Network Security Tools by Nitesh Dhanjani, Justin Clarke

The following is a quick demonstration of Net::Pcap functionality and a quick reimplementation of the major functionality of the Arpsniff tool in Perl. Note that this tool also uses the NetPacket::Ethernet and NetPacket::ARP packages to easily decompose the packets it captures:

#!/usr/bin/env perl use Net::Pcap; use NetPacket::Ethernet; use NetPacket::ARP; my $errbuf; # find a network device $device = Net::Pcap::lookupdev(\$errbuf); if (defined $errbuf) {die "Unable to find device: ", $errbuf;} # open device $handle = Net::Pcap::open_live($device, 2000, 1, 0, \$errbuf); if (!defined $handle) {die "Unable to open ",$device, " - ", $errbuf;} # find netmask so we can set a filter on the interface Net::Pcap::lookupnet(\$device, \$netp, \$maskp, \$errbuf) || die "Can't find network info"; # set filter on interface $filter = "arp"; Net::Pcap::compile($handle, \$fp, $filter, 0, $maskp) && die "Unable to compile BPF"; Net::Pcap::setfilter($handle, $fp) && die "Unable to set filter"; # start sniffing Net::Pcap::loop($handle, -1, \&process_packet, '') || die "Unable to start sniffing"; # close Net::Pcap::close($handle); sub process_packet { my ($user, $header, $packet) = @_; my $eth_data = NetPacket::Ethernet::strip($packet); my $arp = NetPacket::ARP->decode($eth_data); # convert hex number to IP dotted - from rob_au at perlmonks my $spa = join '.', map { hex } ($arp->{'spa'} =~ /([[:xdigit:]]{2})/g); my $tpa = join '.', map { hex } ($arp->{'tpa'} =~ /([[:xdigit:]]{2})/g); ...