https://github.com/nathangibbs3/iplog

The continuation of the iplog project. Originally by @ryan-mccabe. A TCP/IP traffic logger. for Linux systems.
https://github.com/nathangibbs3/iplog

connection continuation infosec logger

Last synced: 8 months ago
JSON representation

The continuation of the iplog project. Originally by @ryan-mccabe. A TCP/IP traffic logger. for Linux systems.

• Host: GitHub
• URL: https://github.com/nathangibbs3/iplog
• Owner: NathanGibbs3
• License: gpl-2.0
• Created: 2015-04-07T17:05:16.000Z (almost 11 years ago)
• Default Branch: master
• Last Pushed: 2020-07-17T21:19:07.000Z (over 5 years ago)
• Last Synced: 2025-03-30T19:22:41.802Z (9 months ago)
• Topics: connection, continuation, infosec, logger
• Language: C
• Homepage:
• Size: 159 KB
• Stars: 4
• Watchers: 2
• Forks: 5
• Open Issues: 0
• Metadata Files:
  • Readme: README
  • Changelog: ChangeLog
  • License: COPYING

Awesome Lists containing this project

README

          
iplog by Ryan McCabe 

Continued by Nathan Gibbs nathan@cmpublishers.com

------------------------------------------

iplog is a TCP/IP traffic logger.  Currently, it is capable of logging 

TCP, UDP and ICMP traffic.  Adding support for other protocols

should be relatively easy.

iplog's capabilities include the ability to detect TCP port

scans, TCP null scans, FIN scans, UDP and ICMP "smurf" attacks,

bogus TCP flags (used by scanners to detect the operating system in use), 

TCP SYN scans, TCP "Xmas" scans, ICMP ping floods, UDP scans, and IP

fragment attacks.

iplog is able to run in promiscuous mode and monitor traffic to all hosts

on a network.

iplog uses libpcap to read data from the network and can be ported

to any system that supports pthreads and on which libpcap will function.

NOTE

----

Some people have reported that iplog doesn't log anything for them. To those

people:

Can you try commenting out line 41 of iplog.c and seeing if that makes iplog

produce logs.  If it does, what percentage of CPU time does ps or top show

iplog consuming?  If deleting that line helps you at all, I'd be interested

in hearing about it.  Could you send me email with your operating system

and OS version and details about what happened when you removed that line.

TESTED PLATFORMS

----------------

* FreeBSD (3.x, 4.0)

* OpenBSD (2.6 and up)

* BSDI (4.0, 4.01)

* Solaris (2.5.1, 7, 8)

* IRIX 6.5

GETTING IPLOG

-------------

The primary distribution site for iplog is http://ojnk.sourceforge.net

Mirrors:

USA:    ftp://ojnk.sourceforge.net/pub/ojnk/iplog

USA:    http://www.numb.org/~odin

OTHER

-----

Please note that iplog will not build with BSD make.  GNU make must be

used.  It is available from any GNU mirror.  Please do not send me email

about iplog not building on BSD if you're not using GNU make.

libpcap can be retrieved from http://www.tcpdump.org

If you compile libpcap yourself, remember to put

"mkdir /usr/local/include/net ; make install-incl"  "make install" alone will

not install the pcap header files.

The linuxthreads library (for Linux libc5) can be found at 

ftp://ftp.inria.fr/INRIA/Projects/cristal/Xavier.Leroy/linuxthreads.tar.gz

GNU make can be found at ftp.gnu.org:/pub/gnu/make

Any contributions (testing, comments, bug reports, ports, enhancements,

etc) are greatly appreciated.