Beefy Boxes and Bandwidth Generously Provided by pair Networks
laziness, impatience, and hubris
 
PerlMonks  

Perl and netstat

by shotgunefx (Parson)
on Jul 24, 2002 at 07:27 UTC ( #184721=perlquestion: print w/replies, xml ) Need Help??

shotgunefx has asked for the wisdom of the Perl Monks concerning the following question:

Recently I had a problem with some naughty folk trying to DoS me. My first thought was to make a monitor for connections using netstat. I of course reached for CPAN and to my suprise, there was no equivilant. I thought for sure someone would make a wrapper. I decided to roll my own and posted the snippets I used.

My question is... is this something worth making into a coherent structure and posting it to CPAN? Is there an equivilant that I missed?

Thanks,

-Lee

"To be civilized is to deny one's nature."

Replies are listed 'Best First'.
Re: Perl and netstat
by panix (Monk) on Jul 24, 2002 at 09:35 UTC
    I'm not aware of any - but you might find Net::Pcap (and NetPacket::*) more useful for analyzing traffic - it'll give you access to every packet coming in over a given interface.

    For your netstat wrapper - presumably for tracking a dos you're going to want the results continuously? I'd consider parsing /proc/net/tcp,/proc/net/udp,etc instead of constant netstat execs.

      Actually, what I was trying to detect was a bunch of SYN_REC's coming from one location. I check every five minutes and alarm if it happens. I'm going to modify it to automatically add them to ipchains to filter them out.

      -Lee

      "To be civilized is to deny one's nature."

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: perlquestion [id://184721]
Approved by virtualsue
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others romping around the Monastery: (5)
As of 2020-01-26 06:38 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    Notices?