me, 2.0: jose nazario
beauty and the street
flowgrep
flowgrep
is a simple little tool i wrote that basically marries ngrep and tcpflow.
you can grovel through reassembled TCP streams and reassembled UDP and IP
packets for arbitrary content specified using regular expressions.
when you find a match you can save or even kill the stream (in the case
of TCP streams). "the world's cheapest IPS" according to one friend.
what can you do with flowgrep? you can do measurements of particular
traffic, you can build a very cheap IPS device (ie for mail-based worm
infestations), disrupt spammers, or you can just sniff on your coworkers.
requirements: python 2.2 or later, pynids 0.3 or later, and libnids. a basic
OpenBSD port for pynids is located here: http://monkey.org/~jose/openbsd/ports/unports/net/pynids/.
have fun.
|
next Monday, Dec 20, 2004 @ 08:14am |
previous Saturday, Dec 18, 2004 @ 09:46am
| archives
|
Last modified: Sunday, Dec 19, 2004 @ 08:48am
|
copyright © 2002-2005 jose nazario, all rights reserved.