Hi Cedric,
> Support for TCP segmentation as well as new parsers that use this
> feature should be pushed before end of week. Concerning the capture of
> POST messages we should probably start working on this in february (this
> is a small company so no schedule is ever definitive, so no promise)
-[ Sun, Jan 09, 2011 at 02:19:53PM +0900, Andrej van der Zee ]
> Is there anything to say about a rough time-schedule?
Support for TCP segmentation as well as new parsers that use this
feature should be pushed before end of week. Concerning the capture of
POST messages we should probably start
Hi Cedric,
> TCP reordering, IP fragmentation and buffering of stream is not present on
> github
> yet but is implemented and is being reviewed. I can push on github if you
> want to
> have a look. Concerning HTTP, for now we only fetch hostname and URL but
> were
> asked to capture the whole req
-[ Sat, Jan 08, 2011 at 04:42:40PM +0900, Andrej van der Zee ]
> Hi Cedric,
>
>
> > Looks very similar to :
> >
> > http://github.com/securactive/junkie
> >
> >
> Is the intention of junkie to follow TCP streams and reassemble complete
> HTTP requests/responses from the packets? How far is th
Hi Cedric,
> Looks very similar to :
>
> http://github.com/securactive/junkie
>
>
Is the intention of junkie to follow TCP streams and reassemble complete
HTTP requests/responses from the packets? How far is this implemented?
> if you can live with the AGPL, maybe we could join forces ?
>
At f
> I am asked to write a custom sniffer with libpcap on Linux that has to
> handle a load of 50.000 packets per second. The sniffer has to detect all
> HTTP requests and dump the URI with additional information, such as
> request size and possibly response time/size.
Looks very similar to :
http:
Hi,
I have implemented a HTTP parser one year ago. I remembered that when the
> parser calculate the request-response latency, inspect the interested
> fields
> but do not record or dump them, the speed will reach about 2Gbps on a
> single
> core, and 8 Gbps on 6 cores. I think a 0.05Mpps parser i
Hi,
> See urlsnarf:
>
> http://monkey.org/~dugsong/dsniff/
>
> I don't think it does POST data but it may be a good starting point.
>
>
Thanks, this seems to be very useful. It uses libnids which *hopefully*
enables me to re-assemble the HTTP request + POST data from raw packets with
little effor
Hi,
I have implemented a HTTP parser one year ago. I remembered that when the
parser calculate the request-response latency, inspect the interested fields
but do not record or dump them, the speed will reach about 2Gbps on a single
core, and 8 Gbps on 6 cores. I think a 0.05Mpps parser is an easy
On 2010-12-28 17:22, Andrej van der Zee wrote:
> I am asked to write a custom sniffer with libpcap on Linux that has to
> handle a load of 50.000 packets per second. The sniffer has to detect all
> HTTP requests and dump the URI with additional information, such as request
> size and possibly respo
10 matches
Mail list logo
