https://github.com/fd0/toothrotd

Daemon that listens for and logs rogue packets received (described via pcap filter expression)
https://github.com/fd0/toothrotd

Last synced: 11 months ago
JSON representation

Daemon that listens for and logs rogue packets received (described via pcap filter expression)

• Host: GitHub
• URL: https://github.com/fd0/toothrotd
• Owner: fd0
• License: other
• Created: 2012-12-02T22:23:52.000Z (over 13 years ago)
• Default Branch: master
• Last Pushed: 2012-12-05T20:10:22.000Z (over 13 years ago)
• Last Synced: 2025-03-21T06:10:10.534Z (about 1 year ago)
• Language: C
• Size: 129 KB
• Stars: 3
• Watchers: 2
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          
Introduction

============

This daemon logs packets that match a bpf (libpcap) filter expression to stdout

and syslog. It can, for example, be used to detect rogue IGMP querier devices

on the network attached to eth0 when called as follows:

    # ./toothrotd -i eth0 -f "ip and igmp and igmp[0] = 0x11 and not src 137.226.144.1"

New connections can be logged like this:

    # ./toothrotd -i eth0 -f "tcp and tcp[tcpflags] == tcp-syn"

Compile

=======

Prerequisites:

 * libpcap-dev

Compile the code by calling `make`:

    $ make

    cc -g -Wall -std=gnu99 -O2   -c -o toothrotd.o toothrotd.c

    cc -lpcap  toothrotd.o version.h   -o toothrotd

Trivia

======

The name `toothrotd` is inspired by the character Herman Toothrot from the game "Monkey Island".