http://www.perlmonks.org?node_id=184744


in reply to Perl and netstat

I'm not aware of any - but you might find Net::Pcap (and NetPacket::*) more useful for analyzing traffic - it'll give you access to every packet coming in over a given interface.

For your netstat wrapper - presumably for tracking a dos you're going to want the results continuously? I'd consider parsing /proc/net/tcp,/proc/net/udp,etc instead of constant netstat execs.

Replies are listed 'Best First'.
Re: Re: Perl and netstat
by shotgunefx (Parson) on Jul 24, 2002 at 09:43 UTC
    Actually, what I was trying to detect was a bunch of SYN_REC's coming from one location. I check every five minutes and alarm if it happens. I'm going to modify it to automatically add them to ipchains to filter them out.

    -Lee

    "To be civilized is to deny one's nature."