| Barca |
02-08-2005 04:23 PM |
Capture whole packet at once (in Perl)
#!/usr/bin/perl
# ggniuf.pl
# It sniffs packets which are sending by popular polish communicator called
# Gadu-gadu.
# by Barca
use Switch;
use Socket;
#$|++;
$white="�[01;37m";
$dcyan="�[00;31m";
$yellow="�[01;33m";
$gray="�[00m";
our $nr = 0;
our %host = ( );
open(STDIN,"tcpdump -lnx -s0 dst port 8074 |") || die "I can't open tcpdump.";
print ":::$dcyan\ GGNiuf started$gray\ :::\n";
while(<>)
{
$packet = <STDIN>;
open(FILE, ">>packet.txt");
print FILE $packet;
close FILE;
}
-----------------------------------------------------------------------------------------------
Hi,
I write some sniffer and I stucked on one problem. As you can see on that little fragment, I need to capture all packets which are sent to hosts on port 8074. After running that, I have whole packet in one piece, in file. So I can read everything to variable and proceed with filtrating data. But it has 2 disadvantages:
1) it can slow down computer when many packets are received (hdd works all the time)
2) In the file, I receive only every second line (!), e.x.:
0x0000: 4500 008e a12b 4000 4006 d5c9 c0a8 0066 E....+@.@......f
0x0020: 8018 07cc 469a 0000 0101 080a 02d4 6ced ....F.........l.
0x0040: b074 7501 0800 0000 3132 3334 3536 3738 .tu.....12345678
0x0060: 6cb3 6d6e 6ff3 7071 7273 9c74 7577 7879 l.mno.pqrs.tuwxy
0x0080: 6667 686a 6b6c 7a78 6376 626e 6d00 fghjklzxcvbnm.
0x0000: 4500 0034 a12d 4000 4006 d621 c0a8 0066 E..4.-@.@..!...f
0x0020: 8010 07cc 7a0b 0000 0101 080a 02d4 6da7 ....z.........m.
Is there any solution to my problems? Or maybe you know better way to capture all packet data in one catch? Please help...
|
