in reply to Perl and netstat

I'm not aware of any - but you might find Net::Pcap (and NetPacket::*) more useful for analyzing traffic - it'll give you access to every packet coming in over a given interface.

For your netstat wrapper - presumably for tracking a dos you're going to want the results continuously? I'd consider parsing /proc/net/tcp,/proc/net/udp,etc instead of constant netstat execs.

Replies are listed 'Best First'.
Re: Re: Perl and netstat
by shotgunefx (Parson) on Jul 24, 2002 at 09:43 UTC
    Actually, what I was trying to detect was a bunch of SYN_REC's coming from one location. I check every five minutes and alarm if it happens. I'm going to modify it to automatically add them to ipchains to filter them out.


    "To be civilized is to deny one's nature."