Packer for dsniff.db

Good time of day.

Putting dsniff for experiments, after a couple of days I found out that he had collected an incredible amount of garbage from all sorts of different banner networks and it became impossible to read the log of work.
After searching the Internet for editing log scripts I decided to write my own.

The script first goes through all the records in the database and deletes the records according to regexp, then simply parses the structure of the dsniff record and displays the result.

#!/usr/bin/perl use strict; use DB_File; use Socket; my $filename = $ARGV[0]; tie my %h, 'DB_File', $filename, undef, 0644, $DB_BTREE ; foreach my $key (keys %h) { if($h{$key} =~ / adriver\.ru|google-analytics\.com|ad\.doubleclick\.net|tns-counter\.ru|ads\.adfox\.ru|a\.adwolf\.ru /) { delete $h{$key}; } } foreach my $key (keys %h) { my ($time,$srcaddr,$dstaddr,$proto,$sport,$dport,$servicename,$datalength,$data) = unpack('NIINNNN/A* NA*',$h{$key}); if($datalength eq 0) { ($data) = unpack("C/A*",$data); } my $srchostname = gethostbyaddr(pack("N",$srcaddr),AF_INET) || join ('.',unpack("C4",pack("N",$srcaddr))); my $dsthostname = gethostbyaddr(pack("N",$dstaddr),AF_INET) || join ('.',unpack("C4",pack("N",$dstaddr))); my $protoname = getprotobynumber($proto); print "------------------------\n",scalar localtime($time)," $protoname ",$srchostname,":$sport -> ",$dsthostname,":$dport (",$servicename,")\n",$data,"\n\n"; } untie %h; 

Everything is simple as 2x2, but I did not find a similar tool. It may be useful to someone.
Aborche 2012