in reply to Re^2: converting tcpdump output
in thread converting tcpdump output

Ok, I figured it out myself. Here's the complete code.
#!/usr/bin/perl $|=1; open (STDIN,"sudo /usr/sbin/tcpdump -lnx -s 1024 dst port 80 |"); while (<>) { if (/^\S/) { while ($packet=~/(GET|POST|WWW-Authenticate|Authorizat +ion|Content-Length: \w+\s*).+/g) { ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst)= +localtime(time); printf "%4d/%02d/%02d %02d:%02d:%02d",$year+1900,$mon+ +1,$mday,$hour,$min,$sec; print " - $client -> $host\t$&\n"; } undef $client; undef $host; undef $packet; ($client,$host) = /(\d+\.\d+\.\d+\.\d+\.\d+).+ > (\d+\.\d+\.\d ++\.\d+\.\d+)/ if /P \d+:\d+\((\d+)\)/ && $1 > 0; } next unless $client && $host; s/^\s+\S+\s+//; # remove initial address ind. s/\s{2}.*//; # remove trailing dump s/\s+//; s/([0-9a-f]{2})\s?/chr(hex($1))/eg; tr/\x1F-\x7E\r\n//cd; $packet .= $_; }
Still not suitable, since it creates a line to just contain POST data, when it would be better if it appended the content to the end of a POST line, or something like that.