# -sam k (commport5@lucidx.com) use POSIX qw(strftime); use pdump::Sniff; sub check_all { my ($alla,$call,$nite,$headers,$df,$trgt,@nda,@ndb,$totl,@ints,$vers,$ihl,$tos,$tot,$id,$frg,$ttl,$pro,$chc,$saddr,$daddr,$sport,$dport,$seq,$aseq,$dof,$res1,$res2,$urg,$ack,$psh,$rst,$syn,$fin,$win,$chk,$data,$len,$mtu,$iid,$type,$code,$gateway,$unu,@tmrp) = ($offset_all, $_[2], 0); $top++; $time = timem(); $untm = time(); $time =~ s/^.*?\.(.*?)$/$1/; ($w, $type) = unpack('H24H4', $call); if ($type == 0x326) { # Ethernet header ($w, $opcode) = unpack('H40n', $call); if ($opcode == 1 or $opcode == 2) { check_arp($packet_all,$alla,$call,$nite,$time,$untm); } elsif ($opcode == 3 or $opcode == 4) { check_rarp($packet_all,$alla,$call,$nite,$time,$untm); } } elsif ($type == 0x320) { # IP header $cll = substr($call, 14); $protocol = unpack('@9C', $cll); @prots = getprotobynumber($protocol); $proto = $prots[0]; $pro = $protocol; if ($pro == 6) { # TCP packet $packet_all->bset($call, $alla); check_tcp($cll,$packet_all,$alla,$call,$nite,$time,$untm,$protocol,$pro,$proto,$amt); } elsif ($pro == 17) { # UDP packet # ($w, $tp1, $tp2, $tp3) = unpack('C28CCC', $cll); # if (($tp1 == 0 or $tp1 == 1 or $tp1 == 2) and $tp2 == 1 and $tp3 =~ /^[67]/) { # check_bootp($cll,$packet_all,$alla,$call,$nite,$time,$untm,$protocol,$pro,$proto,$amt); # } # elsif ($tp1 =~ /^[1-6]/ and $tp2 == 1 and $tp3 == 0) { # check_rip($cll,$packet_all,$alla,$call,$nite,$time,$untm,$protocol,$pro,$proto,$amt); # } # elsif ($tp1 =~ /^[1-6]/ and $tp2 == 2) { # check_rip2($cll,$packet_all,$alla,$call,$nite,$time,$untm,$protocol,$pro,$proto,$amt); # } # else { check_udp($cll,$packet_all,$alla,$call,$nite,$time,$untm,$protocol,$pro,$proto,$amt); # } } elsif ($pro == 1 or $pro == 58) { # ICMP packet check_icmp($cll,$packet_all,$alla,$call,$nite,$time,$untm,$protocol,$pro,$proto,$amt); } elsif ($pro == 2) { # IGMP packet check_igmp($cll,$packet_all,$alla,$call,$nite,$time,$untm,$protocol,$pro,$proto,$amt); } } } 1;