|
standards |
|
Here’s a simple example of a script that sniffs an ethernet line for all TCP/IP packets bound to/from a particular host and dumps out the source/destination IP address/port and a hex dump of the packet’s contents:
I recommend checking out Net::Pcap, Net::PcapUtils, and the NetPacket CPAN
modules. Net::Pcap is an perl interface straight into libpcap (libpcap is a
packet sniffing library on which most UNIX sniffers are based; tcpdump is
written using libpcap). Net::PcapUtils is a more perl-like interface to
Net::Pcap that is a bit easier to use than raw Net::Pcap. The NetPacket
module provide parsing for a few (but the most common) layer 2, 3, and 4
protocols (ICMP, IP, TCP, UDP, ARP, Ethernet, etc…). With these tools you
can put together custom sniffer utilities very quickly.
