05-28-2008
netlink and libpcap
"libpcap" can provide you quickest implementation. "netlink" will be very much kernel centric. See tcpdump source code for generic/finer level implmentation.
10 More Discussions You Might Find Interesting
1. IP Networking
How can UNIX systems obtain IP addresses? Can it obtain from Win 2000 Server, DHCP service, dynamically? (1 Reply)
Discussion started by: Raael
1 Replies
2. UNIX for Dummies Questions & Answers
say I have a IP address which is 10.0.0.12, and subnet mask is 255.255.255.240, what is the network address and what is the broadcast address which host lives on?
And could you explain how to get the answer?
thanx in advance! (7 Replies)
Discussion started by: pnxi
7 Replies
3. IP Networking
Hello, this is my first post on the Unix forums. This is something that's been bothering me for a while, is there any particular UNIX/Linux application that will allow you to see you external IP address? :confused: ( The address beyond your router )
Thank you in advance, I could not find a... (4 Replies)
Discussion started by: inquen
4 Replies
4. Solaris
I m having interface ce0 ce1 and its sub interfaces for that.
I want to give MAC addresses for the same.
How will I assign it.
Please give solution for the same (4 Replies)
Discussion started by: sunray
4 Replies
5. Solaris
i need to configure a zone to use different interface (bge2) than global and have connected to completely different network switch & to use its own defaultrouter and hosts file .. is it possible ..if so ..how ?
Thanks (9 Replies)
Discussion started by: skamal4u
9 Replies
6. UNIX and Linux Applications
Hi,
I'm a italian student. For my thesis I develop a gateway with protocol 6lowpan.
For that I must access to network interface to develope my personal stack based on standard 802.15.4.
Can you help me? I need an explanation for that. (0 Replies)
Discussion started by: berny88
0 Replies
7. Solaris
I've one Netra 240
After changing main board and system configuration card reader, Network is not accessible any more, Network interfaces are always UP and Running even when there is no cable connected to Network interfaces.
I tried to restart and plumb/unplumb with no luck.
ifconfig -a... (7 Replies)
Discussion started by: samer.odeh
7 Replies
8. UNIX for Dummies Questions & Answers
I have a RHEL 5 system with a bonded interface configure using only one network port (eth0). So I have config file for ifcfg-bond0 and ifcfg-eth. I'd like to configure eth5 to be the second SLAVE in the bond. My question is, after I modify ifcfg-eth5, can I add eth5 to the bond0 interface without... (1 Reply)
Discussion started by: westmoreland
1 Replies
9. Solaris
How to set gateway address to a particular interface? waht are the files need to update to make it permanent? (2 Replies)
Discussion started by: Naveen.6025
2 Replies
10. UNIX for Advanced & Expert Users
Hi ,
Could someone let me know how to detect duplicate ip address after assigning ip address to ethernet interface using c program (3 Replies)
Discussion started by: Gopi Krishna P
3 Replies
PADS(8) System Manager's Manual PADS(8)
NAME
pads - Passive Asset Detection System
SYNOPSIS
pads <DhUvV> <-c file > <-d file > <-g group > <-i interface > <-n network(s) > <-p file > <-r file > <-u file > <-w file > <expression>
DESCRIPTION
PADS is a libpcap based detection engine used to passively detect network assets. It is designed to complement IDS technology by providing
context to IDS alerts.
Goals:
- Passive: Records and identifies traffic seen on a network without
actively "scanning" a system. There will never be a packet sent from
the pads application.
- Portable: Has the ability to be placed easily on a remote system.
Does not require additional external libraries other than those
associated with libpcap.
- Lightweight: Logging is sent to a simple CSV file. There is no need
for a database or other data repository installed on the local
machine. All correlation is done outside of the pads program.
OPTIONS
-h Display help / usage information.
-D Run PADS in the background (daemon mode).
-d file
Dump banner data into a libpcap formatted file. This feature will dump the matched packet or the first 4 packets of an unmatched
connection into a specified file. This can be used to further identify a service and also aid with signature development.
Please keep in mind that this feature must be compiled into the application in order to use it. This can be done by adding
'--enable-banner-grab' to the 'configure' step.
-g group
This switch allows you to specify a group that PADS will drop to after the libpcap interface has been initialized.
-h Display help
-i interface
Specify an interface to be used.
-n network list
Specify a set of networks to be monitored. Only assets that exist within these networks will be recorded. The networks should be
specified in the following format: 10.10.10.0/24,192.168.0.0/16 .
-p pid file
This switch allows you to specify a PID file to be used in conjunction with daemon (-D) mode.
-r file
Read packets from a libpcap formatted file.
-u user
This switch allows you to specify a user that PADS will drop to after the libpcap interface has been initialized.
-w file
Dump data into a file other than assets.csv.
expression
selects which packets will be processed. Please see tcpdump(1) for details on the libpcap primitives.
SEE ALSO
pads.conf(8), pads-report(8), pads-archiver(8), tcpdump(8), pcre(3)
COPYRIGHT
Copyright (C) 2004 Matt Shelton <matt@mattshelton.com>
BUGS
Please send bug reports to the author.
AUTHORS
Matt Shelton <matt@mattshelton.com>
2005/06/17 PADS(8)