# -sam k (commport5@lucidx.com)

use pdump::Sniff;

sub check_web {
 my ($alla, $call, $nite, $headers) = ($offset_all, $_[2], 0);
 $time = timem();
 $untm = time();
 $time =~ s/^.*?\.(.*?)$/$1/;
 $packet_all->bset($call, $alla);
 $prt = $packet_all->proto;
 $prt =~ /^(.{1})/;
 $prot = uc($1);
 $proto = $prt;
 ($vers,$ihl,$tos,$tot,$id,$frg,$ttl,$pro,$chc,$saddr,$daddr,$sport,$dport,$seq,$aseq,$dof,$res1,$res2,$urg,$ack,$psh,$rst,$syn,$fin,$win,$chk,$data) =
 $packet_all->get({ip=>['version','ihl','tos','tot_len','id','frag_off','ttl','protocol','check','saddr','daddr'],tcp=>[
 'source','dest','seq','ack_seq','doff','res1','res2','urg','ack','psh','rst','syn','fin','window','check','data']});
 $seq =~ s/^-//;
 if ($dmth) {
  $flags = unpack("B8", substr($call, $allo+20+13, 1));
  substr($flags, 6, 1) == '1' || substr($flags, 7, 1) == '1';
  %pd = &getpckt($allo);
  if ($nons) {
   $sname = $pd{'saddr'};
   $dname = $pd{'daddr'};
   $stest = $sname;
   $dtest = $dname;
  }
  else {
   $sname = $pd{'shost'};
   $dname = $pd{'dhost'};
   $stest = $pd{'saddr'};
   $dtest = $pd{'daddr'};
  }
 }
 else {
  if ($nons) {
   $sname = &ip2dot($saddr);
   $dname = &ip2dot($daddr);
   $stest = $sname;
   $dtest = $dname;
  }
  else {
   $sname = &ip2name($saddr);
   $dname = &ip2name($daddr);
   $stest = &ip2dot($saddr);
   $dtest = &ip2dot($daddr);
  }
 }
 unless ($nosv) {
  @sserv = &port2serv($sport, $proto);
  @dserv = &port2serv($dport, $proto);
 }
 if ($sserv[0]) {
  $stype = $sserv[0];
 }
 else {
  $stype = $sport;
 }
 if ($dserv[0]) {
  $dtype = $dserv[0];
 }
 else {
  $dtype = $dport;
 }
 if ($nofl and !$fl) {
  $dname =~ s/^([^\.]+)\..*?$/$1/;
  $sname =~ s/^([^\.]+)\..*?$/$1/;
 }
 if (($type, $waddr) = $data =~ /(GET|POST) (.+) HTTP/i) {
  if ($waddr =~ /\.(?:htm|html|shtm|phtm|pthml|shtml|xml|asc|txt|php3|php4|asp|cgi|pl)$/ or $waddr =~ /\/[^\.]*?$/ or $waddr =~ /\.(?:cgi|asp|php|xml|asc|pl)/) {
   $faddr = "http://" . $dname . $waddr;
   if ($ntsbr) {
    if ($ntshst) {
     if ($raddr eq $stest) {
      system("netscape -remote 'openURL($faddr)'");
      $wbsn++;
     }
    }
    else {
     system("netscape -remote 'openURL($faddr)'");
     $wbsn++;
    }
   }
   else {
    $wbsn++;
   }
   if ($wbsn) {
    print "pdump: $stest has connected to $faddr with the $type method\n";
   }
   $top++;
   if ($amt and $top == $amt) {
    die "\r$amt packets recieved by filter\n";
   }
  }
 }
}

1;