Listing 7 Dump our data in the database

#!/usr/bin/perl

use Net::Pcap;
use NetPacket::Ethernet;
use NetPacket::IP;
use NetPacket::TCP;
use NetAddr::IP;
use DBI;
use strict;

my $dbh = DBI->connect( "dbi:mysql:database=netwacc;host=127.0.0.1;port=3306", "root", "" );

my $err;
my $dev = $ARGV[0];
unless (defined $dev) {
    $dev = Net::Pcap::lookupdev(\$err);
    if (defined $err) {
        die 'Unable to determine network device for monitoring - ', $err;
    }
}

my ($address, $netmask);
if (Net::Pcap::lookupnet($dev, \$address, \$netmask, \$err)) {
    die 'Unable to look up device information for ', $dev, ' - ', $err;
}

my $object;
$object = Net::Pcap::open_live($dev, 1500, 0, 0, \$err);
unless (defined $object) {
    die 'Unable to create packet capture on device ', $dev, ' - ', $err;
}

my $filter;
Net::Pcap::compile(
    $object, 
    \$filter, 
    'tcp port not 22', 
    0, 
    $netmask
) && die 'Unable to compile packet capture filter';

Net::Pcap::setfilter($object, $filter) &&
    die 'Unable to set packet capture filter';

Net::Pcap::loop($object, -1, \&process_packets, '') ||
    die 'Unable to perform packet capture';

Net::Pcap::close($object);


sub process_packets {
    my ($user_data, $header, $packet) = @_;
    my $ether_data = NetPacket::Ethernet::strip($packet);
    my $ip = NetPacket::IP->decode($ether_data);
    my $tcp = NetPacket::TCP->decode($ip->{'data'});
    my $tcpdatalen = length( $tcp->{'data'} );
    my $srcipnum = ipcnvrt( $ip->{'src_ip'} );
    my $srcport  = $tcp->{'src_port'};
    my $destipnum = ipcnvrt( $ip->{'dest_ip'} );
    my $destport  = $tcp->{'dest_port'};

    # Database entry    
    $dbh->do( "INSERT INTO `rawcpature` ( tstamp, srcip, srcport, \
      dstip, dstport, datalength ) VALUES ( NOW(), $srcipnum, $srcport, \
      $destipnum, $destport, $tcpdatalen )" );
    
}

# Convert dotted notation IP address to numeric value
sub ipcnvrt {

    my $input    = shift;
    my $ip          = new NetAddr::IP $input;
    return $ip->numeric();

}