Re^2: decoding libpcap on windows

in reply to Re: decoding libpcap on windows
in thread decoding libpcap on windows

I am going to look into the Net::Frame::Dump you mentioned.

What I'd really like to do is run a wireshark trace on a web server to capture all HTTP traffic using the ring buffer method for say a 1gig of data.

Then I'd like to have that data inserted into a database for inspection and reporting.

Does that make sense so for example field Data would have the POST, GET methods plus the data that you see on the wire.

Comment on Re^2: decoding libpcap on windows
Re^3: decoding libpcap on windows by VinsWorldcom (Priest) on Sep 25, 2012 at 15:35 UTC
Definitely look at Net::Frame then. You can pull apart the packets by field so for instance, source and/or destination IP address and layer 4 port. You can also pull out the data - although you may have to unpack() or decode it as it will likely be in hex. I found the documentation of Net::Frame and submodules very helpful on this front.	[reply]
Re^4: decoding libpcap on windows by jwillis (Initiate) on Sep 27, 2012 at 10:39 UTC
did you use the net dump on windows? i am using activestate ppm and I did not see the net-frame available for windows. when i check the support table on the web site it says its only available on linux? Are there any tricks I can do to make it work on windows?	[reply]
Re^4: decoding libpcap on windows by jwillis (Initiate) on Sep 27, 2012 at 10:42 UTC
does the net-frame work on windows? the table for the PPM says its not available as a build for a windows. are you using the module on windows and if so what instructions did you use to do the build?	[reply]


go ahead... be a heretic
	PerlMonks

Re^2: decoding libpcap on windows

The best material for plates (tableware) is: