NAME

Sniffer::HTTP - multi-connection sniffer driver

SYNOPSIS

  my $VERBOSE = 0;

  my $sniffer = Sniffer::HTTP->new(
    callbacks => {
      request  => sub { my ($req,$conn) = @_; print $req->uri,"\n" if $req },
      response => sub { my ($res,$req,$conn) = @_; print $res->code,"\n" },
      log      => sub { print $_[0] if $VERBOSE },
      tcp_log  => sub { print $_[0] if $VERBOSE > 1 },
    }
  );

  $sniffer->run('eth0'); # loops forever

  # Or, if you want to feed it the packets yourself:

  while (1) {

    # retrieve TCP packet into $tcp, for example via Net::Pcap
    my $eth = sniff_ethernet_packet;

    # And handle the packet. Callbacks will be invoked as soon
    # as complete data is available
    $sniffer->handle_eth_packet($eth);
  };

This driver gives you callbacks with the completely accumulated HTTP::Requests or HTTP::Responses as sniffed from the TCP traffic. You need to feed it the Ethernet, IP or TCP packets either from a dump file or from Net::Pcap by unpacking them via NetPacket.

As the whole response data is accumulated in memory you should be aware of memory issues. If you want to write stuff directly to disk, you will need to submit patches to Sniffer::Connection::HTTP.

A good example to start from is the live-http-headers.pl script that comes with the distribution.

METHODS

`new %ARGS`

Creates a new object for handling many HTTP requests. You can pass in the following arguments:

  connections - preexisting connections (optional)
  callbacks   - callbacks for the new connections (hash reference)

Usually, you will want to create a new object like this:

  my $sniffer = Sniffer::HTTP->new( callbacks => {
    request  => sub { my ($req, $conn) = @_; print $req->uri,"\n"; },
    response => sub { my ($res,$req,$conn) = @_; print $res->code,"\n"; },
  });

except that you will likely do more work than this example.

`$sniffer->find_or_create_connection TCP, %ARGS`

This parses a TCP packet and creates the TCP connection to keep track of the packet order and resent packets.

`$sniffer->handle_eth_packet ETH`

Processes a raw ethernet packet. Net::PCap will return this kind of packet for most Ethernet network cards.

You need to call this method (or one of the other protocol methods) for every packet you wish to handle.

`$sniffer->handle_ip_packet TCP`

Processes a raw ip packet.

`$sniffer->handle_tcp_packet TCP`

Processes a raw tcp packet. This processes the packet by handing it off to the Sniffer::Connection which handles the reordering of TCP packets.

`run DEVICE, PCAP_FILTER`

Listens on the given device for all TCP traffic from and to port 80 and invokes the callbacks as necessary. If you want finer control over what Net::Pcap does, you need to set up Net::Pcap yourself.

On Linux, you can give the device name 'any' and it will listen on all interfaces.

On Windows, you can give a regular expression and it will listen on the device whose name matches that regular expression.

BUGS

The whole module suite has almost no tests.

If you experience problems, please supply me with a complete, relevant packet dump as the included dump-raw.pl creates. Even better, supply me with (failing) tests.

AUTHOR

Max Maischein (corion@cpan.org)

COPYRIGHT

This code is free software; you can redistribute it and/or modify it under the same terms as Perl itself.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	go to github issues (only if github is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

	Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)

NAME

SYNOPSIS

METHODS

new %ARGS

$sniffer->find_or_create_connection TCP, %ARGS

$sniffer->handle_eth_packet ETH

$sniffer->handle_ip_packet TCP

$sniffer->handle_tcp_packet TCP

run DEVICE, PCAP_FILTER