Bode
Novice
Dec 4, 2002, 8:24 AM
Post #1 of 2
(4173 views)
|
|
packet sniffer
|
Can't Post
|
|
Below is two files which act as a packet sniffer. I havent been able to try them out as they are for UNIX and I dont have a root account on a UNIX.
Is there a way I can modify them for use on windows 2000 and in particular is there an equivilent tcpdump for windows 2000.
Cheers for any help or suggestions.
#!/usr/bin/perl
use Socket;
use MIME::Base64;
$|=1;
while (<>) {
next unless ($host,$client,$msg) = /(\S+) -> (\S+)\s+(.*)\s+/;
$msg=~s/(Authorization:\s+Basic\s+)(\S+)/$1 . decode_base64($2)/e;
print lookup($host)," -> ",lookup($client),"\t$msg\n";
}
sub lookup {
my $addr = shift;
my $lookup = (gethostbyaddr(inet_aton($addr),AF_INET))[0];
return $lookup || $addr;
}
#!/usr/bin/perl
$LIMIT = shift || 5000;
$|=1;
open (STDIN,"/usr/sbin/tcpdump -lnx -s 1024 dst port 80 |");
while (<>) {
if (/^\S/) {
last unless $LIMIT--;
while ($packet=~/(GET|POST|WWW-Authenticate|Authorization).+/g) {
print "$client -> $host\t$&\n";
}
undef $client; undef $host; undef $packet;
($client,$host) = /(\d+\.\d+\.\d+\.\d+).+ > (\d+\.\d+\.\d+\.\d+)/
if /P \d+:\d+\((\d+)\)/ && $1 > 0;
}
next unless $client && $host;
s/\s+//;
s/([0-9a-f]{2})\s?/chr(hex($1))/eg;
tr/\x1F-\x7E\r\n//cd;
$packet .= $_;
}
|
MAIN
SEARCH
WHO'S 
LOG 
