Hi guys, If you looked at the source code for various sniffers, you'll notice that they all have seperate dedicated .C files for interpreting different protocols. Why not have a sniffer who can understand and interpret user supplied protocol details: ? Here is one: hafiye. Before starting sniffing, hafiye first loads the knowledge-base files the user has written and forms a knowledge-base for itself. Hafiye interprets incoming traffic according to this knowledge-base. If it did interest you and you want a test drive, here is the tarball url: http://www.enderunix.org/hafiye/hafiye-1.0.tar.gz PS. This is the very initial release, and I'm sure there are lots of ideas that can be developed on top of this model. Any ideas are welcome. Shameless self promotion: ;-P a security related job in Istanbul/Turkey.
This archive was generated by hypermail 2b30 : Wed Jun 12 2002 - 13:44:08 PDT