Hi,
I am asked to write a custom sniffer with libpcap on Linux that has to
handle a load of 50.000 packets per second. The sniffer has to detect all
HTTP requests and dump the URI with additional information, such as request
size and possibly response time/size. The packets, destined for the
load-
On Dec 27, 2010, at 10:26 PM, Appaji_Peruri wrote:
> I am having a problem while installing DAQ which is used by snort . DAQ
> package is searching for the function pcap_lib_version and returning the
> following error .
>
> checking for pcap_lib_version... checking for pcap_lib_version in -lpc
On Dec 28, 2010, at 11:03 AM, Guy Harris wrote:
> Are you doing this on some Linux distribution? If so, what distribution is
> it, and what version of that distribution is this?
>
> If not, what operating system are you doing this on, and what version of that
> operating system is it?
>
> Di
On 2010-12-28 17:22, Andrej van der Zee wrote:
> I am asked to write a custom sniffer with libpcap on Linux that has to
> handle a load of 50.000 packets per second. The sniffer has to detect all
> HTTP requests and dump the URI with additional information, such as request
> size and possibly respo
Hi,
I have implemented a HTTP parser one year ago. I remembered that when the
parser calculate the request-response latency, inspect the interested fields
but do not record or dump them, the speed will reach about 2Gbps on a single
core, and 8 Gbps on 6 cores. I think a 0.05Mpps parser is an easy
I've been looking through all of the DLT decoders looking for one that has
just the DLT number in the header but I couldn't find one. Is there an
existing
DLT that matches this description?
Otherwise, I'd like to request DLT_DLT (or something like that) be allocated
to represent a 4 byte (netwo
This is what PPI does.
http://www.cacetech.com/documents/PPI%20Header%20format%201.0.10.pdf
There is already a DLT for PPI (DLT_PPI). The only difference from your
solution is that the minimum header before the packet is 8 bytes (instead of
4). The advantage is that Wireshark already supports
Hi,
> See urlsnarf:
>
> http://monkey.org/~dugsong/dsniff/
>
> I don't think it does POST data but it may be a good starting point.
>
>
Thanks, this seems to be very useful. It uses libnids which *hopefully*
enables me to re-assemble the HTTP request + POST data from raw packets with
little effor
Hi,
I have implemented a HTTP parser one year ago. I remembered that when the
> parser calculate the request-response latency, inspect the interested
> fields
> but do not record or dump them, the speed will reach about 2Gbps on a
> single
> core, and 8 Gbps on 6 cores. I think a 0.05Mpps parser i
