| jboy4 |
02-27-2012 09:58 AM |
Perl > don't overwrite or stop if already present.
Hi i have a Pcap reader i did in perl but i am very new to perl. I have been running the script on tcp dumps manually and deleting the old ones after they are put into my table on mysql. The code does all this but i need help to either have it added to move the file it dumps or the code to not add a file that has already been added.
Could someone help me understand which method should be used and help by adding it to my code?
MY ORIGINAL PCAP READER-
Code:
#!/usr/bin/perl
use DBI;
use Net::TcpDumpLog;
use NetPacket::Ethernet;
use NetPacket::IP;
use NetPacket::TCP;
use Net::Pcap;
use strict;
use warnings;
my $log;
#Login to mysql
my $dbh = DBI->connect('DBI:mysql:events:10.1.10.129', 'root', 'root'
) || die "Could not connect to +database: $DBI::errstr";
my $dir = 'C:/Documents and Settings/jordant/Desktop/Dump';
opendir(DIR, $dir) or die $!;
while (my $file = readdir(DIR)) {
#Use a regular expression to find files ending in .pcap
next unless ($file =~ m/\.pcap$/);
$log = Net::TcpDumpLog->new();
$log->read("$dir/$file");
#INFO from PCAP file
foreach my $index ($log->indexes) {
my ($length_orig, $length_incl, $drops, $secs, $msecs) = $log->header($index);
my $data = $log->data($index);
my $eth_obj = NetPacket::Ethernet->decode($data);
next unless $eth_obj->{type} == NetPacket::Ethernet::ETH_TYPE_IP;
my $ip_obj = NetPacket::IP->decode($eth_obj->{data});
next unless $ip_obj->{proto} == NetPacket::IP::IP_PROTO_TCP;
my $tcp_obj = NetPacket::TCP->decode($ip_obj->{data});
#Get date time stamp of packet
my ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst) = localtime($secs + $msecs/1000);
$mon+=1;
my $time = sprintf("%02d-%02d %02d:%02d:%02d",
$mon, $mday, $hour, $min, $sec);
#Info in Table
$dbh->do( "INSERT INTO TCPdump (Date,Source,Destination,Packets,Port,Server)
values (
'$time',
'$ip_obj->{src_ip}',
'$ip_obj->{dest_ip}',
'$ip_obj->{len}',
'$tcp_obj->{dest_port}',
'agslnx1')");
}
close(DIR)
}
|
