File Coverage

blib/lib/Net/Analysis.pm

Criterion	Covered	Total	%
statement	16	18	88.8
branch			n/a
condition			n/a
subroutine	6	6	100.0
pod			n/a
total	22	24	91.6

line	stmt	sub	time	code
1				package Net::Analysis;
2
3	1	1	20464	use 5.008000;
	1		2
	1		31
4	1	1	5	use strict;
	1		1
	1		25
5	1	1	4	use warnings;
	1		5
	1		74
6
7				require Exporter;
8
9				our @ISA = qw(Exporter);
10				our @EXPORT = qw(main);
11				our $VERSION = '0.41';
12
13	1	1	3055	use Data::Dumper;
	1		11037
	1		72
14
15	1	1	568	use Net::Analysis::Dispatcher;
	1		4
	1		30
16	1	1	630	use Net::Analysis::EventLoop;
	0
	0
17
18				# {{{ usage
19
20				sub usage {
21				print <
22				usage: perl -MNet::Analysis -e main (Protocol)* tcpdump.file
23
24				Parses the packet capture file 'filename', and runs one or more protocol
25				analysers over it. Each analyser module takes some arguments; they all take an
26				integer 'v' for verbosity. Each protocol module documents any additional
27				srguments it supports.
28
29				There's no need to specify the TCP module; it is loaded by default. Only
30				specify it if you want to increase the verbosity.
31
32				E.g.:
33
34				perl -MNet::Analysis -e main TCP,v=1 dump.tcp # basic TCP info
35				perl -MNet::Analysis -e main HTTP,v=1 dump.tcp # simple HTTP summary
36
37				Only the TCP and HTTP protocols are present in the base distribution; a few
38				others are available as separate modules.
39
40				EXPERIMENTAL: You can also use live network capture, if you provide a tcpdump
41				compatible capture filter instead of a filename:
42
43				perl -MNet::Analysis -e main TCP,v=1 "port 80"
44
45				Live capture requires a space in the final argument; else it will be assumed
46				to be a file to load.
47
48				Live capture has the same permissions issues as running tcpdump; you'll
49				probably need to run it as root, which you do at your own risk.
50
51				EO
52				exit 0;
53				}
54
55				# }}}
56
57				# {{{ main
58
59				sub main {
60				my (@monitors) = @ARGV;
61
62				usage() if (grep {/help/} @monitors);
63
64				my ($target) = pop (@monitors);
65
66				# Autoload TCP, else other protos won't get much to analyse
67				push (@monitors, "TCP") if (! grep {/^TCP/} @monitors);
68
69				my ($d) = Net::Analysis::Dispatcher->new();
70				my ($el) = Net::Analysis::EventLoop->new (dispatcher => $d);
71
72				foreach my $mon_str (@monitors) {
73
74				my ($proto, @keyvals) = split (',', $mon_str);
75				my %args;
76
77				foreach (@keyvals) {
78				my ($k,$v) = split('=',$_,2);
79				$v = 1 if (!defined $v);
80				$v = undef if ($v eq 'undef');
81
82				$args{$k} = $v;
83				}
84
85				my $mod = "Net::Analysis::Listener::$proto";
86				eval "use $mod";
87				die "Could not load $mod\n$@\n" if ($@);
88
89				my $mon_obj = "$mod"->new(dispatcher => $d, config => \%args)
90				\|\| die "$mod->new() failed\n";
91				}
92
93				if ($target =~ / /) {
94				# Assume a filter string, for live capture
95				print "(starting live capture)\n";
96				$el->loop_net (filter => $target);
97				} else {
98				# A file to be loaded
99				die "could not read file '$target'\n" if (! -r $target);
100				$el->loop_file (filename => $target);
101				}
102				}
103
104				# }}}
105
106				1;
107				__END__