Sniffer::Connection - contain basic information about a TCP connection
my $conn = Sniffer::Connection->new(
tcp => $packet,
sent_data => sub { $self->sent_data(@_) },
received_data => sub { $self->received_data(@_) },
closed => sub {},
teardown => sub { $self->closed->($self) },
log => sub { print $_[0] },
));
This module will try to give you the ordered data stream from a TCP connection. You supply callbacks for the data. The data is returned as the ACK-packets are seen for it.
As the TCP-reordering is cooked out by me, it likely has bugs, but I have used this module for sniffing some out-of-order TCP connection.
$conn->init_from_packet TCPInitializes the connection data from a packet.
$conn->handle_packet TCP [, TIMESTAMP]Handles a packet and updates the status according to the packet.
The optional TIMESTAMP parameter allows you to attach a timestamp (in seconds since the epoch) to the packet if you have a capture file with timestamps. It defaults to the value of time.
last_activityReturns the timestamp in epoch seconds of the last activity of the socket. This can be convenient to determine if a connection has gone stale.
This timestamp should be fed in via handle_packet if it is available. Capturing via Sniffer::HTTP::run and Sniffer::HTTP::run_file supplies the correct Net::Pcap timestamps and thus will reproduce all sessions faithfully.
update_activity [TIMESTAMP]Updates last_activity and supplies a default timestamp of time.
The whole module suite has almost no tests.
If you experience problems, please supply me with a complete, relevant packet dump as the included dump-raw.pl creates. Even better, supply me with (failing) tests.
Max Maischein (corion@cpan.org)
Copyright (C) 2005,2006 Max Maischein. All Rights Reserved.
This code is free software; you can redistribute it and/or modify it under the same terms as Perl itself.