Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: InfoSec Handlers Diary Blog InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Sniffers in Perl?!?

Published: 2006-10-04
Last Updated: 2006-10-04 21:49:58 UTC
by Kyle Haugsness (Version: 1)
0 comment(s)
Maybe this will be interesting to the coders out there or possibly inspire someone to solve a problem in a different way...  Download it here: http://handlers.sans.org/khaugsness/tail-pcap.pl

A while back I needed to do some sniffing for very specific packets in Perl.  And I needed to wrap some logic around the packet processing.  Doing regex matching and normal byte filtering in tcpdump wasn't going to be sufficient.  So I wrote a quick little script using a Perl module to interface with the libpcap library.  Everything was straight-forward and well documented until I needed to tail an existing pcap file.  Google failed me.  So through a little trial-and-error I figured out how to solve the problem.  Here is an example script on how to do this.

Lessons learned: it isn't hard to write your own customized sniffer.  Perl and Python have well-documented high-level interfaces that do most of the hard work for you.

Keywords:
0 comment(s)
Diary Archives