Hi guys,

If you looked at the source code for various sniffers, you'll notice that
they all have seperate dedicated .C files for interpreting different
protocols. Why not have a sniffer who can understand and interpret user
supplied protocol details: ?

Here is one: hafiye. Before starting sniffing, hafiye first loads the
knowledge-base files the user has written and forms a knowledge-base for
itself. Hafiye interprets incoming traffic according to this
knowledge-base.

If it did interest you and you want a test drive, here is the tarball url:

http://www.enderunix.org/hafiye/hafiye-1.0.tar.gz

PS. This is the very initial release, and I'm sure there are lots of ideas
that can be developed on top of this model.

Any ideas are welcome.

Shameless self promotion: ;-P a security related job in Istanbul/Turkey.

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]