I don't know if this will help you or not, but here's a script I have
running to monitor and track recursive DNS Queries on my network. You
can ignore the database stuff, but it might help.
http://divisionbyzero.net/~brad/code/dns_snoop.pl.html
I process the packets as they come in, but I could be using
POE::Wheel::Run on them as well... The key part of the tutorial (http://poe.perl.org/?POE_Cookbook/Child_Processes_3
) seems to be the while() loop in the start_tasks routine.
It doesn't sound like you need the feedback from the child tasks
because you'll be feeding them via the heap. The Filter::Reference
stuff is being used to return status information from the child tasks
to the main processor.
Here's another script I've written that needs some reworking as well.
It listens on our egress link, and collects statistics inside the
heap. At intervals (POE::Component::Cron), the heap is processed
written to a database (or RRD) and then cleared. The processing
continues.
http://divisionbyzero.net/~brad/code/traffic_detection.pl.html
I hope there's something in there that helps.
On Mar 24, 2009, at 4:25 PM, Jonathan S. Polacheck wrote:
I have spent a couple of days casting about, looking at examples and
perldoc. I don't seem to be able to get the data from 'tcpdump' (or
POE::Component::PCAP) to the wheel that will process the data. For
my last
attempt, I removed Filter::Referece and tried with just the wheel.
Still
no luck. Any suggestions?
#!/usr/bin/perl
use warnings;
use strict;
use POE qw( Wheel::Run ); #Filter::Reference );
use Data::Dumper;
our $offset = 0;
our $linechars = '';
POE::Session->create
( inline_states =>
{
_start => sub {
my ($heap) = $_[HEAP];
my $gp = POE::Wheel::Run->new
( Program => '/usr/sbin/tcpdump -i eth0 -w - '
# , Conduit => "pipe"
# , StdoutFilter => POE::Filter::Reference-
>new()
# , StdinEvent => 'process_packet'
, StdinEvent => 'stdin'
# , StdoutEvent => 'print'
# , InputEvent => 'process_packet'
);
print "gp compleate\n";
$heap->{gp} = $gp;
# my $pp = POE::Wheel::Run->new
# ( Program => &process_packet
# , StdoutEvent => 'stdout'
# );
}
}
);
sub process_packet {
print "process_packet called\n";
# my ($heap) = $_[HEAP];
# my $filter = POE::Filter::Reference->new();
# my $pdump = $filter->get( [ $heap->{gp} ] );
my $pdump = $_[ARG0];
foreach my $char (split(//, $pdump)) {
if($char !~ /\n/) {
dump_char($char) ;
} else {
print "\n\n";
$offset = 0;
$linechars = '';
}
1;
}
dump_char( ' ', 1 ) while length($linechars) != 0;
}
sub dump_char {
my ( $char ) = shift;
if ( length( $linechars ) == 0 ) {
printf( "%06X ", $offset );
}
$linechars .= ( $char =~ m#[!-~ ]# ) ? $char : '.';
printf( "%02X ", ord($char) );
if ( length( $linechars ) == 16 ) {
print( "\n" );
$linechars = '';
$offset += 16;
}
}
$poe_kernel->run();
exit 0;
--
Brad Lhotsky <[email protected]>
Security Administrator / NIA Alt. ISSO
.. WAR IS PEACE
FREEDOM IS SLAVERY
IGNORANCE IS STRENGTH ..
