Maybe this will be interesting to the coders out there or possibly inspire someone to solve a problem in a different way... Download it here: http://handlers.sans.org/khaugsness/tail-pcap.pl
A while back I needed to do some sniffing for very specific packets in Perl. And I needed to wrap some logic around the packet processing. Doing regex matching and normal byte filtering in tcpdump wasn't going to be sufficient. So I wrote a quick little script using a Perl module to interface with the libpcap library. Everything was straight-forward and well documented until I needed to tail an existing pcap file. Google failed me. So through a little trial-and-error I figured out how to solve the problem. Here is an example script on how to do this. Lessons learned: it isn't hard to write your own customized sniffer. Perl and Python have well-documented high-level interfaces that do most of the hard work for you. |
Kyle 112 Posts Oct 4th 2006 |
Thread locked Subscribe |
Oct 4th 2006 1 decade ago |
Sign Up for Free or Log In to start participating in the conversation!