Hi all,
As a long-time Ethereal-user (thank you all!), I always wanted to be able to
script things while analysing traces. For example, analysing client->alteon
and alteon->realserver traffic, the only connecting bit in the packets is
the tcp-seq of the syn-packet, being able to set a variable to the tcp-seq#
of packet #x and using it further in a filter would be very handy. I very
recently discovered the PDML output option. This makes parsing trace-files
in Perl quite feasable. And this will make scripting network-analysis
possible... :-)
Since PDML is XML based I looked for a CPAN XML module to assist in
importing, toying around with XML::Twig just resulted in having to itterate
through all attributes instead of getting all fields in a hash straight away
(which I hoped for). I searched and browsed through the mailing-list
archives to see whether there was already some discussion about parsing
PDML, but unfortunately I could not find much info. Does anybody have
experience in using existing modules to import the PDML output in Perl
easily? If not, I will try to start building a module to import PDML in
Perl.
Things I will try to implement are:
- a function to open the pdml file or using a the 'tethereal -T pdml' pipe
- a function to read one packet in a hash-variable
- a function to display one packet like tethereal normally does
- extend this function to define an output format to use
- a function to save packets to a new tracefile
Has anyone already started such a perl-module? Is there anyone interested in
such a perl-module?
Cheers,
Sake
