Skip to topic | Skip to bottom
Note: Included topic Gulli.WebTopBar? does not exist yet
Gulli
Gulli.GSniffr1.1 - 02 Jun 2005 - 21:11 - TWikiGuesttopic end

Start of topic | Skip to actions

gsniff

gsniff is part of the gullibloon framework (http://gullibloon.org). as the name implies, gsniff is a (libpcap based) packetsniffer whose primary output channel is OSC.

as gsniff replaces tcpdump2OSC.pl it is made to be compatible with tcpdump2OSC.

requirements

build / install

a simple makefile is supplied, autoconf later.

to build, adjust makefile and run: make

build and / or install libpcap and liblo beforehand (debian: apt-get install liblo0-dev libpcap0.8-dev).

usage

sudo ./gsniff    
  -f "pcap filter string"
  -s the OSC sendport
  -l the OSC listenport
  -h the OSC sendhost
  -o enable outgoing OSC messages
  -t enable text pinting to console
  -p enable sending header info for every packet
  -i the network device used for sniffing

gsniff listens (until now) for filter update messages on the OSC port given with the -l switch.

messages

in  
  msg argument types description
  /filter s filter string in pcap syntax (man tcpdump)
  /enable_osc_out NULL toggle outgoing OSC msgs
  /enable_txt_out NULL toggle console output
  /enable_packets NULL toggle sending packet header info

out
  msg argument types description
  /new/host si IP-adress localflag
  /new/connection sisiiiiii sourcehost sourcport desthost destport protocol timestamp packetcount bytecount subtype
      protocol: 1: IPPROTO_ICMP,
6: IPPROTO_TCP,
17: IPPROTO_UDP
      subtype: subtype of simpler protocols live icmp, arp
  /host si update status of this host already known
  /connection sisiiiiii update status of this connection already known: new byte-count, new packet-count
  /delete/host si remove host from network: host, localflag, timestamp
  /delete/connection sisiiiiii remove connection: shost, sport, dhost, dport, protocol, time, pkt_cnt, byte_cnt
  /tcpdump iiiiiiiiiiiisiiii proto sip1 sip2 sip3 sip4 sport dip1 dip2 dip3 dip4 dport len ymd h m s us

tcpdump2OSC outgoing*

  • /new/host IP-adress localflag
    new host has appeared on the ethernet. is it local to our subnet?.
  • /new/connection sourcehost sourcport desthost destport protocol timestamp packet-count byte-count *subtype*
    protocol
    protocol-id, 0 = ICMP, 1 = TCP, 2 = UDP, 3 = ARP (missing: IPX, SMB, ...)
    subtype
    subtype of simpler protocols live icmp, arp
  • /host update status of this host already known
  • /connection update status of this connection already known: new byte-count, new packet-count
  • /delete/host remove host from network: host, localflag, timestamp
  • /delete/connection remove connection: shost, sport, dhost, dport, protocol, time, pkt_cnt, byte_cnt
  • /tcpdump proto sip1 sip2 sip3 sip4 sport dip1 dip2 dip3 dip4 dport len ymd h m s us

download

references:


to top

I Attachment Action Size Date Who Comment
gsniff.tar.gz manage 22.8 K 14 Apr 2005 - 06:32 JuanChanson gsniff source tar

Gulli.GSniff moved from Gulli.Gniff on 15 Mar 2005 - 21:18 by JuanChanson - put it back
You are here: Gulli > GSniff

to top

Copyright © 1999-2017 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback