Packet Mastering
Jose Nazario, Ann Arbor, MI
Presented at Hack in the Box, Kuala Lumpur, Malaysia, October 6, 2004
The packet manipulation libraries "libdnet", "libpcap", and "libnids" are
seen by many as difficult to use. however, they can be easy to use when you
start working with them. this talk introduces these three libraries, the
core of many interesting network applications. also, this talk will show
how to tie them together with event based programming. once you learn these
libraries and techniques, interesting network tools are within your
grasp. the development language will be in C.
Slides: [html]
[PPT]
sample code
some of this code is mentioned by name in the talk. all of these examples
are under a 3-clause BSD license.
- jscan -- tcp port
scanner (libdnet, libevent, libpcap)
- jtrace --
tcp traceroute tool (libdnet, libevent, libpcap)
- jflow -- pcap to
NetFlow converter (libnids)
- version detect -- libnids Python example
- http-graph -- another libnids Python example
press
Network-sniffing tools still lacking, The Star online (Malaysia), Tuesday October 26, 2004.