https://github.com/lilithsec/virani

PCAP retrieval for any FPC setup writing to PCAP files.
https://github.com/lilithsec/virani

Last synced: 4 months ago
JSON representation

PCAP retrieval for any FPC setup writing to PCAP files.

• Host: GitHub
• URL: https://github.com/lilithsec/virani
• Owner: LilithSec
• License: lgpl-2.1
• Created: 2023-02-27T18:26:12.000Z (over 3 years ago)
• Default Branch: main
• Last Pushed: 2024-10-21T15:33:30.000Z (over 1 year ago)
• Last Synced: 2025-10-22T06:41:07.464Z (8 months ago)
• Language: Perl
• Homepage: https://metacpan.org/dist/Virani
• Size: 84 KB
• Stars: 1
• Watchers: 0
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • Changelog: Changes
  • License: LICENSE

Awesome Lists containing this project

README

          
# Virani

## Installation & Setup

Install various Perl requiremnets. This can be taken care of with

command below.

```shell

    cpanm Virani

```

Configure it.

For example on FreeBSD if you have daemonlogger set up something like

below.

```shell

    daemonlogger_enable="YES"

    daemonlogger_flags="-f /usr/local/etc/daemonlogger.bpf -d -l /var/log/daemonlogger -t 120"

```

Then a basic config would be like below.

```toml

    default_set='default'

    allowed_subnets=["192.168.14.0/23", "127.0.0.1/8"]

    [sets.default]

    path='/var/log/daemonlogger'

    regex='(?\d\d\d\d\d\d+)(\.pcap|(?\.\d+)\.pcap)$'

    strptime='%s'

```

For more information on the config file, see the POD for Virani.

## Usage

A example grabbing port 53 traffic below can be done like the

following.

```shell

    virani -s 2023-02-27T11:00:18 -e 2023-02-27T11:31:18 port 53

```

The time may also be specified like below.

```

now       current time

now-30    30 seconds ago

now-30m   30 minutes ago

now-30h   30 hours ago

now-30w   30 weeks ago

```

So if you wanted to find all port 53 traffic in the last minute, you

could do somethiing like below.

```shell

    virani -s now-1m -e now port 53

```

The help info for virani is as below. For more info check out the POD

for the module Virani and the script Virani.

```

--help            Print this.

-h                Print this.

--version         Print version.

-v                Print version..

-r        Remote URL or config file for remote info.

-a        API key for remote URL if needed.

-f        Filter for use with tshark or tcpdump.

-t          tcpdump or tshark

                  Default :: tcpdump

-t           Set to use. If undef, uses whatever the default is.

                  Default :: undef

--config  Config file to use.

                  Default :: /usr/local/etc/virani.toml

-s     Start timestamp. Any format supported by

                  Time::Piece::Guess is usable.

-e     End timestamp. Any format supported by

                  Time::Piece::Guess is usable.

-w        The file to write the PCAP to.

                  Default :: out.pcap

--nc              If cached, do not use it.

-k                Do not check the SSL cert for HTTPS for remote.

```

# LICENSE AND COPYRIGHT

This software is Copyright (c) 2023 by Zane C. Bowers-Hadley.

This is free software, licensed under:

  The GNU Lesser General Public License, Version 2.1, February 1999