http://justniffer.sourceforge.net/
Public domain
cd /usr/src
wget -c http://superb-sea2.dl.sourceforge.net/project/justniffer/justniffer/justniffer%200.5.8/justniffer_0.5.8.tar.gz
su - install
cd /usr/src
tar xf justniffer_0.5.8.tar.gz
cd justniffer-0.5.8/
./configure --prefix=/usr/ && make
make install DESTDIR=/usr/local/encap/justniffer-0.5.8
cd /usr/local/encap/justniffer-0.5.8/
mv usr/share/man/ usr/
cd /usr/local/encap/
mkencap justniffer-0.5.8/
logout
cd /usr/local/encap/
epkg justniffer-0.5.8
%connection.time
%idle.time.0
%request.time
%response.time
%response.time.begin
%response.time.end
%idle.time.1
+---------+ +---------+
| | | |
| Client | | Server |
| | | |
+---------+ +---------+
| |
| ----- connect syn --------> |----+
| | |
| <------ syn/ack ---------> | | %connection.time
| | |
| ------- ack ----------> | |
| ESTABLISHED |----+
| | | %idle.time.0
| | |(after connection, before
| | | request)
| | |
| --- request/first packet ---> |----+
| <------ ack ----------- | |
| | |
| --- request/.... ---> | | %request.time
| <------ ack ----------- | |
| | |
| --- request/last packet ---> | |
| <------ ack ----------- |----+--------------------+
| | | |
| | | |
| | |%reponse.time.begin |
| | | |
| <-- response/first packet ---- |----+ | reponse
| ------- ack ----------> | | | time
| | | |
| <-- response/.... ---- | |%reponse.time.end |
| ------- ack ----------> | | |
| | | |
| <-- response/last packet ---- | | |
| ------- ack ----------> |----+--------------------+
| | |
| | |
| | | %idle.time.1 (after response,
| | | before new request or close)
| | |
| <------ close ---------> |----+
| | |
| | |
justniffer -i ppp0 -u -l "%connection.timestamp(%F %T)%tab%source.ip:%source.port%tab%dest.ip:%dest.port%tab%response.time%tab%request.header.host%request.url"
justniffer -i ppp0 -u -l '%request %response.header' -p "port 80"
BY: Pejman Moghadam
TAG: epkg, justniffer, sniffer
DATE: 2011-06-25 00:14:15