[AMaViS-user] [OT]run p0f with -Q -0 option and test script p0fq.pl
This is a discussion on [AMaViS-user] [OT]run p0f with -Q -0 option and test script p0fq.pl within the Amavis User forums, part of the Anti-Spam and Anti-Virus Related Forums category; Here is how I run p0f with local unix socket: p0f -Q /var/run/p0f.sock -0 'dst port 25' &...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
02-20-2007
|
|||
|
|||
[AMaViS-user] [OT]run p0f with -Q -0 option and test script p0fq.pl
Here is how I run p0f with local unix socket: p0f -Q /var/run/p0f.sock -0 'dst port 25' >> /dev/null & then run a test script p0fq.pl from the p0f source package. ../p0fq.pl /var/run/p0f.sock src_host 0 dst_host 25 The p0fq.pl test script works on X86 machine running Linux, but not on Mac running OS X/Yellow Dog Linux. I suspect it might relate to the endianess of x86 and Mac, so by any chance, could any Perl gurus shed a light on me what's wrong with the p0fq.pl script. Should the template of pack/unpack be adjusted to fit Mac's big endian? The p0fq.pl script is as following: use strict; use IO::Socket; use Net::IP; my $QUERY_MAGIC = 0x0defaced; my $QTYPE_FINGERPRINT = 1; die "usage: p0fq.pl p0f_socket src_ip src_port dst_ip dst_port" unless $#ARGV == 4; # Convert the IPs and pack the request message my $src = new Net::IP ($ARGV[1]) or die (Net::IP::Error()); my $dst = new Net::IP ($ARGV[3]) or die (Net::IP::Error()); print "$ARGV[1]\n"; my $query = pack("L L L N N S S", $QUERY_MAGIC, $QTYPE_FINGERPRINT, 0x12345678, $src->intip(), $dst->intip(), $ARGV[2], $ARGV[4]); # Open the connection to p0f my $sock = new IO::Socket::UNIX (Peer => $ARGV[0], Type => SOCK_STREAM); die "Could not create socket: $!\n" unless $sock; # Ask p0f print $sock $query; my $response = <$sock>; close $sock; # Extract the response from p0f my ($magic, $id, $type, $genre, $detail, $dist, $link, $tos, $fw, $nat, $real, $score, $mflags, $uptime) = unpack ("L L C Z20 Z40 c Z30 Z30 C C C s S N", $response); die "Bad response magic.\n" if $magic != $QUERY_MAGIC; die "P0f did not honor our query.\n" if $type == 1; die "This connection is not (no longer?) in the cache.\n" if $type == 2; # Display result print "Genre : " . $genre . "\n"; print "Details : " . $detail . "\n"; print "Distance : " . $dist . " hops\n"; print "Link : " . $link . "\n"; print "Uptime : " . $uptime . " hrs\n"; ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?p...rge&CID=DEVDEV _______________________________________________ AMaViS-user mailing list AMaViS-user@lists.sourceforge.net https://lists.sourceforge.net/lists/...fo/amavis-user AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3 AMaViS-HowTos:http://www.amavis.org/howto/ 
|
Linear Mode
