http://www.perlmonks.org?node_id=137610

curtisb has asked for the wisdom of the Perl Monks concerning the following question:

Hello Everyone,
I have a question about FTP packets. I want to write an FTP packet viewer. Which would tell me who is coming and going accross my FTP port, which files are being transfered, and display any errors that occur either coming or going. I think that I should use the Net::FTP module to do this. The only problem is that I'm not sure on how to get started. This is the first time that I have taken on this big of a project. Just would like some help getting started.
thanks for your wisdom and understanding;
curtisb

Replies are listed 'Best First'.
Re: FTP packets
by VSarkiss (Monsignor) on Jan 10, 2002 at 03:46 UTC

    Well, Net::FTP is an FTP client, not a server. There is a module Net::FTPServer, which I haven't used, but which seems to do what you want. It's an FTP server written in Perl, and itlooks like all you would have to do is extend it to add logging capability. The documentation looks pretty good, anyway.

    HTH

    Update
    Ah, this link works much better.

[reply]
[d/l]
Re: FTP packets
by Anonymous Monk on Jan 10, 2002 at 03:43 UTC
    If you want to *listen* rather than *speak*, I imagine your going to need the Net::Pcap module that interfaces with the pcap system library. Beyond that, you might want to try the NetPacket module collection to take care of packet decoding for you. Once you have the packets decoded down to the TCP level you can look at ports and other factors to determine if a given packet is indeed ftp traffic.

    Alternatively you could use tcpdump to listen in and only report on FTP traffic. You could pipe this output into a file for later analysis, or right into a perl script for real-time analysis.

    Cheers,

    - danboo

[reply]
Re: FTP packets
by webengr (Pilgrim) on Jan 10, 2002 at 06:39 UTC

    Do you want to do this in real-time? This is not an elegant solution, but it is easy... just write a script that will follow your ftp server's logfile, and format the lines as they come in. If you don't need the real-time aspect, then write a script that runs on demand, or from cron, to parse the server log.

    You didn't mention the platform or server prduct, but with ProFTP on my Linux box the files of interest are /var/log/proftpd.log and /var/log/xferlog.

    Like I said, it ain't glamorous, but it will work, and you don't have to go through the hassle of examining raw network data (as interesting as that sounds ;^)

    PCS

[reply]
[d/l]
[select]

Back to Seekers of Perl Wisdom