Re: [tcpdump-workers] reconstruct HTTP requests in custom sniffer
> I am asked to write a custom sniffer with libpcap on Linux that has to > handle a load of 50.000 packets per second. The sniffer has to detect all > HTTP requests and dump the URI with additional information, such as > request size and possibly response time/size. Looks very similar to : http://github.com/securactive/junkie if you can live with the AGPL, maybe we could join forces ? > Regarding the load of 50.000 packets a second, is this expected to be a > problem? Junkie handle this rate of packets (quite more actually) on one of our test probe running on a 8 core PC, with plenty of CPU left. So I bet this is not a problem. - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
Re: [tcpdump-workers] reconstruct HTTP requests in custom sniffer
Hi Cedric, > Looks very similar to : > > http://github.com/securactive/junkie > > Is the intention of junkie to follow TCP streams and reassemble complete HTTP requests/responses from the packets? How far is this implemented? > if you can live with the AGPL, maybe we could join forces ? > At first sight it sounds tempting, as I have no intention to re-invent the wheel again. Though, the project "libnids" already seems to follow TCP streams and fully re-assemble HTTP requests/responses. Though, in some of our side-projects we need to follow TCP streams with truncated packets and libnids is not designed for this. It would be nice to use one solution for all our projects, and maybe junkie could solve this. Cheers, Andrej - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
