ch17_18.htm

By Tom Christiansen and Nathan Torkington ISBN 1-56592-243-3 First Edition, published August 1998

<HTML
><HEAD
>
<TITLE>Recipe 17.17. Program: backsniff (Perl Cookbook)</TITLE>
<META
NAME="DC.title"
CONTENT="Perl Cookbook"><META
NAME="DC.creator"
CONTENT="Tom Christiansen &amp; Nathan Torkington"><META
NAME="DC.publisher"
CONTENT="O'Reilly &amp; Associates, Inc."><META
NAME="DC.date"
CONTENT="1999-07-02T01:44:45Z"><META
NAME="DC.type"
CONTENT="Text.Monograph"><META
NAME="DC.format"
CONTENT="text/html"
SCHEME="MIME"><META
NAME="DC.source"
CONTENT="1-56592-243-3"
SCHEME="ISBN"><META
NAME="DC.language"
CONTENT="en-US"><META
NAME="generator"
CONTENT="Jade 1.1/O'Reilly DocBook 3.0 to HTML 4.0"><LINK
REV="made"
HREF="mailto:online-books@oreilly.com"
TITLE="Online Books Comments"><LINK
REL="up"
HREF="ch17_01.htm"
TITLE="17. Sockets"><LINK
REL="prev"
HREF="ch17_17.htm"
TITLE="17.16. Restarting a Server on Demand"><LINK
REL="next"
HREF="ch17_19.htm"
TITLE="17.18. Program: fwdport"></HEAD
><BODY
BGCOLOR="#FFFFFF"><img alt="Book Home" border="0" src="gifs/smbanner.gif" usemap="#banner-map" /><map name="banner-map"><area shape="rect" coords="1,-2,616,66" href="index.htm" alt="Perl Cookbook"><area shape="rect" coords="629,-11,726,25" href="jobjects/fsearch.htm" alt="Search this book" /></map><div class="navbar"><p>
<TABLE
WIDTH="684"
BORDER="0"
CELLSPACING="0"
CELLPADDING="0"
><TR
><TD
ALIGN="LEFT"
VALIGN="TOP"
WIDTH="228"
><A
CLASS="sect1"
HREF="ch17_17.htm"
TITLE="17.16. Restarting a Server on Demand"
><IMG
SRC="../gifs/txtpreva.gif"
ALT="Previous: 17.16. Restarting a Server on Demand"
BORDER="0"></A
></TD
><TD
ALIGN="CENTER"
VALIGN="TOP"
WIDTH="228"
><B
><FONT
FACE="ARIEL,HELVETICA,HELV,SANSERIF"
SIZE="-1"
><A
CLASS="chapter"
REL="up"
HREF="ch17_01.htm"
TITLE="17. Sockets"
></A
></FONT
></B
></TD
><TD
ALIGN="RIGHT"
VALIGN="TOP"
WIDTH="228"
><A
CLASS="sect1"
HREF="ch17_19.htm"
TITLE="17.18. Program: fwdport"
><IMG
SRC="../gifs/txtnexta.gif"
ALT="Next: 17.18. Program: fwdport"
BORDER="0"></A
></TD
></TR
></TABLE
></DIV
><DIV
CLASS="sect1"
><H2
CLASS="sect1"
><A
CLASS="title"
NAME="ch17-chap17_program_0"
>17.17. Program: backsniff</A
></H2
><P
CLASS="para"
><A
CLASS="indexterm"
NAME="ch17-idx-1000004883-0"
></A
><A
CLASS="indexterm"
NAME="ch17-idx-1000004883-1"
></A
><A
CLASS="indexterm"
NAME="ch17-idx-1000004883-2"
></A
>This program logs attempts to connect to ports. It uses the Sys::Syslog module (it in turn wants the <EM
CLASS="emphasis"
>syslog.ph</EM
> library, which may or may not come with your system) to log the connection attempt as level LOG_NOTICE and facility LOG_DAEMON. It uses <CODE
CLASS="literal"
>getsockname</CODE
> to find out what port was connected to and <CODE
CLASS="literal"
>getpeername</CODE
> to find out what machine made the connection. It uses <CODE
CLASS="literal"
>getservbyport</CODE
> to convert the local port number (e.g., 7) into a service name (e.g, <CODE
CLASS="literal"
>&quot;echo&quot;</CODE
>).</P
><P
CLASS="para"
>It produces entries in the system log file like this:</P
><PRE
CLASS="programlisting"
><CODE
CLASS="userinput"
><B
><CODE
CLASS="replaceable"
><I
>May 25 15:50:22 coprolith sniffer: Connection from 207.46.131.141 to</I
></CODE
></B
></CODE
>
<CODE
CLASS="userinput"
><B
><CODE
CLASS="replaceable"
><I
>207.46.130.164:echo </I
></CODE
></B
></CODE
></PRE
><P
CLASS="para"
>Install it in the <EM
CLASS="emphasis"
>inetd.conf</EM
> file with a line like this:</P
><PRE
CLASS="programlisting"
><CODE
CLASS="userinput"
><B
><CODE
CLASS="replaceable"
><I
>echo    stream  tcp nowait  nobody /usr/scripts/snfsqrd sniffer</I
></CODE
></B
></CODE
></PRE
><P
CLASS="para"
>The program is shown in <A
CLASS="xref"
HREF="ch17_18.htm#ch17-14194"
TITLE="backsniff"
>Example 17.7</A
>.</P
><DIV
CLASS="example"
><H4
CLASS="example"
><A
CLASS="title"
NAME="ch17-14194"
>Example 17.7: backsniff</A
></H4
><PRE
CLASS="programlisting"
>#!/usr/bin/perl -w
# backsniff - log attempts to connect to particular ports

