ruby TCP 抓包工具

抓包工具包括ruby版本和perl版本

ruby 抓包代码

require 'rubygems'

ip = "your ip"
cmd = "/usr/sbin/tcpdump -lnA -s 0" #  dst host #{ip} or src host #{ip}

f = IO.popen(cmd) do |f|
  while true
    packet = f.read(1024*100)
    cap = /(\d+\.\d+\.\d+\.\d+).+ > (\d+\.\d+\.\d+\.\d+)/.match(packet)
    if cap
      client,host  = cap[1],cap[2]
      #put 请求方法 ,这个可以根据你抓包的类型，进行自定义过滤
      reg = /(\?xml|HTTP|XMLHttpRequest|XMLRequest|XMLSchema|XMLSchema-insta0x|XML|GET|POST|WWW-Authenticate|Authorization).+/i
      method =  reg.match(packet)
      if method
        puts "source:#{client} > dest:#{host}"
        puts "method is #{method[1]}"
        puts "data >>>"
        puts method
      end#end if method 
    end

  end
end

perl 抓包代码

#!/usr/bin/perl                                                                                                                 

$LIMIT = shift || 50000000;

$|=1;
open (STDIN,"/usr/sbin/tcpdump -lnx -s 0  |"); #dst host ip or src host ip
while (<>) {
    if (/^\S/) {
    last unless $LIMIT--;
    while ($packet=~/(HTTP|XMLHttpRequest|XMLRequest|XMLSchema|XMLSchema-insta0x|XML|GET|POST|WWW-Authenticate|Authorization).+\
/g)  {
        print "$client -> $host\t$&\n";
        }
        undef $client; undef $host; undef $packet;
        ($client,$host) = /(\d+\.\d+\.\d+\.\d+).+ > (\d+\.\d+\.\d+\.\d+)/
            if /P \d+:\d+\((\d+)\)/ && $1 > 0;
    }
    next unless $client && $host;
    s/\s+//;
    s/0x[0-9a-f\s]+://;
    s/0x:[\s]+//;
    s/\s+//;
    s/([0-9a-f]{2})\s?/chr(hex($1))/eg;
    tr/\x1F-\x7E\r\n//cd;
    $packet .= $_;
}