GSP
Quick Navigator

Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages


Manual Reference Pages  -  NET::ANALYSIS::LISTENER::TCP (3)

.ds Aq ’

NAME

Net::Analysis::Listener::TCP - listens to packets, emits streams

CONTENTS

SYNOPSIS

This module subclasses Net::Analysis::Listener::Base, and manages TCP sessions behind the scenes.

Listens for:
_internal_tcp_packet - note: augments packet, for downstream listeners

Emits:
tcp_session_start
tcp_session_end
tcp_monologue - a series of data packets

DESCRIPTION

Each raw packet is slotted into the relevant TCP session. The TCPSession module does most of the analysis on the packet, allowing this one to emit tcp_monologue events as they are completed.

The tcp_monologue event is the backbone of higher level protocol analysers. It is not a good example for writing your own listener.

CONFIGURATION



 v - verbosity; a bitmask for logging to stdout:
      0x01 - per-packet
      0x02 - per-monologue
      0x04 - per-session

 k - a TCP-session key to suddenly get verbose about

 dump - dumps out monologues as files into the current directory

 max_session_size - discard packets once this many bytes have been seen



EMITTED EVENTS

CWtcp_session_start

Emitted when we see a new TCP session get successfully estabished. Contains the following arguments:



 socketpair_key - uniquely identifies the TCP session
 pkt            - the Net::Analysis::Packet which established the session



Note that pkt is the final packet in the setup handshake; it is not the initail SYN, or the first data packet. You can get the SYN packets from the TCPSession object if you want to dig around.

CWtcp_session_end

Emitted when we see the end of the session; either because of a proper handshake, or because we ran out of data. Contains the following arguments:



 socketpair_key - uniquely identifies the TCP session
 pkt            - the Net::Analysis::Packet which closed the session



Note that pkt will be undef if we ran out of data.

CWtcp_monologue

As packets travel in one direction, we gather them up. When we see a (data) packet in the other direction, or the end of the TCP session, we combine the gathered packetes into a monologue object and emit this event. Contains the following arguments:



 socketpair_key - uniquely identifies the TCP session
 monologue      - a Net::Analysis::TCPMonologue object



METHODS

You probably don’t need to read the rest of this ...

    new ( )

Simple wrapper on top of Listener::Base::new(), which ensures that the TCP listener is put first in the queue for listening to events.

This queue-jumping is to allow the tcp_packet handler to add extra info to the packet that higher level analysers might want to see. This info is derived from its state in the TCP session.

    EXPORT

None by default.

SEE ALSO

Net::Analysis::Listener::Base Net::Analysis::TCPSession Net::Analysis::TCPMonologue

AUTHOR

Adam B. Worrall, <worrall@cpan.org>

COPYRIGHT AND LICENSE

Copyright (C) 2004 by Adam B. Worrall

This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself, either Perl version 5.8.5 or, at your option, any later version of Perl 5 you may have available.

Search for    or go to Top of page |  Section 3 |  Main Index


perl v5.20.3 NET::ANALYSIS::LISTENER::TCP (3) 2010-04-10

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with manServer 1.07.