Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/fd0/toothrotd

Daemon that listens for and logs rogue packets received (described via pcap filter expression)
https://github.com/fd0/toothrotd

Last synced: about 1 month ago
JSON representation

Daemon that listens for and logs rogue packets received (described via pcap filter expression)

Host: GitHub
URL: https://github.com/fd0/toothrotd
Owner: fd0
License: other
Created: 2012-12-02T22:23:52.000Z (about 12 years ago)
Default Branch: master
Last Pushed: 2012-12-05T20:10:22.000Z (about 12 years ago)
Last Synced: 2024-10-14T21:05:35.651Z (3 months ago)
Language: C
Size: 129 KB
Stars: 4
Watchers: 3
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

        Introduction

============

This daemon logs packets that match a bpf (libpcap) filter expression to stdout

and syslog. It can, for example, be used to detect rogue IGMP querier devices

on the network attached to eth0 when called as follows:

    # ./toothrotd -i eth0 -f "ip and igmp and igmp[0] = 0x11 and not src 137.226.144.1"

New connections can be logged like this:

    # ./toothrotd -i eth0 -f "tcp and tcp[tcpflags] == tcp-syn"

Compile

=======

Prerequisites:

 * libpcap-dev

Compile the code by calling `make`:

    $ make

    cc -g -Wall -std=gnu99 -O2   -c -o toothrotd.o toothrotd.c

    cc -lpcap  toothrotd.o version.h   -o toothrotd

Trivia

======

The name `toothrotd` is inspired by the character Herman Toothrot from the game "Monkey Island".