PikeFlows project renamed Culvert.
[ Posted by James Harton ]
Mainly because I liked it better. GitHub project page.
PikeFlows updated to Pike 7.8 (much faster too!)
[ Posted by James Harton ]
I've spent the last wee while hacking on PikeFlows to fix some of the locking issues present in the initial version. I've made use of Pike 7.8's new getter/setter syntax to give much finer grained locking, meaning that it now runs faster because it's locking each object only for a single atomic transaction.
There are still some unusual behaviours using Public.Network.Pcap (it seems to randomly capture packets on Mac OS X for example), however appears to be working nicely on Linux.
I've rewritten the demo app flow.pike to take command line options, check the top of the file for more information.
Check out the latest source from GitHub.
PikeFlows: Pike IP packet flow analysis
[ Posted by James Harton ]
Around the end of last year I wrote a IP and IPv6 flow handler in Pike for some packet analysis I wanted to do.
The code is available here under the GNU LGPL.
It's simple to use, and there is a demonstration app which simply keeps track of all your flows and periodically prints out all your active connections:
Just take a look at flow.pike in the archive. The important part being void capture_cb(). It takes the packet from libpcap and explodes it with the Ethernet.Frame module, it then takes a look at the frame type. It passes IP packets to either IP.v4.Packet or IP.v6.Packet and then on to IP.Flow.Engine for processing into a flow. Something I threw in to show how easy it is to work with is de-encapsulation of 6to4 packets from within IPv4 packets.
I should write some documentation, but in the mean time just email me if you have questions. Thanks to Bill for Public.Network.Pcap.
Archives
- December 2009
- November 2009
- October 2009
- August 2009
- July 2009
- June 2009
- May 2009
- March 2009
- February 2009
Syndicate
Pages
Categories
Tags
Loading tweets...
Bye Bye IPv4
Del.icio.us links
-
Richard Hamming: You and Your Research
-
Y Combinator: Startup Library
-
messagepub : Home
-
Generating Certificate Signing Requests
-
DFE's BOOT-132 Resources Thread - InsanelyMac Forum
-
Kyoto - Kotoin on Flickr - Photo Sharing!
-
Building a Social Network Site in Rails | Ruby on Rails
-
Ruby on Rails Finite State Machine Plugin: acts_as_state_machine
-
Secrets
-
Rails Envy: Acts_As_Ferret Tutorial
-
Take Your Design To The Next Level With CSS3 | CSS | Smashing Magazine
-
How To Hack Your Brain, Part 1: Sleep | Dustin Curtis
-
Getting Physical § SEEDMAGAZINE.COM
-
GSM Feature Codes
-
Confluence4r Rails Plugin - Confluence Extensions - Atlassian Documentation - Confluence
