Ethereal

kieron

Registered
Has anyone got ethereal to run under OSX. It was the only reason I used linux and I would be great if I could get it to run under OSX. If not are there any other packet sniffing programs for X, I would not know where to start to write one in Java.

Thanks,

Kieron
 
there were supposed to be problems w/ the pcap library but I've compiled
it w/ older supposedly non-buggy versions of pcap and it still dies. This
is tethereal, the X version is even worse.
 
What would be involved in porting it. A fully native version would be preferable to something using an X Server (XDarwin). Does anyone know how easy it is to interface directly with the ethernet implementation in X - would it be easy to write a network sniffer from the ground up?

On a completely different note has anyone tried user/password verification in Windows Active Directory using LDAP, I can't seem to get it to work.

Thanks

Kieron
 
/usr/sbin/tcpdump is the bulit in packet sniffer. Run this as root. If you want a nicer output, well, I don't know how to do that, but you might find these perl scripts usefull:

--begin sniffer.pl ----
#!/usr/bin/perl

$LIMIT = shift || 5000;

$|=1;
open (STDIN,"/usr/sbin/tcpdump -lnx -s 1024 dst port 80 |");
while (<>) {
if (/^\S/) {
last unless $LIMIT--;
while ($packet=~/(GET|POST|WWW-Authenticate|Authorization).+/g) {
print "$client -> $host\t$&\n";
}
undef $client; undef $host; undef $packet;
($client,$host) = /(\d+\.\d+\.\d+\.\d+).+ > (\d+\.\d+\.\d+\.\d+)/
if /P \d+:\d+\((\d+)\)/ && $1 > 0;
}
next unless $client && $host;
s/\s+//;
s/([0-9a-f]{2})\s?/chr(hex($1))/eg;
tr/\x1F-\x7E\r\n//cd;
$packet .= $_;
}

end sniffer.pl-----


begin fixup.pl---
#!/usr/bin/perl

use Socket;
use MIME::Base64;

$|=1;
while (<>) {
next unless ($host,$client,$msg) = /(\S+) -> (\S+)\s+(.*)\s+/;
$msg=~s/(Authorization:\s+Basic\s+)(\S+)/$1 . decode_base64($2)/e;
print lookup($host)," -> ",lookup($client),"\t$msg\n";
}

sub lookup {
my $addr = shift;
my $lookup = (gethostbyaddr(inet_aton($addr),AF_INET))[0];
return $lookup || $addr;
}
--end fixup.pl

to use them, ./sniffer.pl | ./fixup.pl. You'll need to add the mime encoding perl thing, too. Perhaps with this information, you could build a nice perl sniffer or something.

 
Ethereal comes in two flavors, the console text version and the X-GTK based version. Since the source is distributed, it would be an exercise left to the motivated student as to how to interface the low level sniffer engine to Cocoa.

:)

 
TCPflow is a good sniffer that produces very readable output. The source code isn't too hard to come by, and I think I posted instructions for compiling it in another thread. Just search around for the name and read the posts.
 
Back
Top