“wcap is a packet sniffer that displays URLs. It is is an application that puts your ethernet interface in promiscuous mode and listens for web requests, displaying a nicely formatted list of URLs that have been requested. The information it obtains is not magical and is the same sort of stuff you can get from running tcpdump–it is just specifically parsed and formatted to make the requested URLs available at a glance.”
Similar to EtherPEG (which Kim is fond of calling Ether PIG), which I used over the weekend at the hotel, I’ve released wcap. While EtherPEG shows pictures, wcap shows URLs. There are a million other clones of this kind of functionality out there (I’ve written much the same many times before in shell scripts with tcpdump and grep/sed/awk.) This particular app and source code is being released to the Creative Commons because I did the work and thought I should share. I did the work because I needed to reacquaint myself with the libpcap interface for an upcoming project at work. It sniffs the network for web requests and extracts out the URLs being requested. It is not really rocket science, but does seem to amaze and confuse those that are not familiar with network protocols.
See also: wmap