Skip to content


Subversion checkout URL

You can clone with
Download ZIP
Media captured from the ether for your viewing pleasure
Erlang JavaScript Shell
Latest commit 9504780 @msantos Fix build as dep
Failed to load latest commit information.
ebin Update for epcap message format change
priv/www peep: add a placeholder
src Fix build as dep
.gitignore HTTP content sniffer
Makefile Check for deps Update readme
rebar.config Fix build as dep Remove path to epcap's pkt

Easily capture media for offline viewing. Your's and possibly everyone else's too.

perv watches the network for web traffic and dumps the content to your hard drive. On a hubbed or public wifi network, this includes everyone else's web browsing too. perv works with any media streamed over HTTP including Internet radio and streaming video sites like YouTube and InfoQ.

perv is really just a drifnet clone ( written in Erlang but differs in that it parses the HTTP response rather than pulling media types out of a binary stream.


  1. Get the source code

    git clone git://

  2. Compile perv



perv:start() -> ok

perv:start(Options) -> ok

Types   Options = [EpcapArgs | Keyword]
        EpcapArgs = list()
        Keyword = [exclude]

See epcap documentation for options.

perv will try to find the default interface to snoop (and will
probably get it wrong if there is more than one network interface). To
exclude the local host from packet dumps, use:

> perv:start(exclude).

To override the defaults, manually specify the device using the
epcap options, e.g.:

> perv:start([
        {interface, "eth0"},
        {filter, "tcp and src port 80 and not host"}]).

Content is written to priv/files/<mime type>.

A trace file containing the HTTP response is written to priv/tmp. The
trace file can be unpacked by using pervon:content/3.

pervon:content(Path, Name, Response) -> ok

Types   Path = string()
        Name = string()
        Response = binary()

"Path" is a directory where the media in the HTTP response will
be unpacked.

"Name" is the suffix prepended to file names. Since the HTTP response
can contain many files, the result of erlang:now/0 is appended to the
name with the file type as the extension. The file type is derived
from the "Content-Type" header.

"Response" is the HTTP response.

peep:start() -> ok


  • To start sniffing, specify the interface to use:

    perv:start([{interface, "eth0"}]).

  • By default, all traffic on port 80 is captured. If you want to exclude your IP address, modify the pcap filter. For example, if you are using the device "en1" with an IP address of "":

    perv:start([{interface, "en1"}, {filter, "tcp and port 80 and not"}]).

  • To replay data from a pcap file (for example, captured using tcpdump):

    perv:start([{file, "/path/to/file.pcap"}]).

  • perv includes a very basic web interface:


Then open a browser: http://localhost:8889/

  • To unpack the HTTP response:

    {ok, Response} = file:read_file("priv/tmp/"). pervon:content("/tmp/content_dir", "suffix", Response).


  • peep is really ugly, fix it

  • handle large files, possibly by periodically writing out the buffered data to disk in the fsm. Since the files are buffered, downloading very large files can exhaust the memory of the Erlang node, causing it to hang or crash.

  • pervon:content/3 should return a list of tuples containing the name, file type and file contents, rather than writing them directly to disk

  • add option to enable/disable debug messages and tracing

  • have peep only display images over a certain size

Something went wrong with that request. Please try again.