perlpreben has asked for the wisdom of the Perl Monks concerning the following question:

Hi, Anybody knows if its possible to extract the source and destination IP address from Sniffer::HTTP?

I have goggled for this, and also read the docs for the module, but im not too good advanced modules like this. Any help would be appreciated. I recon is has to be in the IP headers, but i dont know if that is accessible from that module...

thanks!
  • Comment on Extract source and destination IP from Sniffer::HTTP???

Replies are listed 'Best First'.
Re: Extract source and destination IP from Sniffer::HTTP???
by zwon (Abbot) on Feb 15, 2009 at 00:29 UTC

    Yes, it's possible, you can extract IP addresses from packets which you feeding to Sniffer::HTTP. Or you can get addresses from connection objects in callbacks.

[reply]
      Hi zwon,

      Given todays' earlier postings ([solved] Cant seem to print perl hash ... & Perl hashes revisit) by perlpreben, I have the distinct impression he might need a little more elaboration viz-a-vis the actual accessing of of the data - I would be only to pleased to help ... if only I knew something about the modules of which he & you both speak...

      A user level that continues to overstate my experience :-))
[reply]
        Haha, ... right on the money Bloodnok. Its been a busy day for me here on PerlMonks, .. and boy am I glad to have the super ninja perl gurus available to ask. Normally i do try to dig deep into docs and stuff before I ask too basic questions, but sometimes you just want to get progress going fast... hehe!
[reply]
      Really?Thanks!!... do you know how I would go about doing that? Currently im doing this through callbacks, but its sort of new to me. Can I add anything into this section?

      my $sniffer = Sniffer::HTTP->new(
          callbacks => {
                request  => sub {
                     my ($req,$conn) = @_;},
                response => sub { my ($res,$req,$conn) = @_;},
                log      => sub { print $_[0] if $VERBOSE },
                tcp_log  => sub { print $_[0] if $VERBOSE > 1 },
                
          },
timeout => 5*60, # seconds after which a connection is considered stal
+e
          stale_connection
            => sub { my ($s,$conn,$key);
                    
                    if ($key){
                     print "Connection stalled .... $key ....\n" if $d
+ebug;
                     $s->log->("Connection $key is stale.");
                     $s->remove_connection($key);
                     }
                     
                   },
        );
      
        $sniffer->run($interface);

      [download]
[reply]
[d/l]

        Hmmm... It looks like I was wrong about callbacks. There's accessor methods src_host and dest_host in Sniffer::Connection class, but they don't work, actually Sniffer::HTTP just ignores information about hosts in packets. Sniffer::Connection module handles only TCP packets and doesn't receives any information about IP addresses. This is design issue, it's possible to fix but would require some work. So the only way to get addresses is to use handle_(eth|ip|tcp)_packet methods instead of run and extract addresses directly from packets, but that's not very convenient.

        Update: perhaps it would require just fix handle_ip_packet function in Sniffer::HTTP, I'll see it tomorrow.

[reply]
[d/l]
[select]

Back to Seekers of Perl Wisdom