perl network sniffer

J

jamie

I have a linux router/gateway in our office. The "pointy haired boss"
wants to moniter the internet activity for the office. I need to
capture the URL requested and the source ip for all the machines on the
network. Can anyone suggest some good places to start. I searched on
CPAN and am unsure which of the packages would be most useful. Any
help would be much appreciated.

Thanks
 
J

jamie

<Google for "Proxy">

I realize that it would be simple enought to place a proxy in the
"mix", however that is not possible with our current layout. The point
is that I would like to do it, if possible, with perl. I would like
the information to be inserted into a mysql db (which i have no
problems doing). Is this not possible using perl?
 
R

Robert Sedlacek

I realize that it would be simple enought to place a proxy in the "mix",
however that is not possible with our current layout. The point is that I
would like to do it, if possible, with perl. I would like the information
to be inserted into a mysql db (which i have no problems doing). Is this
not possible using perl?
Click to expand...

Haven't you seen HTTP::proxy at CPAN? What's wrong with it? Let me guess,
you wanted to hear "other opinions"?
 
J

jamie

<Haven't you seen HTTP::proxy at CPAN? What's wrong with it? Let me
guess,
you wanted to hear "other opinions"? >

I misunderstood your response. That is exactly what I was looking for.
Thanks for the input.
 
R

Robert Sedlacek

I misunderstood your response.
Click to expand...

Then I must have misunderstood your first post, where you're saying:

| I searched on CPAN and am unsure which of the packages would be most
| useful. Any help would be much appreciated.

?
 
G

gargoyle

<Google for "Proxy">

I realize that it would be simple enought to place a proxy in the
"mix", however that is not possible with our current layout. The point
is that I would like to do it, if possible, with perl. I would like
the information to be inserted into a mysql db (which i have no
problems doing). Is this not possible using perl?
Click to expand...

Just capture the output of tcpdump or some sniffer (tethereal maybe?)
and use a regex to log HTTP packets to the database. You can even
configure the sniffer to ignore all non-HTTP packets, to reduce the cpu
overhead of your script...

It shouldn't take more than a few dozen lines of code to do this. I
wrote a similar script a while back that watched for certain kinds of
ARP packets in this fashion:

open (ARP, "tcpdump -ln arp |") or die;
while (<ARP>) {
/foo/ and do_this();
/bar/ and do_that();
}

Getting tcpdump to give you URLs may require some work though (looking
inside the tcp packet), but ethereal will just outright print it to
stdout if you tell it to, I think...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Bizarre network application problem 7
Noob: Trying to run two python scrips on a pfsense/freeBSD for the OWL-Intuition-LC 2
OT: Network Layout 3
How to read the server host name from a mapped network drive? 1
rsync and network file transfer speeds 2
Network timeout with HTTPClient and Tomcat 1
compiling perl 5.8.7 on Solaris 8 3
Onvif IP camera remote configuration in C# 0

Members online

Total: 31 (members: 1, guests: 30)
Robots: 517

Forum statistics

Threads
473,769
Messages
2,569,579
Members
45,053
Latest member
BrodieSola

Latest Threads

Top