{"id":16521581,"url":"https://github.com/cyphunk/snifferjs","last_synced_at":"2025-03-21T09:30:32.221Z","repository":{"id":24480384,"uuid":"27884529","full_name":"cyphunk/snifferjs","owner":"cyphunk","description":"Sniffer.js packet sniffer in nodejs, browser or experimental standalone app (electron)","archived":false,"fork":false,"pushed_at":"2020-06-05T13:19:21.000Z","size":3266,"stargazers_count":40,"open_issues_count":0,"forks_count":15,"subscribers_count":4,"default_branch":"master","last_synced_at":"2025-03-01T04:41:39.788Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/cyphunk.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2014-12-11T18:04:22.000Z","updated_at":"2024-12-29T19:52:48.000Z","dependencies_parsed_at":"2022-07-12T16:07:50.598Z","dependency_job_id":null,"html_url":"https://github.com/cyphunk/snifferjs","commit_stats":null,"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cyphunk%2Fsnifferjs","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cyphunk%2Fsnifferjs/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cyphunk%2Fsnifferjs/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/cyphunk%2Fsnifferjs/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/cyphunk","download_url":"https://codeload.github.com/cyphunk/snifferjs/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":244126903,"owners_count":20402200,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-10-11T16:57:01.972Z","updated_at":"2025-03-21T09:30:31.707Z","avatar_url":"https://github.com/cyphunk.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"Sniffer.js\n==========\n\nThis software intensely whitelists packets displayed. This permits easier\nmonitoring of traffic by someone less familiar with packet filtering (such as\nactors on a stage). At the moment it is configured to only show outgoing packets\nfrom 192.168. 10. and 172. networks. Elements such as Logins via unencrypted\nPOP / IMAP / HTTP-POST / HTTP-Auth shown. Images shown on mouse hover or\nautomatically opened in a new tab/window. This is basically a Wall-Of-Sheep\nimplementation for the theatrical stage.\n\ncyphunk@deadhacker.com for use in the Anonymous-P theater production. Pull\nrequests and bug reports appreciated at any of:\n\n* \u003chttps://github.com/cyphunk/snifferjs\u003e\n* \u003chttps://git.xiala.net/cyphunk/snifferjs\u003e\n\n![Screencast of use](./sniffer.gif)\n\n\nFeatures\n--------\n\n* Alt+Click on Source IP filters current list by IP\n* Alt+Click Application Protocol column filters by protocol\n* MDNS host resolution\n* Entropy Graph (protocol agnostic method to measure amount of crypto in use)\n* Map of sessions for destinations geographical (not shown in screencast)\n* Auto open image urls in new tab/window (not show)\n* Hover over image url to show\n* Click found HTTP url to open in new tab/window\n* POP/IMAP Logins shown but unlike screen cast text is same color as \n background.\n* Login's via HTTP Post or HTTP Auth shown in light green\n\n\nLicense\n-------\n\nLicense: Non-White-Heterosexual-Male\n\nIf you are not a white heterosexual male you are permitted to copy, sell and use\nthis work in any manner you choose without need to include any attribution you\ndo not see fit. You are asked as a courtesy to retain this license in any\nderivatives but you are not required. If you are a white heterosexual male you\nare provided the same permissions (reuse, modification, resale) but are\nrequired to include this license in any documentation and any public facing\nderivative. You are also required to include attribution to the original author\nor to an author responsible for redistribution of a derivative.\n\n\u003chttp://nonwhiteheterosexualmalelicense.org\u003e\n\n\nInstall\n-------\n\nRequires node libpcap-dev installed on your system.\n\n git clone https://github.com/cyphunk/snifferjs.git\n cd snifferjs\n npm install\n\nFor resolving IP addresses to Geo Location download the Maxmind free dataset\n\n wget http://geolite.maxmind.com/download/geoip/database/GeoLiteCountry/GeoIP.dat.gz\n gzip -d GeoIP.dat.gz\n\n\nRun\n---\n\n node sniffer.js \u003cinterface\u003e \"\"\n open http://localhost:8080\n\n(last arg is optional pcap fitler. e.g \"ip\")\n\n\nSniffer.js has been tested with\n\n * node 4.2.6\n * npm 2.14.12\n * node-gyp 3.0.3\n\nOthers have [reported](https://github.com/node-pcap/node_pcap/issues/196)\n``4.4.4`` ``5.7.0`` ``8.9.2`` may also work. If you run into issues consider\ndowngrading with ``n`:\n\n npm install -g -n\n n 4.2.6\n rm -rf node_modules\n npm install\n\nConfiguration\n-------------\n\n HTTP_ONLY_FIRST=true Only the first HTTP packet will be shown. If a network\n user accesses http://gessnerallee.ch only the GET for\n the index.html will be shown, not subsequent image and\n resource loads over HTTP. *_ONLY_FIRST applies in a\n similar many for other protocols.\n\n FIRST_PER_IP=false The *_ONLY_FIRST flags apply globally. This means if two\n network users access HTTP sites at the same time only\n the first will be shown.\n\n MAIL_ONLY_LOGIN=true Only LOGIN requests for POP/IMAP are shown.\n\n ONLY_OUTGOING=true Only show packets going out from 192.168 10. and 172.\n networks. (AT THE MOMENT NOT AVAILABLE. ONLY_OUTGOING\n is the default behavior)\n\nInstallation Alternatives\n-------------------------\n\ndocker.io\n\n docker build -t snifferjs \\\n https://raw.githubusercontent.com/cyphunk/snifferjs/master/Dockerfile\n\nOlder node v0.10.25 npm v1.3.24\n\n git reset --hard a68b74beef81d196969a0b9a06e25a2975f6b001\n rm -rf node_modules\n npm install\n\n\nEtc\n---\n\n### Entropy Graphs\n\nCurrently disabled by default the code can display a graph of overall network\ndata entropy levels. For this one needs to install libdisorder\n\n git clone https://github.com/locasto/libdisorder.git\n cd libdisorder/code/src\n make\n # ON OSX:\n gcc -dynamiclib -flat_namespace \"*.o\" -o libdisorder.dylib\n cp libdisorder.dylib \u003csnifferjsdir\u003e\n # ON LINUX\n gcc -shared -o libdisorder.so -fPIC disorder.c\n cp libdisorder.so \u003csnifferjsdir\u003e\n\n\n### Troubleshooting MDNS\n\nTo check that dig resolve for MDNS resolution:\n\n dig +noall +answer +time=1 -x \u003ctest_ip\u003e -p 5353 @224.0.0.251\n dig +noall +answer +time=1 -x \u003ctest_ip\u003e -p 5353 @\u003ctest_ip\u003e\n\nshould return something like:\n\n \u003ctest_ip\u003e.in-addr.arpa.\t10\tIN\tPTR\tthais.local.\n\n``sniffer_cache.js`` uses this command and takes the last\npart of the text when split on spaces.\n\n### Error: libpcap.so.0.8: cannot open shared object\n\nRecompile\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcyphunk%2Fsnifferjs","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcyphunk%2Fsnifferjs","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcyphunk%2Fsnifferjs/lists"}