Monday, September 13, 2010

Libpcap Practice: getsniff.c

getsniff.c is some libpcap learning code. It parses out GET requests and prints any parameters on their own line:

dennis@ipa:~/projects/sockets/getsniff$ sudo getsniff iwn0 
GET http://reddit.com/

GET http://www.reddit.com/

GET http://www.redditmedia.com/ads/

GET http://thumbs.reddit.com/t3_ddgvb.png

GET http://thumbs.reddit.com/t3_dbwsj.png
        v=b90a99afb17f73e6891ea39350cbb4d6d161e842

GET http://thumbs.reddit.com/t3_ddcqm.png

GET http://pixel.reddit.com/pixel/of_destiny.png
        v=SEOdlCDIuRz0EUWp42I59%2FadIj5PU0KFCn7MTSHYJUrNg1rLAFRi5bOCu%2BBU8FPx%2FDUpYarYq4c%3D

GET http://pagead2.googlesyndication.com/pagead/show_ads.js

GET http://www.reddit.com/comscore-iframe/www.reddit.com/

GET http://www.google-/__utm.gif
        utmwv=4.7.2
        utmn=1727842155
        utmhn=www.reddit.com
        utmcs=UTF-8
        utmsr=1280x800
        utmsc=24-bit
        utmul=en-us
        utmje=0
        utmfl=-
        utmdt=reddit.com%3A%20what%27s%20new%20online!
        utmhid=1194339538
        utmr=-
        utmp=%2F
...
Posted by at
Labels:

2 comments:

  1. Paul HallidaySeptember 16, 2010 at 4:01 AM

    Can you do the same thing for posts?

    ReplyDelete
  2. TonyDecember 4, 2010 at 2:43 PM

    Great example of something simple and useful you can do with libpcap.

    Paul, yes you can do the same for POST, but the relevant post information is in the HTTP headers, not the URL of the POST

    ReplyDelete

Subscribe to: Post Comments (Atom)