Hmmm... It looks like I was wrong about callbacks. There's accessor methods src_host and dest_host in Sniffer::Connection class, but they don't work, actually Sniffer::HTTP just ignores information about hosts in packets. Sniffer::Connection module handles only TCP packets and doesn't receives any information about IP addresses. This is design issue, it's possible to fix but would require some work. So the only way to get addresses is to use handle_(eth|ip|tcp)_packet methods instead of run and extract addresses directly from packets, but that's not very convenient.

Update: perhaps it would require just fix handle_ip_packet function in Sniffer::HTTP, I'll see it tomorrow.

The source_port and dest_port are only set from the ->new_from_packet method, so you'd need that. I have never used Sniffer::HTTP with multiple connections to multiple hosts going on at the same time, and also didn't have the necessity in the upper layer to care about the IP addresses, so that part isn't really implemented (nor tested).

Yeah, IP addresses not implemented, but actually it's not too hard to add support for them. This is a patch for Sniffer/HTTP.pm, it's just a simple hack, it's not well tested, and actually there's some issues here, but it should work in most cases:

--- HTTP.pm.orig    2009-02-15 13:00:56.000000000 +0300
+++ HTTP.pm    2009-02-15 13:06:07.000000000 +0300
@@ -277,7 +277,12 @@
   $i->{hlen} = 5
       if $i->{hlen} < 5;
   #warn sprintf "Data length: %d/%d", length $i->{data}, $i->{len} - 
+($i->{hlen}*4);
-  $self->handle_tcp_packet(substr($i->{data}, 0, $i->{len}-($i->{hlen
+}*4)), $ts);
+  my $conn = $self->handle_tcp_packet(substr($i->{data}, 0, $i->{len}
+-($i->{hlen}*4)), $ts);
+  unless($conn->tcp_connection->dest_host) {
+    $conn->tcp_connection->dest_host($i->{dest_ip});
+    $conn->tcp_connection->src_host($i->{src_ip});
+  }
+  $conn;
 };
 
 =head2 C<< $sniffer->handle_tcp_packet TCP [, TIMESTAMP] >>
[download]

And here's the example of how to get IP addresses in callbacks:

use strict;
use warnings;
use Sniffer::HTTP;

my $VERBOSE = 0;
my $debug   = 0;
my $sniffer = Sniffer::HTTP->new(
    callbacks => {
        request => sub {
            my ( $req, $conn ) = @_;
            my $src   = $conn->tcp_connection->src_host;
            my $sport = $conn->tcp_connection->src_port;
            my $dst   = $conn->tcp_connection->dest_host;
            my $dport = $conn->tcp_connection->dest_port;
            print "Request: $src:$sport -> $dst:$dport\n";
        },
        response => sub { my ( $res, $req, $conn ) = @_; },
        log     => sub { print $_[0] if $VERBOSE },
        tcp_log => sub { print $_[0] if $VERBOSE > 1 },

    },
    timeout => 5 * 60,    # seconds after which a connection is consid
+ered stale
    stale_connection => sub {
        my ( $s, $conn, $key );

        if ($key) {
            print "Connection stalled .... $key ....\n" if $debug;
            $s->log->("Connection $key is stale.");
            $s->remove_connection($key);
        }

    },
);

$sniffer->run('wlan0');
[download]