Sniffers in Perl?!?
Maybe this will be interesting to the coders out there or possibly inspire someone to solve a problem in a different way... Download it here: http://handlers.sans.org/khaugsness/tail-pcap.pl
A while back I needed to do some sniffing for very specific packets in Perl. And I needed to wrap some logic around the packet processing. Doing regex matching and normal byte filtering in tcpdump wasn't going to be sufficient. So I wrote a quick little script using a Perl module to interface with the libpcap library. Everything was straight-forward and well documented until I needed to tail an existing pcap file. Google failed me. So through a little trial-and-error I figured out how to solve the problem. Here is an example script on how to do this.
Lessons learned: it isn't hard to write your own customized sniffer. Perl and Python have well-documented high-level interfaces that do most of the hard work for you.
A while back I needed to do some sniffing for very specific packets in Perl. And I needed to wrap some logic around the packet processing. Doing regex matching and normal byte filtering in tcpdump wasn't going to be sufficient. So I wrote a quick little script using a Perl module to interface with the libpcap library. Everything was straight-forward and well documented until I needed to tail an existing pcap file. Google failed me. So through a little trial-and-error I figured out how to solve the problem. Here is an example script on how to do this.
Lessons learned: it isn't hard to write your own customized sniffer. Perl and Python have well-documented high-level interfaces that do most of the hard work for you.
Keywords:
0 comment(s)
×
![modal content]()
Diary Archives
Comments