in reply to Re^3: Extract source and destination IP from Sniffer::HTTP???
in thread Extract source and destination IP from Sniffer::HTTP???

The source_port and dest_port are only set from the ->new_from_packet method, so you'd need that. I have never used Sniffer::HTTP with multiple connections to multiple hosts going on at the same time, and also didn't have the necessity in the upper layer to care about the IP addresses, so that part isn't really implemented (nor tested).

Replies are listed 'Best First'.
Re^5: Extract source and destination IP from Sniffer::HTTP???
by zwon (Abbot) on Feb 15, 2009 at 10:18 UTC

    Yeah, IP addresses not implemented, but actually it's not too hard to add support for them. This is a patch for Sniffer/HTTP.pm, it's just a simple hack, it's not well tested, and actually there's some issues here, but it should work in most cases:

    --- HTTP.pm.orig    2009-02-15 13:00:56.000000000 +0300
+++ HTTP.pm    2009-02-15 13:06:07.000000000 +0300
@@ -277,7 +277,12 @@
   $i->{hlen} = 5
       if $i->{hlen} < 5;
   #warn sprintf "Data length: %d/%d", length $i->{data}, $i->{len} - 
+($i->{hlen}*4);
-  $self->handle_tcp_packet(substr($i->{data}, 0, $i->{len}-($i->{hlen
+}*4)), $ts);
+  my $conn = $self->handle_tcp_packet(substr($i->{data}, 0, $i->{len}
+-($i->{hlen}*4)), $ts);
+  unless($conn->tcp_connection->dest_host) {
+    $conn->tcp_connection->dest_host($i->{dest_ip});
+    $conn->tcp_connection->src_host($i->{src_ip});
+  }
+  $conn;
 };
 
 =head2 C<< $sniffer->handle_tcp_packet TCP [, TIMESTAMP] >>

    [download]

    And here's the example of how to get IP addresses in callbacks:

    use strict;
use warnings;
use Sniffer::HTTP;

my $VERBOSE = 0;
my $debug   = 0;
my $sniffer = Sniffer::HTTP->new(
    callbacks => {
        request => sub {
            my ( $req, $conn ) = @_;
            my $src   = $conn->tcp_connection->src_host;
            my $sport = $conn->tcp_connection->src_port;
            my $dst   = $conn->tcp_connection->dest_host;
            my $dport = $conn->tcp_connection->dest_port;
            print "Request: $src:$sport -> $dst:$dport\n";
        },
        response => sub { my ( $res, $req, $conn ) = @_; },
        log     => sub { print $_[0] if $VERBOSE },
        tcp_log => sub { print $_[0] if $VERBOSE > 1 },

    },
    timeout => 5 * 60,    # seconds after which a connection is consid
+ered stale
    stale_connection => sub {
        my ( $s, $conn, $key );

        if ($key) {
            print "Connection stalled .... $key ....\n" if $debug;
            $s->log->("Connection $key is stale.");
            $s->remove_connection($key);
        }

    },
);

$sniffer->run('wlan0');

    [download]
[reply]
[d/l]
[select]
      Ahh you guys are awesome! thanks a million. But could I get a quick walk through of where I add the first peice of code? In what line .... since im adding it into a module (that is by the way freaking awesome) i want to make sure i dont mess my module up. So a quick "Preben, add this code ..< code > on line XXX. Thanks again guys!!
[reply]
        Seems to work now! I cant express how happy i am right now! Thanks a million all u perl gurus!!!!
[reply]

In Section Seekers of Perl Wisdom