|
IP Tables , sniffers
Hi
is it possible to use IP Tables as part of a network sniffer ? I'm looking into developing something that uses them in c but not sure yet.... what do you think ? |
Hey,
You can accept every packet an add the log option, so that they are logged into syslog, but they are tools like tcpdump or ettercap or ethereal that does network sniffing your you... |
or simply use snort
|
thanks,
Im looking into using syslog. I've tried tcpdump, ettercap , ethereal and a handful of other network analysers , some were pretty good. But I'm really interested in creating my own network analyser. I set snort up on the computer but I havent gotten to try it yet. I thought snort was only an intusion detection system. anyway thanks again |
Loggin using iptables is not a very good idea, because it's not designed for this. Instead, you can write your own customized code using libpcap library. That's the one tcpdump uses. libpcap handlessniffing, writing packets to files and many interesting things.
|
Someone in IBM came up with a way to do it(1) but it involves using kernel modules (firewall hooks) and for some reason the /usr/src/ directroy does'nt have the linux directory. I've downloaded kernel-source for 2.4.18 but its going to take me a long time to work out how to program kernel modules and add and remove them.
Yeah I've been reading alot about libpcap, it looks good. Easy enough to pick up(compared to the kernel modules). Alot of the network analysers ive been looking at use it. I worked through a few tutorials (2) so i think i might just build my analyser using that.... (1)https://www6.software.ibm.com/develo...ket/index.html (2)http://www.cet.nau.edu/~mc8/Socket/T.../section1.html |
I built a system using lipcap it went pretty good. I also tried out using ulogging with IP Tables, for analysis but I couldnt get it working yet though.
Finally I developed a system using the Log files from IP Tables. I set the logging options on the IP Table rules and was able to get the log info from /var/log/kern.log files. I then used java to open the file and analysis the info.. I have to say Java is the business.... thanks for all the help.....:) |
| All times are GMT -5. The time now is 08:55 PM. |