#!/usr/bin/perl
#
# nc.sniffer.pl v0.04 9-11-06
# Copyright 2006, Michael Robinton, michael@bizsystems.com
# See GPL notice in Net::Connection::Sniffer
#
use strict;
use lib qw(blib/lib);
use Net::Connection::Sniffer;
local $^W = 1;	# use warnings

#########################################################
#     For most unix systems, this should work as is	#
#########################################################

my $config = {

# specify the directory for the pid file for this daemon.
# The directory must exist and have writable permissions.
# [required]
#
	piddir	=>  '/var/run/nc.sniffer',

# specify the directory for the statistics file for this 
# daemon. The directory must exist and have writable
# permissions
# [required]
#
	sniffer	=>  '/var/run/nc.sniffer',

# BPF filter statement. See examples below.
# [required]
#
	bpf	=> 'src host myhost.com and tcp port 80',

# size of the portion of packet to capture, defaults
# to the minimum size necessary to determine the
# source and destination IP addresses and port numbers
# [optional]		ETH_head + IPV4_head + 4

#	snaplen	=> 38,

# filter condition: payload must contain this string.
# case insensitive match of the payload data to this string. 
# [optional]

#	match	=> 'somestring',

# filter condition: payload must NOT contain this string.
# case insensitive match of the payload data to this string.
# [optional]

#	nomatch	=> 'some.other.string',

# offset of the payload from the packet start
# typically at least 60 for tcp, 44 for udp
# [optional]... but [required] for 'match', 'nomatch'
#
#	payload	=> 44,

# UDP listen port to trigger a dump file
# [optional]
#
	port	=> 10004,

# HOST address on which to listen for dump request
# may be one of a HOSTNAME, IP address, or
# strings 'INADDR_ANY', 'INADDR_LOOPBACK'
# [optional] default 127.0.0.1 == INADDR_LOOPBACK
#
	host	=> 'INADDR_LOOPBACK',

# ALLOWED connecting host(s)
# may be HOSTNAME or IP address
# [optional] default 127.0.0.1
#
	allowed	=> ['127.0.0.1',],

};
local $^W = 0;	# no warnings
gather($config);