This patch allows to specify a real pcap filter to assniffer in order to sniff only relevant traffic.
Before, assniffer was sniffing all traffic, then using parsing traffic on ports 80 and 8080 only (or everything using "-allports" option).
Now, using "-f" option, you can specify a filter passed to libpcap (the option "-allports" has been removed). Without "-f" option, libpcap will listen only ports 80 and 8080 like before.
The patch also includes patch "v0.1-b" which allows to create subdirectories by client IP addresses.
The patch also includes patch "v0.1-a" which allows to read pcap files directly instead of listening from a network interface.
This has been tested under Linux only.
First of all, download the attached patch file (patch_0.1-c.zip
) in /tmp for example.
1. wget http://www.cockos.com/assniffer/assniffer01.zip
2. unzip assniffer01.zip
3. cd source
4. mv wdl WDL
5. cp /tmp/patch_0.1-c.zip .
6. unzip patch_0.1-c.zip
7. patch -p1 < patch_0.1-c
8. cd assniffer
How-To use (example):
1. ./assniffer output_dir -f "tcp and host XX.XX.XX.XX and port 81"