use strict; open (DUMP, "|cat -v"); select(DUMP); $| = 1; while (<>) { if (/^\s/) { chop; s/\s//g; while ($_) { my $hex; ($hex, $_) = /^(..)(.*)$/; my $byte = hex($hex); print pack("c", $byte); } } else { print "\n", "-"x74, "\n\n"; } } close(DUMP);
Here's another, which runs tcpdump directly:
use strict; my ($pkt, $client, $host); my $lim = shift || 999999999; my $tcpd = "/usr/sbin/tcpdump"; my $tcpargs = "-lnx -s 1024 dst host 68.14.142.134|"; $|=1; open (STDIN, "$tcpd $tcpargs"); while (<>) { if (/^\S/) { last unless $lim--; while ($pkt=~/(.+).+/g) { print "$client -> $host\t$&\n"; } ($client, $host, $pkt) = (); # All on one line please ($client, $host) = /(\d+\.\d+\.\d+\.\d+).+ > (\d+\.\d+\.\d+\.\d+)/ if /P \d+:\d+\((\d+)\)/ && $1 > 0; } next unless $client && $host; s/\s+//; s/([0-9a-f]{2})\s?/chr(hex($1))/eg; tr/\x1F-\x7E\r\n//cd; $pkt .= $_; }
Here's one using Net::Pcap and Net::RawIP. I leave the decoding of the packet stream up to you..
use strict; use Net::Pcap; use Net::RawIP; my $errstr; my $count = 0; my $dev = Net::Pcap::lookupdev(\$errstr); my $pcap = Net::Pcap::open_live($dev, 1024, 1, 0, \$errstr); Net::Pcap::loop($pcap, -1, \&check_tcp, "abc"); Net::Pcap::close($pcap); sub check_tcp { my ($user, $hdr, $pkt) = @_; # Add your error checking here print "Saw snap of len hdr->{len} $hdr->{caplen} \n"; $count++; }
In reply to Re: converting tcpdump files
by hacker
in thread converting tcpdump files
by botho
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |