Hi,
I have implemented a HTTP parser one year ago. I remembered that when the
> parser calculate the request-response latency, inspect the interested
> fields
> but do not record or dump them, the speed will reach about 2Gbps on a
> single
> core, and 8 Gbps on 6 cores. I think a 0.05Mpps parser i
Hi,
> See urlsnarf:
>
> http://monkey.org/~dugsong/dsniff/
>
> I don't think it does POST data but it may be a good starting point.
>
>
Thanks, this seems to be very useful. It uses libnids which *hopefully*
enables me to re-assemble the HTTP request + POST data from raw packets with
little effor
This is what PPI does.
http://www.cacetech.com/documents/PPI%20Header%20format%201.0.10.pdf
There is already a DLT for PPI (DLT_PPI). The only difference from your
solution is that the minimum header before the packet is 8 bytes (instead of
4). The advantage is that Wireshark already supports
I've been looking through all of the DLT decoders looking for one that has
just the DLT number in the header but I couldn't find one. Is there an
existing
DLT that matches this description?
Otherwise, I'd like to request DLT_DLT (or something like that) be allocated
to represent a 4 byte (netwo
Hi,
I have implemented a HTTP parser one year ago. I remembered that when the
parser calculate the request-response latency, inspect the interested fields
but do not record or dump them, the speed will reach about 2Gbps on a single
core, and 8 Gbps on 6 cores. I think a 0.05Mpps parser is an easy
On 2010-12-28 17:22, Andrej van der Zee wrote:
> I am asked to write a custom sniffer with libpcap on Linux that has to
> handle a load of 50.000 packets per second. The sniffer has to detect all
> HTTP requests and dump the URI with additional information, such as request
> size and possibly respo
On Dec 28, 2010, at 11:03 AM, Guy Harris wrote:
> Are you doing this on some Linux distribution? If so, what distribution is
> it, and what version of that distribution is this?
>
> If not, what operating system are you doing this on, and what version of that
> operating system is it?
>
> Di
On Dec 27, 2010, at 10:26 PM, Appaji_Peruri wrote:
> I am having a problem while installing DAQ which is used by snort . DAQ
> package is searching for the function pcap_lib_version and returning the
> following error .
>
> checking for pcap_lib_version... checking for pcap_lib_version in -lpc
Hi,
I am asked to write a custom sniffer with libpcap on Linux that has to
handle a load of 50.000 packets per second. The sniffer has to detect all
HTTP requests and dump the URI with additional information, such as request
size and possibly response time/size. The packets, destined for the
load-
