-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathREADME
87 lines (52 loc) · 2.37 KB
/
README
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
iplog 2.2.3 by Ryan McCabe <[email protected]>
------------------------------------------
iplog is a TCP/IP traffic logger. Currently, it is capable of logging
TCP, UDP and ICMP traffic. Adding support for other protocols
should be relatively easy.
iplog's capabilities include the ability to detect TCP port
scans, TCP null scans, FIN scans, UDP and ICMP "smurf" attacks,
bogus TCP flags (used by scanners to detect the operating system in use),
TCP SYN scans, TCP "Xmas" scans, ICMP ping floods, UDP scans, and IP
fragment attacks.
iplog is able to run in promiscuous mode and monitor traffic to all hosts
on a network.
iplog uses libpcap to read data from the network and can be ported
to any system that supports pthreads and on which libpcap will function.
In this build are integrated passive OS fingerprinting (p0f)
NOTE
----
Some people have reported that iplog doesn't log anything for them. To those
people:
Can you try commenting out line 41 of iplog.c and seeing if that makes iplog
produce logs. If it does, what percentage of CPU time does ps or top show
iplog consuming? If deleting that line helps you at all, I'd be interested
in hearing about it. Could you send me email with your operating system
and OS version and details about what happened when you removed that line.
TESTED PLATFORMS
----------------
* FreeBSD (3.x, 4.0)
* OpenBSD (2.6 and up)
* BSDI (4.0, 4.01)
* Solaris (2.5.1, 7, 8)
* IRIX 6.5
GETTING IPLOG
-------------
The primary distribution site for iplog is http://ojnk.sourceforge.net
Mirrors:
USA: ftp://ojnk.sourceforge.net/pub/ojnk/iplog
USA: http://www.numb.org/~odin
OTHER
-----
Please note that iplog will not build with BSD make. GNU make must be
used. It is available from any GNU mirror. Please do not send me email
about iplog not building on BSD if you're not using GNU make.
libpcap can be retrieved from http://www.tcpdump.org
If you compile libpcap yourself, remember to put
"mkdir /usr/local/include/net ; make install-incl" "make install" alone will
not install the pcap header files.
The linuxthreads library (for Linux libc5) can be found at
ftp://ftp.inria.fr/INRIA/Projects/cristal/Xavier.Leroy/linuxthreads.tar.gz
GNU make can be found at ftp.gnu.org:/pub/gnu/make
Any contributions (testing, comments, bug reports, ports, enhancements,
etc) are greatly appreciated.
$Id: README,v 1.20 2001/01/01 19:42:54 odin Exp $