Skip to content
/ packlog Public

A kernel module that logs all your incoming packets.

License

MIT license
1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

utkarsh2102/packlog

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

16 Commits
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
packlog.c
packlog.c
 
 

Repository files navigation

packlog: Log your Packets! \o/

packlog is a simple kernel module that will log all your incoming packets, one-by-one. What for? Nothing, but fun!
With this, you can see how many packets are being transferred when you make a simple HTTP(S) request, or even otherwise.

Compiling

Well, we use make for compiling, so that's something your system should have.
Maybe you'll also need the build-essential package, which is readily available to install via your package manager.

  • So, clone the repository:

    $ git clone https://github.com/utkarsh2102/packlog

  • Run make to compile the source.

    $ make

And there you go! Done!
You'll see a bunch of binaries and files generated by this. And the only thing we're interested in is packlog.ko.

From StackOverflow,

The .ko file is your object file linked with some kernel automatically generated data structures that are needed by the kernel.

Using

Now since we have packlog.ko ready, let's use it!

  • Insert the compiled kernel module:

    $ sudo insmod packlog.ko

  • Now that the module is initialized, let's see the incoming packets:

    $ sudo dmesg | tail

  • At this point, you'll see some packets already have started to get logged. Let's make an HTTP request now and see what happens. Open Firefox and open any site, or type the following in another terminal:

    $ firefox utkarsh2102.com

    You'll see a spike in the number of packets. Obviously, eh? But fun, isn't it? But can you guess why the number of packets keeps increasing? Which packets are these? Any idea? ^.^

  • Anyway, now that fun time's over, let's remove the inserted module:

    $ sudo rmmod packlog

  • Finally, check the dmesg logs to ensure that the module has been removed:

    $ sudo dmesg | tail

DIY Time

Want to do something fun? Let's drop all the incoming packets. What do you think will happen?

Let's find out!

  • Step 1: In the tmp_hook function in packlog.c, change NF_ACCEPT to NF_DROP. Or use the following command:

    $ sed -i 's/NF_ACCEPT/NF_DROP/g' packlog.c

  • Step 2: Recompile.

    $ make

  • Step 3: Re-insert the compiled module.

    $ sudo insmod packlog.ko

  • Step 4: Ensure that the module has been initialized.

    $ sudo dmesg | tail

  • Step 5: Shoot up your browser and try to access any site.
    What happens? Does it work as usual? Why? Why not? What do you think? ^_^

  • Step 6: Okay, great stuff. But let's go back to our sane life.

    $ sudo rmmod packlog

  • Step 7: Lastly, ensure that the module has indeed been removed.

    $ sudo dmesg | tail

Copyright and Credits

Open-sourced under the MIT License.
Whilst this has been written from scratch but thanks to Julia Evans, Reuven Plevinsky, and Haoyuan Ge for some of their articles and explanations on some of the related topics.

About

A kernel module that logs all your incoming packets.

Topics

kernel module packets

Resources

Readme

License

MIT license
Activity

Stars

1 star

Watchers

3 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages