Parse tcpdump for HTTP Request Response Headers

From: Raja <raja.osu@xxxxxxxxx>
Date: Sun, 29 Jul 2007 18:10:11 -0000

Hi,

Iam pretty new to Perl. I have a requirement of parsing tcpdump file
to extract HTTP Request/Response headers, corresponding to successful
requests that have query strings. This, I have done using the
Net::Analysis package. But I have the additional requirement of
writing out the headers to different files based on the server program
being requested (like...all requests/responses corresponding to
example.com/login.pl, should go to one file).

I realised that the command:
perl -MNet::Analysis -e main HTTP Example3.pm tcpdump.file

invokes the .pm file for each line of the dump file. I was initially
thinking of opening one file handle for each unique server program and
writing the headers accordingly...But if the .pm file is invoked per
line of the input file, this does not seem possible. Iam very new to
Perl and am not able to think of the best way to get this done. Could
you please help me out in this regard? I have pasted below the simple
parser which reads the tcpdump file and prints out the request/
response headers for successful requests with query strings.

Thanks a lot,
Raj

use strict;
use warnings;
use base qw(Net::Analysis::Listener::Base);
use URI;
use URI::QueryParam;

sub http_transaction {
my ($self, $args) = @_;
my ($req) = $args->{req}; # isa HTTP::Request
my ($resp) = $args->{resp}; # isa HTTP::Response
my $u;

# if ( $args->{req} ) { printf "%s\n", $req->as_string; }
# if ( $args->{resp} ) { printf "%s\n", $resp-

headers_as_string; }

if ( $args->{req} && $args->{resp} && (lc($req->method) eq "get"))
{
$u = URI->new($req->uri, "http");
if ( $u->query && ($resp->code >= 200 && $resp->code < 300))
{
print $req->as_string,"\n";
print $resp->headers_as_string,"\n";
print "Method: ", $req->method,"\n";
print "URI: ", $req->uri,"\n";
print "QUERY: ", $u->query,"\n";
for my $key ($u->query_param) {
print "$key: ", join(", ", $u->query_param($key)), "\n";
}
}
}
}

1;

.

Prev by Date: Re: CGI::Simple::Standard and CGI::Alert authors are unresponsive
Next by Date: Re: CGI::Simple::Standard and CGI::Alert authors are unresponsive
Previous by thread: Net::Analysis Parse tcpdump for HTTP Request/Response Headers
Next by thread: [RFC]Class::Lazy - Yet another lazy object construction module
Index(es):
- Date
- Thread

Relevant Pages

Re: OT - Blue Frog
... Blue Frog doesn't use the headers to determine where to send opt out ... If these opt-out requests crash their servers it's because of one of ... They must scale their solicitations down to be commensurate ...
(uk.media.radio.archers)
Cache-control and Expires headers
... I'm using a wildcard mapping so that all requests go via ... Then I'm using an HttpModule to look at all the requests and do some ... either no Expires header, or at least something with a long expiration date, ... PostRequestHandlerExecute) nothing happens since the headers have already ...
(microsoft.public.dotnet.framework.aspnet)
Net::Analysis Parse tcpdump for HTTP Request/Response Headers
... writing out the headers to different files based on the server program ... response headers for successful requests with query strings. ...
(comp.lang.perl.modules)
Re: urllib - changing the user agent
... > those headers to be added to all requests). ... This, however, does not stop the original User-agent header to be sent, ... #Override the default OpenerDirector Class Init. ...
(comp.lang.python)
Re: Had this from Royal Mail.. Its easy to arrange Redelivery
... He insists he used a url printed on the card left by rm. ... Has anyone stopped to ask themselves whether any of these requests ... been mistakenly posted on a message board? ... if they haven't been successful ...
(uk.people.consumers.ebay)