|Perl: the Markov chain saw|
Sniffing binary data, heuristics?by Ryszard (Priest)
|on May 25, 2004 at 18:53 UTC||Need Help??|
Ryszard has asked for the
wisdom of the Perl Monks concerning the following question:
I'm writing a packet sniffer that will allow me to examine the payload(s) of a TCP stream.
Of course, being TCP, there are many different things that can go on during a snoop, so what i'd like to do is find a nice fast way to identify the payload type of a TCP packet.
Specifically i would like to be able to determine if the payload is binary, so i can re-assemble the packets later on for reconstruction.
Idealy I'd like to be able to determine the payload as binary at run time, altho' doing it off line is also an option.
I've been thinking about grabbing the 1st "bunch" of characters, and determining if they're within the printable range, however this method is not fool proof. Doing a more extensive analysis using dipthongs/whitespace/vowels etc i think would be too slow.
I've not written any code (as yet), i'm just looking for suggestions...