比較有名的 Wireshark 就不用多說了
不過 wireshark 比較龐大一點
以下幾個比較輕便型的
SmartSniff http://www.nirsoft.net/utils/smsniff.html
- for windows
- 查看每個封包
HTTPNetworkSniffer http://www.nirsoft.net/utils/http_network_sniffer.html
- for windows
- 針對 port 80
- 用 perl 搭配 tcpdump
- 不過不太容易視別
WebSiteSniffer http://www.nirsoft.net/utils/web_site_sniffer.html
- for windows
- 一樣針對 port 80 ,也順便統計數量,是查那個 domain 被大量連線的好工具
Ngrep + Perl : http://ssorc.tw/?p=1025
#!/usr/bin/perl
#
use strict;
my $limit = shift || 5000;
$|=1;
open (STDIN,"/usr/bin/ngrep -Wsingle -n$limit '(POST|GET)' dst port 80 |");
while (<>) {
chomp();
if ($_ =~ /^T /) {
my $where = $_;
$where =~ s/ \[AP\] .*|^T //g;
my $get = $_;
$get =~ s/.* \[AP\] //g;
my %get_hash = ();
my $is_action;
foreach (split/\.\./,$get) {
chomp();
my $name = $_;
if ($_ =~ /^GET /) {
$name =~ s/^GET | HTTP\/.*//g;
$get_hash{'action'} = "$name";
$is_action = 'GET';
} elsif ($_ =~ /^POST /) {
$name =~ s/^POST | HTTP\/.*//g;
$get_hash{'action'} = "$name";
$is_action = 'POST';
} elsif ($_ =~ /Host: /) {
$name =~ s/Host: //g;
$get_hash{'host'} = "$name";
}
}
print "\n(--) $where => $is_action http://" . $get_hash{'host'} . "" . $get_hash{'action'};
}
}http://ssorc.tw/3427
No comments:
Post a Comment