View Single Post
Old 07-19-2006, 02:26 AM   #1
Human being with feelings
Join Date: Jul 2006
Posts: 16
Default Patch "v0.1-c": adding pcap filter option

This patch allows to specify a real pcap filter to assniffer in order to sniff only relevant traffic.

Before, assniffer was sniffing all traffic, then using parsing traffic on ports 80 and 8080 only (or everything using "-allports" option).

Now, using "-f" option, you can specify a filter passed to libpcap (the option "-allports" has been removed). Without "-f" option, libpcap will listen only ports 80 and 8080 like before.

The patch also includes patch "v0.1-b" which allows to create subdirectories by client IP addresses.

The patch also includes patch "v0.1-a" which allows to read pcap files directly instead of listening from a network interface.

This has been tested under Linux only.

How-To patch:

First of all, download the attached patch file ( in /tmp for example.

1. wget
2. unzip
3. cd source
4. mv wdl WDL
5. cp /tmp/ .
6. unzip
7. patch -p1 < patch_0.1-c
8. cd assniffer
9. make

How-To use (example):
1. ./assniffer output_dir -f "tcp and host XX.XX.XX.XX and port 81"
julien is offline   Reply With Quote