use <A
CLASS="indexterm"
NAME="ch17-idx-1000005984-0"
></A
>Sys::Syslog;
use Socket;

# identify my port and address
$sockname          = getsockname(STDIN)
                     or die &quot;Couldn't identify myself: $!\n&quot;;
($port, $iaddr)    = sockaddr_in($sockname);
$my_address        = inet_ntoa($iaddr);

# get a name for the service
$service = (getservbyport ($port, &quot;tcp&quot;))[0] || $port;
# now identify remote address
$sockname          = getpeername(STDIN)
                         or die &quot;Couldn't identify other end: $!\n&quot;;
($port, $iaddr)    = sockaddr_in($sockname);
$ex_address        = inet_ntoa($iaddr);

# and log the information
openlog(&quot;sniffer&quot;, &quot;ndelay&quot;, &quot;daemon&quot;);
syslog(&quot;notice&quot;, &quot;Connection from %s to %s:%s\n&quot;, $ex_address,
        $my_address, $service); 
closelog();
exit;<A
CLASS="indexterm"
NAME="ch17-idx-1000005786-0"
></A
><A
CLASS="indexterm"
NAME="ch17-idx-1000005786-1"
></A
><A
CLASS="indexterm"
NAME="ch17-idx-1000005786-2"
></A
></PRE
></DIV
></DIV
><DIV
CLASS="htmlnav"
><P
></P
><HR
ALIGN="LEFT"
WIDTH="684"
TITLE="footer"><TABLE
WIDTH="684"
BORDER="0"
CELLSPACING="0"
CELLPADDING="0"
><TR
><TD
ALIGN="LEFT"
VALIGN="TOP"
WIDTH="228"
><A
CLASS="sect1"
HREF="ch17_17.htm"
TITLE="17.16. Restarting a Server on Demand"
><IMG
SRC="../gifs/txtpreva.gif"
ALT="Previous: 17.16. Restarting a Server on Demand"
BORDER="0"></A
></TD
><TD
ALIGN="CENTER"
VALIGN="TOP"
WIDTH="228"
><A
CLASS="book"
HREF="index.htm"
TITLE="Perl Cookbook"
><IMG
SRC="../gifs/txthome.gif"
ALT="Perl Cookbook"
BORDER="0"></A
></TD
><TD
ALIGN="RIGHT"
VALIGN="TOP"
WIDTH="228"
><A
CLASS="sect1"
HREF="ch17_19.htm"
TITLE="17.18. Program: fwdport"
><IMG
SRC="../gifs/txtnexta.gif"
ALT="Next: 17.18. Program: fwdport"
BORDER="0"></A
></TD
></TR
><TR
><TD
ALIGN="LEFT"
VALIGN="TOP"
WIDTH="228"
>17.16. Restarting a Server on Demand</TD
><TD
ALIGN="CENTER"
VALIGN="TOP"
WIDTH="228"
><A
CLASS="index"
HREF="index/index.htm"
TITLE="Book Index"
><IMG
SRC="../gifs/index.gif"
ALT="Book Index"
BORDER="0"></A
></TD
><TD
ALIGN="RIGHT"
VALIGN="TOP"
WIDTH="228"
>17.18. Program: fwdport</TD
></TR
></TABLE
><HR
ALIGN="LEFT"
WIDTH="684"
TITLE="footer"><FONT
SIZE="-1"
></DIV<!-- LIBRARY NAV BAR --> <img src="../gifs/smnavbar.gif" usemap="#library-map" border="0" alt="Library Navigation Links"><p> <a href="copyrght.htm">Copyright &copy; 2002</a> O'Reilly &amp; Associates. All rights reserved.</font> </p> <map name="library-map"> <area shape="rect" coords="1,0,85,94" href="../index.htm"><area shape="rect" coords="86,1,178,103" href="../lwp/index.htm"><area shape="rect" coords="180,0,265,103" href="../lperl/index.htm"><area shape="rect" coords="267,0,353,105" href="../perlnut/index.htm"><area shape="rect" coords="354,1,446,115" href="../prog/index.htm"><area shape="rect" coords="448,0,526,132" href="../tk/index.htm"><area shape="rect" coords="528,1,615,119" href="../cookbook/index.htm"><area shape="rect" coords="617,0,690,135" href="../pxml/index.htm"></map> </BODY
></HTML
>