Skip to content
/ toothrotd Public

Daemon that listens for and logs rogue packets received (described via pcap filter expression)

License

View license
4 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

fd0/toothrotd

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

18 Commits

.gitignore

.gitignore

 
 

LICENSE

LICENSE

 
 

Makefile

Makefile

 
 

README.md

README.md

 
 

toothrotd.c

toothrotd.c

 
 

Repository files navigation

Introduction

This daemon logs packets that match a bpf (libpcap) filter expression to stdout and syslog. It can, for example, be used to detect rogue IGMP querier devices on the network attached to eth0 when called as follows:

# ./toothrotd -i eth0 -f "ip and igmp and igmp[0] = 0x11 and not src 137.226.144.1"

New connections can be logged like this:

# ./toothrotd -i eth0 -f "tcp and tcp[tcpflags] == tcp-syn"

Compile

Prerequisites:

  • libpcap-dev

Compile the code by calling make:

$ make
cc -g -Wall -std=gnu99 -O2   -c -o toothrotd.o toothrotd.c
cc -lpcap  toothrotd.o version.h   -o toothrotd

Trivia

The name toothrotd is inspired by the character Herman Toothrot from the game "Monkey Island".

About

Daemon that listens for and logs rogue packets received (described via pcap filter expression)

Resources

Readme

License

View license
Activity

Stars

4 stars

Watchers

3 watching

Forks

0 forks
Report repository

Releases

1 tags

Packages

No packages published

Languages