All users are connected to one port switch this port is mirror where i have connected single machine with freebsd operating system.I am using Sniffer::HTTP module to catch the url.i want to block xyz.com for all users . i dont know how i can do it please find the following codes for your reference
#!/usr/bin/perl
use strict;
use Net::Pcap;
use Sniffer::HTTP;
use Net::RawIP;
my $VERBOSE = 0;
my $sniffer = Sniffer::HTTP->new(
callbacks => {
request => sub { my ($req,$conn) = @_;
my $src = $conn->tcp_connection->src_host;
my $sport = $conn->tcp_connection->src_port;
my $dst = $conn->tcp_connection->dest_host;
my $dport = $conn->tcp_connection->dest_port;
my $myurl = $req->uri;
if ( $myurl =~ "http://xyz.com" )
{
system("/usr/bin/perl /myscripts/socket3.pl $dst $dport $src $sport");
}
print "Request: $src:$sport -> $dst:$dport -> $myurl \n";
}
},
);
$sniffer->run('alc0'); # uses the "best" default device
code of /usr/bin/perl /myscripts/socket3.pl
use Net::RawIP;
$src_host = $ARGV[0]; # The source IP/Hostname
$src_port = $ARGV[1]; # The Source Port
$dst_host = $ARGV[2]; # The Destination IP/Hostname
$dst_port = $ARGV[3]; # The Destination Port.
$n = Net::RawIP->new({
ip => {
saddr => "$src_host" ,
daddr => "$dst_host",
},
tcp => {
source => "$src_port",
dest => "$dst_port",
rst => 1,
},
});
$n->send;
$n->ethnew("alc0");
$n->ethset(source => "$src_host", dest => "dst_host" );
$n->ethsend;