Re: networking over the loopback

in reply to networking over the loopback

Yes, tcpdump can indeed watch the loopback.

tcpdump -i lo -w /tmp/loopback.log
[download]

This will log all packets on lo to the file /tmp/loopback.log. You can then read/analyze them with:

tcpdump -r /tmp/loopback.log 'filter stuff here'
[download]

Update:

I thought about this a little more this morning, and if you have the extra resources, and know a little about writing rules, you should be able to use an IDS (intrusion detection system) -- like Snort -- to monitor for/alert on specific events. Now that I think about it, an IDS could be a really good debugging tool for a project like you describe. (And, if you get to the point where you are testing on multiple system on a LAN, your IDS will still be able to help as long as it is located on the same segment.)

Comment on Re: networking over the loopback Select or Download Code

Replies are listed 'Best First'.
Re: Re: networking over the loopback by rob_au (Abbot) on May 22, 2002 at 04:21 UTC
And in the spirit of using Perl for reinventing wheels, a TCP packet dumper using Net::PcapUtils ... :-) use Net::PcapUtils; use NetPacket::IP; use NetPacket::TCP; use NetPacket::Ethernet qw/:types/; use strict; Net::PcapUtils::loop( sub { my ($arg, $header, $packet) = @_; my $ethernet = NetPacket::Ethernet->decode($packet); if ($ethernet->{'type'} == ETH_TYPE_IP) { my $ip = NetPacket::IP->decode($ethernet->{'data'}, $ether +net); my $tcp = NetPacket::TCP->decode($ip->{'data'}); print $ip->{'src_ip'}, ":", $tcp->{'src_port'}, " -> ", $ip->{'dest_ip'}, ":", $tcp->{'dest_port'}, "\n\n"; my @data = split //, $tcp->{'data'}; while (@data) { print "\t"; for (0..7) { print sprintf("%02x", shift(@data)), " "; } print "\n"; } print "\n"; } }, 'DEV' => 'lo' ); [download]	[reply] [d/l]

Replies are listed 'Best First'.

Re: Re: networking over the loopback
by rob_au (Abbot) on May 22, 2002 at 04:21 UTC

Net::PcapUtils

use Net::PcapUtils;
use NetPacket::IP;
use NetPacket::TCP;
use NetPacket::Ethernet qw/:types/;
use strict;

Net::PcapUtils::loop(
    sub {
        my ($arg, $header, $packet) = @_;
        my $ethernet = NetPacket::Ethernet->decode($packet);
        if ($ethernet->{'type'} == ETH_TYPE_IP) {
            my $ip = NetPacket::IP->decode($ethernet->{'data'}, $ether
+net);
            my $tcp = NetPacket::TCP->decode($ip->{'data'});

            print
                $ip->{'src_ip'}, ":", $tcp->{'src_port'}, " -> ",
                $ip->{'dest_ip'}, ":", $tcp->{'dest_port'}, "\n\n";

            my @data = split //, $tcp->{'data'};
            while (@data) {
                print "\t";
                for (0..7) {
                    print sprintf("%02x", shift(@data)), " ";
                }
                print "\n";
            }
            print "\n";
        }
    },
    'DEV'       =>  'lo'
);
[download]

[reply]
[d/l]

In Section Seekers of Perl Wisdom