the responsibility of the programmer to ensure valid packet data is passed to this method.

NetPacket::TCP->encode($ip_obj)

Return a TCP packet encoded with the instance data specified. Needs parts of the ip header contained in $ip_obj in order to calculate the TCP checksum.

Functions

NetPacket::TCP::strip([RAW PACKET])

Return the encapsulated data (or payload) contained in the TCP packet. This data is suitable to be used as input for other NetPacket::* modules.

This function is equivalent to creating an object using the decode() constructor and returning the data field of that object.

Instance data

The instance data for the NetPacket::TCP object consists of the following fields.

src_port

The source TCP port for the packet.

dest_port

The destination TCP port for the packet.

seqnum

The TCP sequence number for this packet.

acknum

The TCP acknowledgement number for this packet.

hlen

The header length for this packet.

reserved

The 6-bit "reserved" space in the TCP header.

flags

Contains the urg, ack, psh, rst, syn, fin, ece and cwr flags for this packet.

winsize

The TCP window size for this packet.

cksum

The TCP checksum.

urg

The TCP urgent pointer.

options

Any TCP options for this packet in binary form.

data

The encapsulated data (payload) for this packet.

Exports

default

FIN SYN RST PSH ACK URG ECE CWR Can be used to set the appropriate flag.

exportable

tcp_strip

tags

The following tags group together related exportable items.

:strip

Import the strip function tcp_strip.

:ALL

All the above exportable items.

EXAMPLE

Top

The following script is a primitive pop3 sniffer.

  #!/usr/bin/perl -w

  use strict;
  use Net::PcapUtils;
  use NetPacket::Ethernet qw(:strip);
  use NetPacket::IP qw(:strip);
  use NetPacket::TCP;

  sub process_pkt {
      my($arg, $hdr, $pkt) = @_;

      my $tcp_obj = NetPacket::TCP->decode(ip_strip(eth_strip($pkt)));

      if (($tcp_obj->{src_port} == 110) or ($tcp_obj->{dest_port} == 110)) {
	  print($tcp_obj->{data});
      }
  }

  Net::PcapUtils::loop(\&process_pkt, FILTER => 'tcp');

The following uses NetPacket together with Net::Divert to add a syn flag to all TCP packets passing through:

  #!/usr/bin/perl

  use Net::Divert;
  use NetPacket::IP qw(IP_PROTO_TCP);
  use NetPacket::TCP;




  $divobj = Net::Divert->new('yourhostname',9999);

  $divobj->getPackets(\&alterPacket);

  sub alterPacket {
      my($packet,$fwtag) = @_;

      # decode the IP header
      $ip_obj = NetPacket::IP->decode($packet);

      # check if this is a TCP packet
      if($ip_obj->{proto} == IP_PROTO_TCP) {

          # decode the TCP header
          $tcp_obj = NetPacket::TCP->decode($ip_obj->{data});

          # set the syn flag
          $tcp_obj->{flags} |= SYN;

          # construct the new ip packet
          $ip_obj->{data} = $tcp_obj->encode($ip_obj);
          $packet = $ip_obj->encode;

      }

      # write it back out
      $divobj->putPacket($packet,$fwtag);
   }

TODO

Top

Assembly of TCP fragments into a data stream
Option processing
Nicer processing of TCP flags

COPYRIGHT

Top

Copyright (c) 2001 Tim Potter and Stephanie Wehner.

Copyright (c) 1995,1996,1997,1998,1999 ANU and CSIRO on behalf of the participants in the CRC for Advanced Computational Systems ('ACSys').

This module is free software. You can redistribute it and/or modify it under the terms of the Artistic License 2.0.

This program is distributed in the hope that it will be useful, but without any warranty; without even the implied warranty of merchantability or fitness for a particular purpose.

AUTHOR

Top

Tim Potter <tpot@samba.org>

Stephanie Wehner <atrak@itsx.com>

NetPacket documentation Contained in the NetPacket distribution. 
#
# NetPacket::TCP - Decode and encode TCP (Transmission Control
# Protocol) packets. 
#
# Encode and checksumming part, Stephanie Wehner, atrak@itsx.com

package NetPacket::TCP;
BEGIN {
  $NetPacket::TCP::AUTHORITY = 'cpan:yanick';
}
BEGIN {
  $NetPacket::TCP::VERSION = '1.1.2';
}
# ABSTRACT: Assemble and disassemble TCP (Transmission Control Protocol) packets.

