Sniffer::HTTP - multi-connection sniffer driver
my $VERBOSE = 0; my $sniffer = Sniffer::HTTP->new( callbacks => { request => sub { my ($req,$conn) = @_; print $req->uri,"\n" if $req }, response => sub { my ($res,$req,$conn) = @_; print $res->code,"\n" }, log => sub { print $_[0] if $VERBOSE }, tcp_log => sub { print $_[0] if $VERBOSE > 1 }, } ); $sniffer->run('eth0'); # loops forever # Or, if you want to feed it the packets yourself: while (1) { # retrieve TCP packet into $tcp, for example via Net::Pcap my $eth = sniff_ethernet_packet; # And handle the packet. Callbacks will be invoked as soon # as complete data is available $sniffer->handle_eth_packet($eth); };
This driver gives you callbacks with the completely accumulated HTTP::Requests or HTTP::Responses as sniffed from the TCP traffic. You need to feed it the Ethernet, IP or TCP packets either from a dump file or from Net::Pcap by unpacking them via NetPacket.
As the whole response data is accumulated in memory you should be aware of memory issues. If you want to write stuff directly to disk, you will need to submit patches to Sniffer::Connection::HTTP.
A good example to start from is the live-http-headers.pl script that comes with the distribution.
live-http-headers.pl
new %ARGS
Creates a new object for handling many HTTP requests. You can pass in the following arguments:
connections - preexisting connections (optional) callbacks - callbacks for the new connections (hash reference)
Usually, you will want to create a new object like this:
my $sniffer = Sniffer::HTTP->new( callbacks => { request => sub { my ($req, $conn) = @_; print $req->uri,"\n"; }, response => sub { my ($res,$req,$conn) = @_; print $res->code,"\n"; }, });
except that you will likely do more work than this example.
$sniffer->find_or_create_connection TCP, %ARGS
This parses a TCP packet and creates the TCP connection to keep track of the packet order and resent packets.
$sniffer->handle_eth_packet ETH
Processes a raw ethernet packet. Net::PCap will return this kind of packet for most Ethernet network cards.
You need to call this method (or one of the other protocol methods) for every packet you wish to handle.
$sniffer->handle_ip_packet TCP
Processes a raw ip packet.
$sniffer->handle_tcp_packet TCP
Processes a raw tcp packet. This processes the packet by handing it off to the Sniffer::Connection which handles the reordering of TCP packets.
run DEVICE, PCAP_FILTER
Listens on the given device for all TCP traffic from and to port 80 and invokes the callbacks as necessary. If you want finer control over what Net::Pcap does, you need to set up Net::Pcap yourself.
Net::Pcap
On Linux, you can give the device name 'any' and it will listen on all interfaces.
On Windows, you can give a regular expression and it will listen on the device whose name matches that regular expression.
The whole module suite has almost no tests.
If you experience problems, please supply me with a complete, relevant packet dump as the included dump-raw.pl creates. Even better, supply me with (failing) tests.
dump-raw.pl
Max Maischein (corion@cpan.org)
Copyright (C) 2005 Max Maischein. All Rights Reserved.
This code is free software; you can redistribute it and/or modify it under the same terms as Perl itself.
HTTP::Proxy, ethereal, Sniffer::Connnection
To install Sniffer::HTTP, copy and paste the appropriate command in to your terminal.
cpanm
cpanm Sniffer::HTTP
CPAN shell
perl -MCPAN -e shell install Sniffer::HTTP
For more information on module installation, please visit the detailed CPAN module installation guide.