Hi Everyone, 

    I have a bit of a strange situation.  I have a Cisco router that is
    sending me a complete copy of a certain MAC addresses' IP traffic. 
    The traffic is encapsulated in a UDP packet and sent to a specific
    port on one of my servers. 

    My ultimate goal is to be able to isolate the HTTP traffic and pull
    out all sites and URLs visited by this host. I was told that
    ethereal was probably my best bet at not having to write code to
    decode the HTTP packets. 

    The problem is, ethereal only sees it as a bunch of UDP packets. I
    tried redirecting the raw stream to ethereal's STDIN, but it only
    wants libpcap formatted files via pipes or files. 

    I keep running into the fact that my little Perl UDP server running
    on port 3000 isn't a real network device. 

    Any ideas on how I can fake ethereal into taking the raw stream,
    fake the stream into a device, or output the stream in libpcap
    format? 

    Any help would be appreciated. 

    P.S. In case you are wondering, this is not a malicious exercise. 
         I'm sniffing my own server's traffic, not someone else's. 

 ---------------------------------
   Frank Wiles <frank@wiles.org>
   http://frank.wiles.org
 ---------------------------------