[vox-tech] network blinken lights experiment

vox-tech@lists.lugod.org vox-tech@lists.lugod.org
Mon, 19 May 2003 15:00:57 -0700 (PDT) 

On Mon, 19 May 2003, dylan wrote:

> hi --
> 
> in the wee hours of the night (when one is normally sleeping...) i was
> tinkering around with a BS2 module (basic stamp 2) and how it can interact
> with a PC via the serial bus.
> 
> Here is my question - is it possible for a shell script / perl script to
> monitor a filtered data stream from 'tcpdump' -- looking for key pieces of
> text. when there is a match on say "FTP"  or "WWW" or "SSH", the shell
> script or perl script would output a single byte of data to the serial port:
> 
> for example:
> 
> $tcpdump | grep -v stuff_to_filter | some_perl_or_shell_script > /dev/ttyS0
> 
> so for every packet with a header that matches
> 
> SSH   --> output a '1'
> WWW   --> output a '2'
> FTP   --> output a '3'   .... and so on.
> 
> the basic stamp would be listening for data on the serial port, in single
> byte chunks from 1 - 9 (or a - z, or whatever). based on the byte it
> receives it would set a corresponding I/O pin high, short pause, then low.
> the I/O pins would be connected to LEDs -- which would yield a crude display
> what what kind of traffic exists on the network -> by blinking various LEDs.
> 
> is it possible to search streams of data like this, and would such a search
> actually provide reliable information?
> 
> any ideas?

I wonder if using tcpdump would be the best way of doing this... 

And yes, you could do the whole thing via perl using perl regular 
expressions.  Either do a open INBUF, "tail -f <file> |"; or maybe 
there is a way to do it completely in perl.  I haven't had to do this
and the cookbook is not handy at the moment... You can then have perl 
open the serial port, and send the byte chunk that way.  IE, A basic 
script would be: 

open INBUF, "tail -f <file> |"; 

while (<INBUF>) { 

	if (/My Happy Regexp/) { 

		open OUT, "/dev/ttyS0"; 
		print OUT, "MYBYTE\n";
		close OUT;
	}
}


I didn't run that thru the interpreter, so I may have done something
boneheaded in my syntax.  

Back to tcpdump, if you have netfilter logging in your kernel, you 
can always enable logging that way.  I'm not sure if that's the way
you want to go. 

Mike