
Bode
Novice
Dec 4, 2002, 8:24 AM
Post #1 of 2
(6949 views)
|
packet sniffer
|
Can't Post
|
|
Below is two files which act as a packet sniffer. I havent been able to try them out as they are for UNIX and I dont have a root account on a UNIX. Is there a way I can modify them for use on windows 2000 and in particular is there an equivilent tcpdump for windows 2000. Cheers for any help or suggestions. #!/usr/bin/perl use Socket; use MIME::Base64; $|=1; while (<>) { next unless ($host,$client,$msg) = /(\S+) -> (\S+)\s+(.*)\s+/; $msg=~s/(Authorization:\s+Basic\s+)(\S+)/$1 . decode_base64($2)/e; print lookup($host)," -> ",lookup($client),"\t$msg\n"; } sub lookup { my $addr = shift; my $lookup = (gethostbyaddr(inet_aton($addr),AF_INET))[0]; return $lookup || $addr; } #!/usr/bin/perl $LIMIT = shift || 5000; $|=1; open (STDIN,"/usr/sbin/tcpdump -lnx -s 1024 dst port 80 |"); while (<>) { if (/^\S/) { last unless $LIMIT--; while ($packet=~/(GET|POST|WWW-Authenticate|Authorization).+/g) { print "$client -> $host\t$&\n"; } undef $client; undef $host; undef $packet; ($client,$host) = /(\d+\.\d+\.\d+\.\d+).+ > (\d+\.\d+\.\d+\.\d+)/ if /P \d+:\d+\((\d+)\)/ && $1 > 0; } next unless $client && $host; s/\s+//; s/([0-9a-f]{2})\s?/chr(hex($1))/eg; tr/\x1F-\x7E\r\n//cd; $packet .= $_; }
|