Archive for the perl Category

Simple Perl Sniffer

| July 30th, 2009

s2avatarsetting

standards

by
Jeff Stewart

SENCAW | AUTHOR

    Here’s a simple example of a script that sniffs an ethernet line for all TCP/IP packets bound to/from a particular host and dumps out the source/destination IP address/port and a hex dump of the packet’s contents:

perl snifferHere’s a simple example of a script that sniffs an Ethernet line for all TCP/IP packets bound to/from a particular host and dumps out the source/destination IP address/port and a hex dump of the packet’s.

#!/usr/bin/perl -w
use strict;
use Net::PcapUtils;
use NetPacket::Ethernet;
use NetPacket::IP;
use NetPacket::TCP;
use Data::HexDump;
Net::PcapUtils::loop(\&process_pkt, FILTER => 'ip host 192.168.1.252')
+;
my $i=0;
sub process_pkt {
  my ($user_data,$hdr,$pkt)=@_;
  my $eth=NetPacket::Ethernet->decode($pkt);
  if($eth->{type} == 2048){
    my $ip=NetPacket::IP->decode($eth->{data});
    if($ip->{proto} == 6){
      my $tcp=NetPacket::TCP->decode($ip->{data});
      print "\n\n$i $ip->{src_ip}($tcp->{src_port}) -> $ip->{dest_ip}(
+$tcp->{dest_port})\n";
      print HexDump $ip->{data};
      $i++;
    }
  }
}

Posted in Uncategorized, access, address, apache, hex, inection, perl, port, queries, tcp | No Comments »

Rails 2.3 and Memcache Server Hashes

| July 29th, 2009

s2avatarsetting

standards

by
Jeff Stewart

SENCAW | AUTHOR

    Here’s a simple example of a script that sniffs an ethernet line for all TCP/IP packets bound to/from a particular host and dumps out the source/destination IP address/port and a hex dump of the packet’s contents:

    I recommend checking out Net::Pcap, Net::PcapUtils, and the NetPacket CPANmemcache-server-hashes
    modules. Net::Pcap is an perl interface straight into libpcap (libpcap is a
    packet sniffing library on which most UNIX sniffers are based; tcpdump is
    written using libpcap). Net::PcapUtils is a more perl-like interface to
    Net::Pcap that is a bit easier to use than raw Net::Pcap. The NetPacket
    module provide parsing for a few (but the most common) layer 2, 3, and 4
    protocols (ICMP, IP, TCP, UDP, ARP, Ethernet, etc…). With these tools you
    can put together custom sniffer utilities very quickly.

Posted in ARP, Ethernet, ICMP, Net::Pcap, Net::PcapUtils, NetPacket CPANmemcache-server-hashes modules, UDP, UNIX sniffers, Uncategorized, ip, perl, tcp, tcpdump | No Comments »