#!/usr/bin/perl
use Net::RawIP qw(:pcap);
$destaddr = $ARGV[0];
$device = 'eth0'; # insert your device here !
$filt = 'ip proto \\udp and port 162 and dst host 10.5.1.46';
$size = 1500;
$tout = 30;
$b = new Net::RawIP({udp => {}});
#$pcap = $b->pcapinit($device,$filt,$size,$tout);
$input_file = $ARGV[1];
$ALARM_PATERN = $ARGV[2];
$DELAY = $ARGV[3];
if($ARGV[3]=="")
{
$DELAY = 1;
}
$compteur = 0;
if($#ARGV < 1)
{
print("Usage : $0 <dest_addr> <input_file> [pattern_to_send] [delay]\n");
exit(0);
}
$pcap = $b->pcapinit_offline($input_file);
$i =0;
loop $pcap,-1,\&compteur_alarm,\@b;
print("$compteur alarme(s) a envoyer.\n");
$pcap = $b->pcapinit_offline($input_file);
loop $pcap,-1,\&dmp,\@b;
sub compteur_alarm
{
$valeur = substr($_[2],42);
$TrapText = unpack("a*",$valeur);
if ($TrapText =~ m/$ALARM_PATERN/i || !$ALARM_PATERN)
{
$compteur+=1;
}
}
sub dmp
{
$valeur = substr($_[2],42);
$TrapText = unpack("a*",$valeur);
if ($TrapText =~ m/$ALARM_PATERN/i || !$ALARM_PATERN)
{
# Oui
#
# Si la longueur du data est impair, on pad avec un byte null
if(length($valeur)%2)
{
$valeur.= pack("H","00");
}
$raw_srcport = substr($_[2],34,2);
$ip_1 = hex(unpack("H*",substr($_[2],26,1)));
$ip_2 = hex(unpack("H*",substr($_[2],27,1)));
$ip_3 = hex(unpack("H*",substr($_[2],28,1)));
$ip_4 = hex(unpack("H*",substr($_[2],29,1)));
$saddr = "$ip_1.$ip_2.$ip_3.$ip_4";
$srcport = hex(unpack("H*",$raw_srcport));
$a = new Net::RawIP ({ip =>{saddr => $saddr, daddr => $destaddr, frag_off =>
0, tos => 0, protocol => 17},
udp => {source => $srcport, dest => 162, data => $valeur}});
$a->send();
print("Trap envoyee a : $destaddr pause $DELAYs \n");
select(undef,undef,undef,$DELAY);
}#if
}#sub