use strict;
use vars qw(@ISA @EXPORT @EXPORT_OK %EXPORT_TAGS);
use NetPacket;

my $myclass;

# TCP Flags

use constant FIN => 0x01;
use constant SYN => 0x02;
use constant RST => 0x04;
use constant PSH => 0x08;
use constant ACK => 0x10;
use constant URG => 0x20;
use constant ECE => 0x40;
use constant CWR => 0x80;

BEGIN {
    @ISA = qw(Exporter NetPacket);

# Items to export into callers namespace by default
# (move infrequently used names to @EXPORT_OK below)

    @EXPORT = qw(FIN SYN RST PSH ACK URG ECE CWR
    );

# Other items we are prepared to export if requested

    @EXPORT_OK = qw(tcp_strip 
    );

# Tags:

    %EXPORT_TAGS = (
    ALL         => [@EXPORT, @EXPORT_OK],
    strip       => [qw(tcp_strip)],  
);

}

#
# Strip header from packet and return the data contained in it
#

undef &tcp_strip;
*tcp_strip = \&strip;

sub strip {
    my ($pkt, @rest) = @_;

    my $tcp_obj = NetPacket::TCP->decode($pkt);
    return $tcp_obj->{data};
}   

#
# Decode the packet
#

sub decode {
    my $class = shift;
    my($pkt, $parent, @rest) = @_;
    my $self = {};

    # Class fields

    $self->{_parent} = $parent;
    $self->{_frame} = $pkt;

    # Decode TCP packet

    if (defined($pkt)) {
	my $tmp;

	($self->{src_port}, $self->{dest_port}, $self->{seqnum}, 
	 $self->{acknum}, $tmp, $self->{winsize}, $self->{cksum}, 
	 $self->{urg}, $self->{options}) =
	     unpack("nnNNnnnna*", $pkt);

	# Extract flags
	
	$self->{hlen}     = ($tmp & 0xf000) >> 12;
	$self->{reserved} = ($tmp & 0x0f00) >> 8;
	$self->{flags}    =  $tmp & 0x00ff;
	
	# Decode variable length header and remaining data

	my $olen = $self->{hlen} - 5;
	$olen = 0 if $olen < 0;  # Check for bad hlen

        # Option length is number of 32 bit words

    $olen *= 4;

	( $self->{options}, $self->{data} ) 
        = unpack( 'a' . $olen .  'a*', $self->{options});
    }

    # Return a blessed object

    bless($self, $class);
    return $self;
}

#
# Encode a packet
#

sub encode {

    my $self = shift;
    my ($ip) = @_;
    my ($packet,$tmp);

    # First of all, fix the checksum
    $self->checksum($ip);

    $tmp = $self->{hlen} << 12;
    $tmp = $tmp | (0x0f00 & ($self->{reserved} << 8));
    $tmp = $tmp | (0x00ff & $self->{flags});

    # Put the packet together
    $packet = pack('n n N N n n n n a* a*',
            $self->{src_port}, $self->{dest_port}, $self->{seqnum},
            $self->{acknum}, $tmp, $self->{winsize}, $self->{cksum},
            $self->{urg}, $self->{options},$self->{data});


    return($packet);

}

#
# TCP Checksum
#

sub checksum {

    my $self = shift;
    my ($ip) = @_;
    my ($packet,$zero,$tcplen,$tmp);
    my ($src_ip, $dest_ip,$proto,$count);

    $zero = 0;
    $proto = 6;
    $tcplen = ($self->{hlen} * 4)+ length($self->{data});

    no warnings qw/ uninitialized /;
    $tmp = $self->{hlen} << 12;
    $tmp = $tmp | (0x0f00 & ($self->{reserved} << 8));
    $tmp = $tmp | (0x00ff & $self->{flags});

    # Pack pseudo-header for tcp checksum

    $src_ip = gethostbyname($ip->{src_ip});
    $dest_ip = gethostbyname($ip->{dest_ip});

    $packet = pack('a4a4nnnnNNnnnna*a*',
            $src_ip,$dest_ip,$proto,$tcplen,
            $self->{src_port}, $self->{dest_port}, $self->{seqnum},
            $self->{acknum}, $tmp, $self->{winsize}, $zero,
            $self->{urg}, $self->{options},$self->{data});

    # pad packet if odd-sized
    $packet .= "\x00" if length( $packet ) % 2;

    $self->{cksum} = NetPacket::htons(NetPacket::in_cksum($packet));
}

#
# Module initialisation
#

1;

# autoloaded methods go after the END token (&& pod) below





__END__