| Author |
perl network sniffer
|
|
| jamie@nospam.com 2005-02-25, 3:59 pm |
| I have a linux router/gateway in our office. The "pointy haired boss"
wants to moniter the internet activity for the office. I need to
capture the URL requested and the source ip for all the machines on the
network. Can anyone suggest some good places to start. I searched on
CPAN and am unsure which of the packages would be most useful. Any
help would be much appreciated.
Thanks
| |
| Robert Sedlacek 2005-02-25, 3:59 pm |
| jamie@nospam.com wrote:
> Can anyone suggest some good places to start.
Google for "Proxy", that's not a Perl related question.
--
http://www.dunkelheit.at/
The first rule of project mayhem is: you do not ask questions.
-- Fight Club
| |
| jamie@nospam.com 2005-02-25, 3:59 pm |
| <Google for "Proxy">
I realize that it would be simple enought to place a proxy in the
"mix", however that is not possible with our current layout. The point
is that I would like to do it, if possible, with perl. I would like
the information to be inserted into a mysql db (which i have no
problems doing). Is this not possible using perl?
| |
| jamie@nospam.com 2005-02-25, 3:59 pm |
|
<Haven't you seen HTTP::Proxy at CPAN? What's wrong with it? Let me
guess,
you wanted to hear "other opinions"? >
I misunderstood your response. That is exactly what I was looking for.
Thanks for the input.
| |
| Robert Sedlacek 2005-02-25, 3:59 pm |
| jamie@nospam.com wrote:
> I misunderstood your response.
Then I must have misunderstood your first post, where you're saying:
| I searched on CPAN and am unsure which of the packages would be most
| useful. Any help would be much appreciated.
?
--
http://www.dunkelheit.at/
That is not dead, which can eternal lie,
and with strange aeons even death may die.
-- H.P. Lovecraft
| |
| gargoyle 2005-02-25, 3:59 pm |
| On 2005-02-25, jamie@nospam.com <jamiethacker@gmail.com> wrote:
><Google for "Proxy">
>
> I realize that it would be simple enought to place a proxy in the
> "mix", however that is not possible with our current layout. The point
> is that I would like to do it, if possible, with perl. I would like
> the information to be inserted into a mysql db (which i have no
> problems doing). Is this not possible using perl?
Just capture the output of tcpdump or some sniffer (tethereal maybe?)
and use a regex to log HTTP packets to the database. You can even
configure the sniffer to ignore all non-HTTP packets, to reduce the cpu
overhead of your script...
It shouldn't take more than a few dozen lines of code to do this. I
wrote a similar script a while back that watched for certain kinds of
ARP packets in this fashion:
open (ARP, "tcpdump -ln arp |") or die;
while (<ARP> ) {
/foo/ and do_this();
/bar/ and do_that();
}
Getting tcpdump to give you URLs may require some work though (looking
inside the tcp packet), but ethereal will just outright print it to
stdout if you tell it to, I think...
|
|
|
|