At least under Linux or other unixish OSes, the select approach of reading from multiple tcpdump instances should work. Otherwise, I'd aim for the mod//Net::Pcap approach, using pcap_loop() to read some packets. Also, consider combining the "queries" you hand to the different Pcap instances into one large query. For example, if you want to capture (HTTP) traffic between the local machine and two different hosts, use the following specification:
(dest www1.example.com && (tcp port 80))
||(src www1.example.com && (tcp port 80))
||(dest www2.example.com && (tcp port 80))
||(src www2.example.com && (tcp port 80))
So if you have traffic going over different (known) ports to different (known) machines/IP addresses, the simplest approach might be to capture them all in one stream and sort them out in your Perl code again.
-
Are you posting in the right place? Check out Where do I post X? to know for sure.
-
Posts may use any of the Perl Monks Approved HTML tags. Currently these include the following:
<code> <a> <b> <big>
<blockquote> <br /> <dd>
<dl> <dt> <em> <font>
<h1> <h2> <h3> <h4>
<h5> <h6> <hr /> <i>
<li> <nbsp> <ol> <p>
<small> <strike> <strong>
<sub> <sup> <table>
<td> <th> <tr> <tt>
<u> <ul>
-
Snippets of code should be wrapped in
<code> tags not
<pre> tags. In fact, <pre>
tags should generally be avoided. If they must
be used, extreme care should be
taken to ensure that their contents do not
have long lines (<70 chars), in order to prevent
horizontal scrolling (and possible janitor
intervention).
-
Want more info? How to link
or How to display code and escape characters
are good places to start.
|
