slloyd has asked for the wisdom of the Perl Monks concerning the following question:

I need to write a perl application that will log internet traffic on several windows machines (Windows 98, NT, XP and 2000). Capturing the URL/IP of any browser request and then logging it in a local file.

Are there any modules/methods available for such a task?

Thanks in advance for your comments.

Replies are listed 'Best First'.
Re: Hooking the winsock
by coec (Chaplain) on Mar 16, 2004 at 08:00 UTC
    If you are wanting to see who is probing tcp/80 (http) then you could use IO::Socket and get the details of the client. Google turned this up for me... http://www.infocopter.com/perl_corner/socket-server.htm 
    #!/usr/bin/perl -w
# server0.pl
#--------------------

use strict;
use Socket;

# use port 7890 as default
#my $port = shift || 7890;
my $port = 80;
my $proto = getprotobyname('tcp');
my $logfile = "/tmp/logfile";

# create a socket, make it reusable
socket(SERVER, PF_INET, SOCK_STREAM, $proto) or die "socket: $!";
setsockopt(SERVER, SOL_SOCKET, SO_REUSEADDR, 1) or die "setsock: $!";

# grab a port on this machine
my $paddr = sockaddr_in($port, INADDR_ANY);

# bind to a port, then listen
bind(SERVER, $paddr) or die "bind: $!";
listen(SERVER, SOMAXCONN) or die "listen: $!";
print "SERVER started on port $port\n";

# accepting a connection
my $client_addr;
while ($client_addr = accept(CLIENT, SERVER)) {
        # find out who connected
        my ($client_port, $client_ip) = sockaddr_in($client_addr);
        my $client_ipnum = inet_ntoa($client_ip);
        my $client_host = gethostbyaddr($client_ip, AF_INET);
        # print who has connected
        open(OUT, ">$logfile");
        print OUT "got a connection from: $client_host", "[$client_ipn
+um]\n";
        close(OUT);
        # send them a message, close connection
        #print CLIENT "Smile from the server";
        close CLIENT;
}

    [download]
[reply]
[d/l]
Re: Hooking the winsock
by McD (Chaplain) on Mar 16, 2004 at 14:11 UTC
    Slam dunk: Ethereal does what you want.

    But assuming you still need to write your own logging app, check out winpcap, which Ethereal also uses. There's a Perl interface to it on cpan... here

    Peace,
    -McD

[reply]
Re: Hooking the winsock
by NetWallah (Canon) on Mar 16, 2004 at 17:26 UTC
    You can view this problem differently, depending on how scalable you need it to be.

    IMHO, you should be thinking of using a web proxy, and making users go through one, and logging access requests there.

    The packet capture and Winsock methods will work when you have a small number of machines. Actually, you can packet-capture and filter for a larger scale, but the capture point should be close to where traffic leaves your network to go to the Internet (Unless you want to get local web browsing as well).

    Anyway - I think this provides the options you asked for.

    Offense, like beauty, is in the eye of the beholder, and a fantasy.
    By guaranteeing freedom of expression, the First Amendment also guarntees offense.

[reply]

Back to Seekers of Perl Wisdom