Altering a packet and writing to network layer

nexus024 · May 5, 2007

I am trying to write a program that will continuously sniff eth0 for a specific UDP packet thats being sent to a specific destination IP, alter the data of the packet, and finally transmit it to the destination. My script compiles fine and runs fine until it finds the specific packet and tries to alter the payload of the data. Hopefully someone can give me some insight on why it might be doing this...

CODE
#!/usr/bin/perl -w
#
# Custom script:
# A program to catch specific outgoing UDP packets, alter the
# payload data, and then write the packet onto the network layer.

# Destination IP address
my $DEST_IP='192.246.40.56';

# The unprivileged uid/gid under which we should run.
my $UNPRIV="200";

use Net:

cap;
use FileHandle;
use strict;
use English;
use NetPacket::IP qw(IP_PROTO_UDP);
use NetPacket::UDP;
use Net::RawSock;

while ( 1 ) {

my $pid = fork();
if ( ! defined $pid ) { die "Unable to fork. Yikes." };

if ( $pid ) {
# Parent process (running as root) will wait for
# child. If child exits, we'll create another one.
wait();
sleep(1); # To keep us from respawning too fast if necessary.
} else {
print "Script starting\n";

# Child process will do actual sniffing.
# First, create our packet capturing device
my($pcap_t) = create_pcap();

unless ( $pcap_t ) {
die "Unable to create pcap";
}

# Let's stop running as root. Since we already
# have our pcap descriptor, we can still use it.
$EGID="$UNPRIV $UNPRIV"; # setgid and setgroups()
$GID=$UNPRIV;
$UID=$UNPRIV; $EUID=$UNPRIV;

# Capture packets forever.
Net:

cap::loop($pcap_t, -1, \&process_pkt, 0);

# Technically, we shouldn't get here since the loop
# is infinite (-1), but just in case, close and exit.
Net:

cap::close($pcap_t);
exit 1;
}
}

sub create_pcap {
my $promisc = 0; # We're only looking for packets destined to us,
# so no need for promiscuous mode.
my $snaplen = 135; # Allows a max of 80 characters in the domain name

my $to_ms = 0; # timeout
my $opt=1; # Sure, optimisation is good...
my($err,$net,$mask,$dev,$filter_t);

my $filter = "udp dst port 49169 and dst host $DEST_IP";

# Look up an appropriate device (eth0 usually)
$dev = Net:

cap::lookupdev(\$err);
$dev or die "Net:

cap::lookupdev failed. Error was $err";
#$dev = "eth0";

if ( (Net:

cap::lookupnet($dev, \$net, \$mask, \$err) ) == -1 ) {
die "Net:

cap::lookupnet failed. Error was $err";
}

# Actually open up our descriptor
my $pcap_t = Net:

cap:

pen_live($dev, $snaplen, $promisc, $to_ms, \$err);
$pcap_t || die "Can't create packet descriptor. Error was $err";

if ( Net:

cap::compile($pcap_t, \$filter_t, $filter, $opt, $net) == -1 ) {
die "Unable to compile filter string '$filter'\n";
}

# Make sure our sniffer only captures those bytes we want in
# our filter.
Net:

cap::setfilter($pcap_t, $filter_t);

# Return our pcap descriptor
$pcap_t;
}

# Routine to process the packet -- called by Net:

cap::loop()
# every time an appropriate packet is snagged.
sub process_pkt {
my($data) = @_;

my($ip_obj) = NetPacket::IP->decode($data);

if($ip_obj->{proto} == IP_PROTO_UDP) {

#decode the udp header
my($udp_obj) = NetPacket::UDP->decode($ip_obj->{data});

#replace protocol 68 with protocol 0
$udp_obj->{data} =~ s/68/0/g;

#re-encode the packet
$ip_obj->{data} = $udp_obj->encode($ip_obj);
$data = $ip_obj->encode;
#my($pkt) = $data->encode;
}

#write the packet to the network layer
Net::RawSock::write_ip($data);
}

ERRORS:
nick@nick-desktop:~/Desktop$ sudo perl sniffer2.pl
Script starting
Use of uninitialized value in right bitshift (>>) at /usr/local/share/perl/5.8.7/NetPacket/IP.pm line 151.
Use of uninitialized value in bitwise and (&) at /usr/local/share/perl/5.8.7/NetPacket/IP.pm line 152.
Use of uninitialized value in unpack at /usr/local/share/perl/5.8.7/NetPacket/IP.pm line 163.
Use of uninitialized value in right bitshift (>>) at /usr/local/share/perl/5.8.7/NetPacket/IP.pm line 115.
Use of uninitialized value in right bitshift (>>) at /usr/local/share/perl/5.8.7/NetPacket/IP.pm line 116.
Use of uninitialized value in right bitshift (>>) at /usr/local/share/perl/5.8.7/NetPacket/IP.pm line 117.
Use of uninitialized value in bitwise and (&) at /usr/local/share/perl/5.8.7/NetPacket/IP.pm line 118.
Use of uninitialized value in right bitshift (>>) at /usr/local/share/perl/5.8.7/NetPacket/IP.pm line 115.
Use of uninitialized value in right bitshift (>>) at /usr/local/share/perl/5.8.7/NetPacket/IP.pm line 116.
Use of uninitialized value in right bitshift (>>) at /usr/local/share/perl/5.8.7/NetPacket/IP.pm line 117.
Use of uninitialized value in bitwise and (&) at /usr/local/share/perl/5.8.7/NetPacket/IP.pm line 118.
Use of uninitialized value in numeric eq (==) at sniffer2.pl line 102.

travs69 · May 5, 2007

hmm... looks like the module itself isn't playing well with strict (which is kinda scary!).. can you see what happens if you comment strict out?

Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Altering a packet and writing to network layer

nexus024

Technical User

travs69

MIS

Similar threads

Part and Inventory Search

Sponsor