View Single Post
Old 07-19-2006, 02:26 AM   #1
julien
Human being with feelings
 
Join Date: Jul 2006
Posts: 16
Default Patch "v0.1-c": adding pcap filter option

This patch allows to specify a real pcap filter to assniffer in order to sniff only relevant traffic.

Before, assniffer was sniffing all traffic, then using parsing traffic on ports 80 and 8080 only (or everything using "-allports" option).

Now, using "-f" option, you can specify a filter passed to libpcap (the option "-allports" has been removed). Without "-f" option, libpcap will listen only ports 80 and 8080 like before.

The patch also includes patch "v0.1-b" which allows to create subdirectories by client IP addresses.

The patch also includes patch "v0.1-a" which allows to read pcap files directly instead of listening from a network interface.

This has been tested under Linux only.

How-To patch:

First of all, download the attached patch file (patch_0.1-c.zip) in /tmp for example.

1. wget http://www.cockos.com/assniffer/assniffer01.zip
2. unzip assniffer01.zip
3. cd source
4. mv wdl WDL
5. cp /tmp/patch_0.1-c.zip .
6. unzip patch_0.1-c.zip
7. patch -p1 < patch_0.1-c
8. cd assniffer
9. make


How-To use (example):
1. ./assniffer output_dir -f "tcp and host XX.XX.XX.XX and port 81"
julien is offline   Reply With Quote