Projects / iplog

Download
More Information
iplog

iplog is a TCP/IP traffic logger. Currently, it is capable of logging TCP, UDP, and ICMP traffic. iplog is able to detect TCP port scans, TCP null scans, FIN scans, UDP and ICMP "smurf" attacks, bogus TCP flags, TCP SYN scans, TCP "Xmas" scans, ICMP ping floods, UDP scans, and IP fragment attacks. iplog is able to run in promiscuous mode and monitor traffic to all hosts on a network. iplog uses libpcap to read data from the network and can be ported to any system that supports pthreads and on which libpcap will function.

Tags Security Logging Monitoring
Licenses GPL
Operating Systems POSIX BSD BSD/OS FreeBSD NetBSD OpenBSD IRIX Linux Solaris
Implementation C

Tweet this project Short link

Rss Recent releases

  • Rrelease-mid
  •  30 Jan 2001 06:13
  • Rrelease-after

    Changes: Bugfixes and the addition of a "--pid-file" command-line argument.

    • Rrelease-mid
    •  30 Jan 2001 06:13
    • Rrelease-after

      Changes: This release includes the ability to detect TCP SYN scans, and has been fixed to allow building on Solaris 8.

      • Rrelease-mid
      •  30 Jan 2001 06:13
      • Rrelease-after

        Changes: Fixes for switching users and getting IDENT info.

        • Rrelease-mid
        •  30 Jan 2001 06:13
        • Rrelease-after

          Changes: Lots of bugfixes, support for a configuration file, and fixes to build on lots of platforms.

          • Rrelease-mid
          •  30 Jan 2001 06:13
          • Rrelease-after

            Changes: The ability to detect when interfaces go down and re-open them when they come back up, detection of a new class of Xmas scans (which were recently discussed on Bugtraq), the ability to listen on loopback interfaces, and fixes for lots of bugs, including lockups that occurred when iplog was listening on more than one interface.

            Rss Recent comments

            Rcomment-before 24 Feb 2002 04:22 Rcomment-trans aamoruso Rcomment-after

            Iplog : machine readable results
            Why not add an option to create machine readable output, in
            order to be easily processed ?
            I mean an output like

            A=<Action>
            P=<Proto>
            SI=<Source IP Address>
            DI=<Dest IP Address>
            SP=<Source Port>
            DP=<Dest Port>

            etc. all in one line, with commas or spaces between fields
            e.g.

            A=PING P=ICMP SI=1.2.3.4 DI=192.168.0.1

            A=CONNECT P=TCP SI=1.2.3.4 DI=192.168.0.2 SP=3030
            DP=80

            A=SYN_SCAN

            etc. etc.

            Using existing command line options, output will be
            produced on stdout or external file.

            If you don't want to make this change, can I do it and submit
            the resulting code?
            I'll wait your answer!!! Email me back!

            Bye

            Rcomment-before 09 Nov 1999 01:39 Rcomment-trans ka0srit Rcomment-after

            wont run under RH6.1
            Im having trouble getting IPLOG to run under RH6.1 with the following libpcap installed:

            libpcap-0.4a7-2
            libpcap-devel-0.4a7-2

            Compile throws no error. But execution takes up 99% of my cpu.

            Links

            Google Chart

            Heartbeat

            Popularity Score
            151.67
            Vitality Score
            4.94
            Subscriptions
            26
            Voting Score: 2 (3 votes)
            58f2921ccd12179254fe590d7b6db847_thumb

            Project Spotlight

            The Contiki Operating System

            A networked OS for memory constrained systems.

            097a9899dc5a6184c422609713c15243_thumb

            Project Spotlight

            Picard

            An advanced MusicBrainz tagger.