using erlang to sniff network

Luke Gorrie luke@REDACTED
Wed Apr 28 13:55:09 CEST 2004


"Geib, Mark" <Mark.Geib@REDACTED> writes:

> Is it possible to use erlang to open a network device for sniffing...in
> order to analyze traffic, etc. I need to see all the traffic on a
> device, and I can run as root. This is on linux.

Oops, I forgot I have a program to do this. I just checked it into the
Jungerl (sourceforge project 'jungerl') as the 'psocket' application.

It opens an external port program that uses a PACKET(7) socket to
read/write ethernet on some existing network interface (which is also
how pcap/tcpdump works).

You use it like this:

  $ sudo ~luke/hacking/jungerl/bin/jerl
  Erlang (BEAM) emulator version 5.3 [source] [hipe]

  Eshell V5.3  (abort with ^G)
  1> psocket:open("eth0").
  {ok,#Port<0.29>,
      <<0,8,116,228,110,188>>}
  2> flush().
  Shell got {#Port<0.29>,
             {data,<<255,255,255,255,255,255,0,48,72,66,201,78,8,6,0,1,8,0,6,4,0,1
  ,0,48,72,66,201,78,192,168,128,3,0,0,0,0,0,0,192,168,128,245,0,0,0,0,0,0,0,0,0,0
  ,0,0,0,0,0,0,0,0>>}}
  ok

I originally wrote it for a very specific purpose so it's not very
featureful. Let me know if you have any questions. You might also like
to look at the tuntap application in Jungerl, which is kinda similar.

If you want code for actually pulling apart TCP/IP packets with the
bit syntax then I think Tony Rogvall might be able to help you.

-Luke



More information about the erlang-questions mailing list