Beefy Boxes and Bandwidth Generously Provided by pair Networks
Perl-Sensitive Sunglasses
 
PerlMonks  

real-time packet capture

by PEACHHORSE (Initiate)
on Apr 12, 2003 at 18:58 UTC ( [id://250068]=perlquestion: print w/replies, xml ) Need Help??

PEACHHORSE has asked for the wisdom of the Perl Monks concerning the following question:

hi perl monks, i'm new to perl and have written code to capture packets on the network. i'm storing the packets in a text file. (using linux red hatand perl5.6)

firstly does anyone know what code i can use to let the code run for say 5 mins, and have an option for running for 10mins, thenafter this time it stops, clears the logfile,then starts again after some time.

secondly, since there is a limitation to the file size, as i, for instance, get the packetsizes which i'll use to graph the data in real-time and show batch statistics, how can i get rid of data i've already used?

graphs i'd like to implement are really very simple, one is a linegraph which will show the average number of packets over perhaps 5mins and 10mins.and the other is a bar graph that will show the 5 hoststhat sent the most traffic in the time interval specified.
any ideas on how todo this in the quickest time??

Replies are listed 'Best First'.
Re: real-time packet capture
by toma (Vicar) on Apr 12, 2003 at 19:10 UTC
    You can use the Expect module to control the timing. Here is an example program that uses Expect this way.

    You may find that snort will do much of what you want.

    It should work perfectly the first time! - toma

[reply]
Re: real-time packet capture
by tstock (Curate) on Apr 12, 2003 at 19:55 UTC
    Maybe this will give you some ideas:
    #! /usr/bin/perl

my $tcpdump = '/usr/sbin/tcpdump -n'; # path and options
my $timeout = 5; # time to listen
my $fileout = 'out.tcpdump';
open(OUT, "> $fileout") || die $!;
open(CMD, "$tcpdump |") || die $!;

eval 
{
    local $SIG{ALRM}= sub { die('done') };
    alarm( $timeout );

    while (<CMD>)
    {
    my $line = $_;
    print OUT $line;
    }

    alarm(0);
};

print $@ if $@;
close OUT || die $!;

    [download]

    Tiago
[reply]
[d/l]
Re: real-time packet capture
by zengargoyle (Deacon) on Apr 12, 2003 at 20:45 UTC

    not perl, but almost assuredly will get you the stuff you want easier and faster. ntop and ngrep.

[reply]

Back to Seekers of Perl Wisdom

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: perlquestion [id://250068]
Approved by toma
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others browsing the Monastery: (3)
As of 2024-04-24 23:08 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found