Homework & Coursework Questions

1. The problem statement, all variables and given/known data:

Using the Windows version of Wireshark, record at least 100 entries of normal network traffic (in a file). Pick 2 packets and analyze the contents showing the header and data information (ie what port #, service etc). You can use the Wireshark display as a confirmation by loading the file back into Wireshark. Examine the format of the Wireshark file and write a short Perl script to extract the source and destination IP address and the protocol type from each entry in the file and print it on the screen.

Now my understanding of the problem given to me for lab homework is that you write a script (Perl preferred) that can read a wireshark capture file and sort though the packet's data to grab what you want, except it should be able to work on any # of packets.

2. Relevant commands, code, scripts, algorithms:

As far as I know with this type of script I've asked several classmates and everyone is doing them differently, some are using arrays (1-4 at most) and some are using strings that break down into substrings. I've heard of the pack/unpack and hex/oct perl commands and heard that you can probably pull this off with awk/gawk

3. The attempts at a solution (include all code and scripts):

My first attempt with this was using Perl with an array but it did not work too well as I got stuck, I also tried to do it with substrings but couldn't figure that out (past courses for scripting taught 0 things about scripting but rather programming in Perl/Bash).
I will post the code for my 1st program, as for the 2nd one using strings I believe I deleted it.

Code:

#!/usr/bin/perl
open (INFILE, "samplecapture.txt" | die "$!\n";
$n = 0;
$c = 0;
while (<INFILE>)
{
if (index($_,"|") == 0)
{
@data[$n] = $_;
$n++;
}
}
print @data; #this is just to check if the array is filled or not
close (INFILE);
foreach $data(@data)
{
@clean[$c] = split(/\|/,$data);
$c++;
}
print @clean;

As far as I know the foreach statement does not work as my clean array has nothing in it and I might've messed that up.

My second attempt was using a bash script with the awk command
I could grab what I wanted from the file but I have no idea how to manipulate it to do what I want such as coverting the hex values of the source and destination IP to decimal.
This is the code I was using but I gave up after doing some research on awk:

Code:

#!/bin/usr/sh
awk '{FS="|"}{print "Protocol",$26,"Source IP",$29,$30,$31,$32,"Destination IP",$33,$34,$35,$36}' samplecapture.txt

Those are pretty much the locations of the data I want to extract after trial & error and also looking at each packet through wireshark.

Sample of the K12 Textfile

Code:

+---------+---------------+----------+
21:01:34,599,128   ETHER
|0   |00|1e|58|28|7a|ef|00|1c|7e|72|75|ae|08|00|45|00|00|30|4c|4d|40|00|80|06|6e|ad|c0|a8|00|81|0a|8c|74|18|1b|36|00|50|13|73|ff|b9|00|00|00|00|70|02|ff|ff|14|9f|00|00|02|04|05|b4|01|01|04|02|

+---------+---------------+----------+
21:01:36,328,508   ETHER
|0   |01|00|5e|00|00|01|00|1e|58|28|7a|ef|08|00|45|00|00|1c|00|00|00|00|01|02|19|36|c0|a8|00|01|e0|00|00|01|11|64|ee|9b|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|00|

4. School (University) and Course Number:
SAIT Southern Alberta Institute of Technology, ITSC 311