Friday, November 19, 2004

iptraffic update 4
I've just uploaded the latest revision to iptraffic (I need to come up with a better name; any suggestions?). This release includes the following enhancements:

Support for STP (Spanning Tree Protocol).

(pid - packet ID) to allow for tracking across all tables.

Added 'pid' (A unique identifier) and 'timestamp' to the Ethernet table.

An updated table build script to cover the above listed enhancements.

On an interesting note; while searching for relevant code I plugged perl sniffer into Google. I was surprised to note that this project is now the 2d item listed in that search. I was amazed! Hopefully this work will pay off. My thanks goes out to those who have provided support. I'll be adding those details in the future.
posted @ 01:04 PM EST [link]

Tuesday, November 16, 2004

iptraffic - updated sniffer code
I've got another quick release of my perl sniffer. The code now supports a unique identified across all tables to track packet flow. All data parses across the appropriate tables (where I have the decoders developed). This is now a reasonable baseline for me to start writing more protocol decodes. Check out the latest source here.
posted @ 08:27 AM EST [link]

Monday, November 15, 2004

Update to iptraffic (Perl Sniffer)
I realized this weekend that I posted a bad piece of code for building the MySQL tables for iptraffic. I've uploaded the corrected code here (right-click and select 'Save As' to download this file). I hope this makes my intented goals more clear. I'm currently researching 'table joins' so that I can properly track the packet flow across these multiple tables.
posted @ 10:31 AM EST [link]

Friday, November 12, 2004

Update to iptraffic (Perl Sniffer)
I've got a quick update to my rough Perl Sniffer. This new code allows you to dump all data to a series of MySQL tables. I do not yet have the code or logic to properly link these tables and track the flow of packets yet. I'm researching "table joins" and the relevant code to do so. In the meantime, go check out my iptraffic project page. As always, your comments and feedback are welcome.
posted @ 11:34 AM EST [link]

Wednesday, November 10, 2004

iptraffic - initial code release
To anyone that's been waiting, my first piece of code has just been posted. This is a very rough piece of Perl code to sniff network traffic. This first piece of code sniffs packets and displays the information on the screen. I've already developed code to dump this into MySQL, but I'm posting this code with the goal of getting constructive feedback so that I can learn and improve the code as work progresses. The initial code is very simple, structured, and easy to read. Let me know what you think.
posted @ 02:08 PM EST [link]

Friday, November 5, 2004

iptraffic - rough code to be posted shortly
I've been putting together some pieces of my PERL-based sniffer project known as iptraffic. I've put up some details concerning initial setup for PERL and I'm working on some rough schema details. Please go take a peek here. Since this is a learning experience for me with PERL and packet analysis, I'm very open to your comments and feedback.
posted @ 11:28 AM EST [link]

November 2004
S	M	T	W	T	F	S
	1	2	3	4	5	6
7	8	9	10	11	12	13
14	15	16	17	18	19	20
21	22	23	24	25	26	27
28	29	30

Navigation:

Home
Archives
About Me
Articles
Email
News Feed
Projects

My Blogroll:

Security Advisories:

Anti-Phishing
AUSCERT
BugBlog
CERIAS
CERT
CIAC
Cisco Advisories
F-Secure
iDefense
ISS XForce
McAfee
Windows Security
Oracle Alerts
Secunia
Security Corporation
Security Focus
Security Tracker
SGI Advisories
Sun Alerts
Symantec
Trend Micro
Zone-H

Defacements Archive:

Zone-H Digital Archive

Security News:

DShield
Help Net Security
Internet Storm Center
Linux Security
NewsNow: Encryption/Security
NewsNow: Hacking
Packet Storm
Securiteam
Security News Portal
Security Stats
Security Focus
Risks Digest
Zone-H

Security Tools:

Packet Storm
Astalavista
Help Net Security
Packet Factory
Security Focus