Saw this on bugtraq, looked interesting...
-- Nathan
------------------------------------------------------------
Nathan Neulinger EMail: nneul@xxxxxxx
University of Missouri - Rolla Phone: (573) 341-4841
Computing Services Fax: (573) 341-4216
-----Original Message-----
From: Kullanici Tarum [mailto:tarumnabalab@xxxxxxxxxxxxx]
Sent: Wednesday, June 12, 2002 2:52 PM
To: sectools@xxxxxxxxxxxxxxxxx
Cc: vuln-dev@xxxxxxxxxxxxxxxxx; bugtraq@xxxxxxxxxxxxxxxxx
Subject: A different type of sniffer: Hafiye
Hi guys,
If you looked at the source code for various sniffers, you'll notice
that
they all have seperate dedicated .C files for interpreting different
protocols. Why not have a sniffer who can understand and interpret user
supplied protocol details: ?
Here is one: hafiye. Before starting sniffing, hafiye first loads the
knowledge-base files the user has written and forms a knowledge-base for
itself. Hafiye interprets incoming traffic according to this
knowledge-base.
If it did interest you and you want a test drive, here is the tarball
url:
http://www.enderunix.org/hafiye/hafiye-1.0.tar.gz
PS. This is the very initial release, and I'm sure there are lots of
ideas
that can be developed on top of this model.
Any ideas are welcome.
Shameless self promotion: ;-P a security related job in
Istanbul/Turkey.