Chinaunix首页 | 论坛 | 博客
  • 博客访问: 1867035
  • 博文数量: 473
  • 博客积分: 13997
  • 博客等级: 上将
  • 技术积分: 5953
  • 用 户 组: 普通用户
  • 注册时间: 2010-01-22 11:52
文章分类

全部博文(473)

文章存档

2014年(8)

2013年(38)

2012年(95)

2011年(181)

2010年(151)

分类: LINUX

2012-05-30 22:42:23

Burnt Offerings

1. , , size: 31031, version: 1.20

A vim syntax file for snort rules, with instructions on how to set vim up to use it.

May 3, 2007 - Updated more syntax. Understands rules from version 2.3.3 (Build 14)

2. , , size: 779617, version: 0.9.8.20081128

A libpcap version which supports MMAP mode on linux kernels 2.[46].x. To build it, extract the source in a working directory, say /tmp, and run the bootstrap script, which will print out the .warrantee file when it is done providing some clues on how to proceed.

% cd /tmp
% tar -zxf /tmp/libpcap-0.9.8.20081128.tar.gz
% ln -s libpcap-0.9.8.20081128 libpcap
% cd libpcap
% sh bootstrap
Hopefully, you have installed: libtool automake autoconf flex bison
If you have problems, rm -rf config and re-issue the bootstrap program
Ok to proceed?[N/y] y

... you will see some informative information, which I hope helps.

%

Nov 28, 2008 - Version 20081128 has some minor modifications, one which removed a spurious error message found in version 20081022.

Oct 22, 2008 - Version 20081022 is being used successfully to capture packets on a 10Gig external network. Unfortunately, if you want to save them then packet loss goes up due to issues with disk IO. Below is an example tcpdump using the current version of libpcap. You can adjust the behavior of libpcap using the environment variables defined in the README.ring file. Click on the README above. Note, if you are using a redhat tcpdump, which statically loads their libpcap, then you probably won't see these results. Get 0.9.8 tcpdump source.

# PCAP_STATS=0x1fff PCAP_VERBOSE=1 PCAP_PERIOD=10000 PCAP_SNAPLEN=1500 PCAP_MEMORY=max tcpdump -i eth2 -w /dev/null DEBUG, tring setup:block_size = 524288, block_nr = 8191, frame_size = 1568, frame_nr = 2735794, mem = 4.29444e+09 tcpdump: WARNING: snaplen raised from 68 to 1500 tcpdump: WARNING: eth2: no IPv4 address assigned libpcap version: 0.9.8 Kernel filter, Protocol 0300, MMAP mode (2735794 frames, snapshot 1500), socket type: Raw tcpdump: listening on eth2, link-type EN10MB (Ethernet), capture size 1500 bytes S:1224781791.712687 2776716 0 2776720 0 2833618 2281137998 2223766871 723822 226090 17058 1 000000009.287314 S:1224781801.000001 2628354 0 2628355 0 2627543 2147541740 2135977148 1493805 118650 12734 0 000000010.000007 S:1224781811.000008 2981235 0 2981232 0 2982226 2380199015 2365406757 809161 364091 14734 0 000000009.999993 S:1224781821.000001 2785523 0 2785524 0 2785567 2274139696 2261281235 563469 413820 655989 0 000000009.999999 S:1224781831.000000 2421866 0 2421866 0 2421968 1898811321 1887184657 1335182 99892 8445 0 000000010.000001 S:1224781841.000001 2618525 0 2618524 0 2618565 2090692514 2078293283 562745 2718417 12915 0 000000010.000001 S:1224781851.000002 2266966 0 2268001 0 2267281 1829322772 1818075551 1247413 2249589 8328 0 000000010.719216 S:1224781861.719218 2384381 0 2383348 0 2384209 1898026064 1887090837 1344456 1898176 25877 0 000000009.280793 S:1224781871.000011 2199260 0 2199288 0 2198645 1743874760 1733871497 1213939 1361642 8470 0 000000009.999996 S:1224781881.000007 3115357 0 3115328 0 3116043 2388830383 2373458970 747771 1741205 150273 0 000000009.999994 Hit a break here 27728055 packets captured 27728059 packets received by filter 0 packets dropped by kernel S:1224781891.000001 1549872 0 27 0 1549853 1268842581 1261416493 843883 555283 8544 0 000000006.576273 # (As you can see below, the ring buffer is not helping much when I direct pcap output to a file) # PCAP_STATS=0x1fff PCAP_VERBOSE=1 PCAP_PERIOD=10000 PCAP_SNAPLEN=1500 PCAP_MEMORY=max tcpdump -i eth2 -w /data/zzz.pcap DEBUG, tring setup:block_size = 524288, block_nr = 8191, frame_size = 1568, frame_nr = 2735794, mem = 4.29444e+09 tcpdump: WARNING: snaplen raised from 68 to 1500 tcpdump: WARNING: eth2: no IPv4 address assigned libpcap version: 0.9.8 Kernel filter, Protocol 0300, MMAP mode (2735794 frames, snapshot 1500), socket type: Raw tcpdump: listening on eth2, link-type EN10MB (Ethernet), capture size 1500 bytes S:1224784920.985871 3344880 0 4996504 0 5063320 4082420365 2669557030 32314 967566 815844 1 000000009.014131 S:1224784930.000002 4028563 695391 5792087 0 5791135 4601159324 3212755568 0 2260335 4028563 0 000000010.000000 S:1224784940.000002 3175867 1273345 4462077 0 4462033 3625609789 2522720102 0 2700408 3175867 0 000000009.999998 S:1224784950.000000 2758166 2335226 5069296 0 5070232 4082556225 2221357195 0 2722780 2758166 0 000000010.151307 S:1224784960.151307 2533169 1562183 3916223 0 3915293 3187745654 2030698550 0 2520155 2533169 0 000000009.910410 S:1224784970.061717 2483204 992814 3652797 0 3652807 2904024571 2013365120 0 2267565 2483204 0 000000009.938285 Paused and killed process multiple times, since a lowly break would not keep it from its appointed task


Advanced Computing Solutions

Los Alamos, New Mexico 87545

505 667-2598
505 665-7793 (fax)
Key fingerprint = 2BB7 A990 44F5 EF4B 4E35 8635 1205 97D3 F6D8 7F39



   % ./configure --enable-shared
   % make
   % make xxx


阅读(1060) | 评论(0) | 转发(0) |
给主人留下些什么吧!~~