Tcp

Simple Perl Sniffer

Here’s a simple example of a script that sniffs an ethernet line for all TCP/IP packets bound to/from a particular host and dumps out the source/destination IP address/port and a hex dump of the packet’s contents:

Here’s a simple example of a script that sniffs an Ethernet line for all TCP/IP packets bound to/from a particular host and dumps out the source/destination IP address/port and a hex dump of the packet’s.

#!/usr/bin/perl -w
use strict;
use Net::PcapUtils;
use NetPacket::Ethernet;
use NetPacket::IP;
use NetPacket::TCP;
use Data::HexDump;
Net::PcapUtils::loop(\&process_pkt, FILTER => 'ip host 192.168.1.252')
+;
my $i=0;
sub process_pkt {
  my ($user_data,$hdr,$pkt)=@_;
  my $eth=NetPacket::Ethernet->decode($pkt);
  if($eth->{type} == 2048){
    my $ip=NetPacket::IP->decode($eth->{data});
    if($ip->{proto} == 6){
      my $tcp=NetPacket::TCP->decode($ip->{data});
      print "\n\n$i $ip->{src_ip}($tcp->{src_port}) -> $ip->{dest_ip}(
+$tcp->{dest_port})\n";
      print HexDump $ip->{data};
      $i++;
    }
  }
}

Rails 2.3 and Memcache Server Hashes

setting

standards

^by
Jeff Stewart

SENCAW | AUTHOR

I recommend checking out Net::Pcap, Net::PcapUtils, and the NetPacket CPAN
modules. Net::Pcap is an perl interface straight into libpcap (libpcap is a
packet sniffing library on which most UNIX sniffers are based; tcpdump is
written using libpcap). Net::PcapUtils is a more perl-like interface to
Net::Pcap that is a bit easier to use than raw Net::Pcap. The NetPacket
module provide parsing for a few (but the most common) layer 2, 3, and 4
protocols (ICMP, IP, TCP, UDP, ARP, Ethernet, etc…). With these tools you
can put together custom sniffer utilities very quickly.

Simple Perl Sniffer

Rails 2.3 and Memcache Server Hashes

64.191.203.30

173.201.44.124

Categories

Archives