Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/gdelugre/ruby-nflog
NFLOG userland bindings for Ruby
https://github.com/gdelugre/ruby-nflog
Last synced: 29 days ago
JSON representation
NFLOG userland bindings for Ruby
- Host: GitHub
- URL: https://github.com/gdelugre/ruby-nflog
- Owner: gdelugre
- License: gpl-3.0
- Created: 2014-12-17T12:36:58.000Z (about 10 years ago)
- Default Branch: master
- Last Pushed: 2014-12-17T17:52:51.000Z (about 10 years ago)
- Last Synced: 2024-03-15T11:52:45.644Z (10 months ago)
- Language: Ruby
- Size: 141 KB
- Stars: 1
- Watchers: 2
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: COPYING
Awesome Lists containing this project
README
Description of nflog
--------------------
nflog is a wrapper around libnetfilter\_log for Ruby.
For example, you can receive captured packets for the NFLOG group 1:
```ruby
require 'nflog'
Netfilter::Log.create(1) do |packet|
link, data = packet.data
puts "Timestamp: #{packet.timestamp}"
puts "Prefix: #{packet.prefix}"
puts "UID: #{packet.uid}"
puts "GID: #{packet.gid}"
puts "Interface: #{packet.indev_name}"
puts "Physical interface: #{packet.phys_indev_name}"
puts "Ethernet: #{link.unpack("H*")[0]}"
puts "Payload: #{data.unpack("H*")[0]}"
end
```
Setting up iptables
-------------------
This example rule can be used for sniffing incoming UDP traffic:
```
iptables -A INPUT -p udp -j NFLOG --nflog-group 1
```
Setting up ebtables
-------------------
You will need ebtables for sniffing at layer 2.
Here is an example for capturing incomping ARP frames:
```
ebtables -t nat -A PREROUTING -p arp --nflog-group 1 -j ACCEPT
```
Dependencies
------------
You need to have kernel support for NFLOG and libnetfilter\_log installed to get it working.
nflog depends on nfnetlink and ffi (https://github.com/ffi/ffi/wiki/)
Contact
-------
Guillaume Delugré, guillaume at security-labs dot org