3 # Sniff traffic and format as a stream of packet contents
7 use Getopt
::Long
qw(:config permute); # allow mixed args.
13 my $interface = 'any';
14 my $dumpspec = 'tcp port 80';
17 GetOptions
('debug!' => \
$debug,
18 'write=s' => \
$saveto,
19 'file=s' => \
$readfrom,
20 'interface=s' => \
$interface,
21 'dumpspec=s' => \
$dumpspec,
22 'help' => \
$helpmeplease );
24 usage
() if ( $helpmeplease );
26 if ( defined($saveto) ) {
27 open( SAVETO
, '>>', $saveto ) or die "Couldn't save to '$saveto'";
30 if ( defined($readfrom) ) {
31 if ( $readfrom ne '-' ) {
32 open( STDIN
, '<', $readfrom ) or die "Couldn't open '$readfrom'";
36 my @tcpdumpoptions = ('-i', $interface, '-s0', '-l', '-xx', '-n', '-q', $dumpspec );
37 open( STDIN
, '-|', "tcpdump", @tcpdumpoptions ) or die "Couldn't start tcpdump process";
51 if ( /^([012]\d:[0-5]\d:[0-5]\d\.\d{6})\sIP\s([0-9.:]+)\s>\s([0-9.:]+):\ tcp/ ) {
56 elsif ( /^\s+(0x....):\s(( [0-9a-f]{4}){1,8})/i ) {
59 next unless defined($hex);
62 $hex = substr( $hex, 10 );
67 my @hex = split /\s+/, $hex;
69 foreach my $xch ( @hex ) {
70 next if ( $xch eq '' );
71 $ascii .= chr(hex(substr($xch,0,2)));
72 $ascii .= chr(hex(substr($xch,2,2)));
87 if ( $source ne $lastsource || $dest ne $lastdest ) {
88 putline
( "\n\n=============== $timestamp $source ==> $dest\n" );
89 $lastsource = $source;
99 ###########################################################
103 print SAVETO
$line if ( defined($saveto) );
107 ###########################################################
111 Usage: sniffstream [options]
113 The sniffstream program will format the output of "tcpdump -s0 -n -q -xx"
114 for easier reading and comparison, with a view to seeing the actions
115 involved in a DAV communication session. By default it will run the
116 tcpdump command internally.
118 It will also somewhat format the output of "tcpdump -s0 -n -q -A".
122 --write <filename> Append the stream to the named file.
123 --file (-|<filename>) Format the input from the named file, or stdin.
124 --interface <ifname> Run tcpdump against the specified interface.
125 --dumpspec <spec> Run tcpdump with that capture specification .
127 The default interface is 'any' and the default dumpspec is 'tcp port 80'.