Capture whole packet at once (in Perl)

Barca · 02-08-2005, 04:23 PM

#!/usr/bin/perl
# ggniuf.pl
# It sniffs packets which are sending by popular polish communicator called
# Gadu-gadu.
# by Barca

use Switch;
use Socket;

#$|++;
$white="[01;37m";
$dcyan="[00;31m";
$yellow="[01;33m";
$gray="[00m";
our $nr = 0;
our %host = ( );

open(STDIN,"tcpdump -lnx -s0 dst port 8074 |") || die "I can't open tcpdump.";
print ":::$dcyan\ GGNiuf started$gray\ :::\n";

while(<>)
{
$packet = <STDIN>;
open(FILE, ">>packet.txt");
print FILE $packet;
close FILE;
}

-----------------------------------------------------------------------------------------------
Hi,
I write some sniffer and I stucked on one problem. As you can see on that little fragment, I need to capture all packets which are sent to hosts on port 8074. After running that, I have whole packet in one piece, in file. So I can read everything to variable and proceed with filtrating data. But it has 2 disadvantages:

1) it can slow down computer when many packets are received (hdd works all the time)
2) In the file, I receive only every second line (!), e.x.:

0x0000: 4500 008e a12b 4000 4006 d5c9 c0a8 0066 E....+@.@......f
0x0020: 8018 07cc 469a 0000 0101 080a 02d4 6ced ....F.........l.
0x0040: b074 7501 0800 0000 3132 3334 3536 3738 .tu.....12345678
0x0060: 6cb3 6d6e 6ff3 7071 7273 9c74 7577 7879 l.mno.pqrs.tuwxy
0x0080: 6667 686a 6b6c 7a78 6376 626e 6d00 fghjklzxcvbnm.
0x0000: 4500 0034 a12d 4000 4006 d621 c0a8 0066 E..4.-@.@..!...f
0x0020: 8010 07cc 7a0b 0000 0101 080a 02d4 6da7 ....z.........m.

Is there any solution to my problems? Or maybe you know better way to capture all packet data in one catch? Please help...

Matir · 02-08-2005, 04:29 PM

First off, you are reading from standard input twice for each read. (<> reads into $_)

Secondly, why open and close the file so often? That probably generates most of the overhead.

Try this to replace your while loop (my perl is a bit rusty):

Code:

open(FILE,">>packet.txt");
while(<>)
{
print FILE $_;
}
close FILE;

Barca · 02-08-2005, 05:21 PM

Hm, it creates empty file (packet.txt has 0 bytes length).

chrism01 · 02-08-2005, 06:57 PM

while( <FILE> )
specify the filehandle in the while statement

Matir · 02-08-2005, 09:06 PM

The filehandle should be <STDIN>. Though I would SERIOUSLY advise against using that name for your filehandle... very bad coding practice to rename STDIN. I suggest using something like CAP, and, as mentioned above, then do

Code:

while(<CAP>) ...

Barca · 02-09-2005, 02:16 AM

It changed nothing. I still have file with 0 bytes length ;(