squid with ssl_bump Eero
On Mon, Aug 20, 2018 at 12:48 AM Cindy-Sue Causey <butterflyby...@gmail.com> wrote: > On 8/19/18, Reco <recovery...@gmail.com> wrote: > > Hi. > > > > On Sun, Aug 19, 2018 at 09:03:10PM +0300, Eero Volotinen wrote: > >> snort > > > > Intrusion detection. Unsuitable for traffic shaping or filtering. > > > >> and suricata. > > > > Utilizes NFQUEUE. Friends do not let friends to copy network packets > > from kernelspace to userspace and back. > > > DISCLAIMER: I am NOT versed in this, but that didn't stop me from > trying "apt-cache search packet sniffing". Ended up with ngrep: > > "ngrep strives to provide most of GNU grep's common features, applying > them to the network layer. ngrep is a pcap-aware tool that will allow > you to specify extended regular expressions to match against data > payloads of packets. It currently recognizes TCP, UDP and ICMP across > Ethernet, PPP, SLIP and null interfaces, and understands bpf filter > logic in the same fashion as more common packet sniffing tools, such > as tcpdump and snoop." > > Yes, I can see that description is very specific about what it touches > which means it might be otherwise limited. That or it's keyword > stuffing. Yay, go them if it's keyword happy because that does help > users find potentially helpful packages in amongst the 10,000 (?) or > so. :) > > I decided I've surely messed the whole concept up in my head so I used > some of ngrep's stuffing/description, namely "bpf", and searched > again: > > netsniff-ng: "netsniff-ng is a high performance Linux network sniffer > for packet inspection. It can be used for protocol analysis, reverse > engineering or network debugging. The gain of performance is reached > by 'zero-copy' mechanisms, so that the kernel does not need to copy > packets from kernelspace to userspace." > > Does NOT need to copy packets from kernelspace to userspace. > > YES, I know. Overall, it still might not do the OP's job that's > needed, but it used the SAME words I just read above in Reco's > response. That put it at least in the ballpark in my head since it's > talking about packet inspection. Developer wrote a description that > addressed a concern they knew knowledgeable users would have about > this topic. > > So here it is for that reason plus that it did use "packet > inspection", too. Sorry, no specific mention of "deep" according to > one last query tried before posting. > > Ngrep stayed because I liked how it said it "will allow you to specify > extended regular expressions to match against data payloads of > packets". That makes it sound like it might have basic offerings that > wouldn't fit everyone's needs. I decided that might not stop someone > who knows how to roll out what they really need if they have a good, > base Debian package as a template. :) > > Cindy :) > -- > Cindy-Sue Causey > Talking Rock, Pickens County, Georgia, USA > > * runs with duct tape * > >
