Hello I have made a packet sniffer script and when I write logs to a file it will overlap on the same lines and won't show all the data.
E.G:
writing to test1.txt
Data in file:
THIS IS DATA 1
USE TEST1
Now after next capture it is the same 2 lines but overlapped with the new capture:
Data in file:
THIS IS DATA OVERLAP
OVERLAP SHOW
My Code:
#!/usr/bin/perl -w
use Net::PcapUtils; # Net::PcapUtils.
use NetPacket::Ethernet qw(:strip); # NetPacket::Ethernet.
use NetPacket::TCP; # NetPacket::TCP.
use NetPacket::UDP; # NetPacket::UDP.
use NetPacket::IP qw(:strip); # NetPacket::IP.
# Make Sure It Is Ran Under Root.
if($> != 0)
{
die "To Use This Tool You Will Need To Run It As ROOT.\n\n";
}
# Promisc Sniffer Mode.
print "Enter Your Interface To Use To Capture Packets On:";
chomp ($interface = <STDIN>);
print "Enter Desired Type Of Packet Capture In Lowercases - UDP Or TCP
+:";
chomp ($filter = <STDIN>);
print "Enter The File Name To Write Logs To:";
chomp ($filename = <STDIN>);
Net::PcapUtils::loop(\&sniffit,
Promisc => 1,
FILTER => $filter,
DEV => $interface);
# Packet Callback And Packet Display.
sub sniffit
{
my ($args,$header,$packet) = @_;
$ip = NetPacket::IP->decode(eth_strip($packet));
$tcp = NetPacket::TCP->decode($ip->{data});
$payload = $tcp->{data};
print "===============================================================
+=======\n";
print "=> Packet Type: $filter.\n";
print "=> Sender IP Address: $ip->{src_ip}\n";
print "=> Sender IP Address Port Being Used For The Connection: $tcp->
+{src_port}\n";
print "=> Destination IP Address: $ip->{dest_ip}\n";
print "=> Destination IP Address Port Being Used For The Connection: $
+tcp->{dest_port}\n";
print "=> Payload Found That Was Used For Connection: $payload\n";
print "===============================================================
+=======\n";
open(FILE, ">", $filename);
print FILE "=====================================================
+=================\n";
print FILE "=> Packet Type: $filter.\n";
print FILE "=> Sender IP Address: $ip->{src_ip}\n";
print FILE "=> Sender IP Address Port Being Used For The Connecti
+on: $tcp->{src_port}\n";
print FILE "=> Destination IP Address: $ip->{dest_ip}\n";
print FILE "=> Destination IP Address Port Being Used For The Con
+nection: $tcp->{dest_port}\n";
print FILE "=> Payload Found That Was Used For Connection: $paylo
+ad\n";
print FILE "=====================================================
+=================\n";
close(FILE);
}