Projects / iplog

iplog

iplog is a TCP/IP traffic logger. Currently, it is capable of logging TCP, UDP, and ICMP traffic. iplog is able to detect TCP port scans, TCP null scans, FIN scans, UDP and ICMP "smurf" attacks, bogus TCP flags, TCP SYN scans, TCP "Xmas" scans, ICMP ping floods, UDP scans, and IP fragment attacks. iplog is able to run in promiscuous mode and monitor traffic to all hosts on a network. iplog uses libpcap to read data from the network and can be ported to any system that supports pthreads and on which libpcap will function.

Tags
Licenses
Operating Systems
Implementation

Recent releases

  •  03 Jan 2001 22:42

    Release Notes: Bugfixes and the addition of a "--pid-file" command-line argument.

    •  24 Nov 2000 05:49

      Release Notes: This release includes the ability to detect TCP SYN scans, and has been fixed to allow building on Solaris 8.

      •  07 Jul 2000 17:49

        Release Notes: Fixes for switching users and getting IDENT info.

        •  03 Jul 2000 19:34

          Release Notes: Lots of bugfixes, support for a configuration file, and fixes to build on lots of platforms.

          •  21 Feb 2000 02:24

            Release Notes: The ability to detect when interfaces go down and re-open them when they come back up, detection of a new class of Xmas scans (which were recently discussed on Bugtraq), the ability to listen on loopback interfaces, and fixes for lots of bugs, including lockups that occurred when iplog was listening on more than one interface.

            Recent comments

            24 Feb 2002 04:22 aamoruso

            Iplog : machine readable results
            Why not add an option to create machine readable output, in
            order to be easily processed ?
            I mean an output like

            A=<Action>
            P=<Proto>
            SI=<Source IP Address>
            DI=<Dest IP Address>
            SP=<Source Port>
            DP=<Dest Port>

            etc. all in one line, with commas or spaces between fields
            e.g.

            A=PING P=ICMP SI=1.2.3.4 DI=192.168.0.1

            A=CONNECT P=TCP SI=1.2.3.4 DI=192.168.0.2 SP=3030
            DP=80

            A=SYN_SCAN

            etc. etc.

            Using existing command line options, output will be
            produced on stdout or external file.

            If you don't want to make this change, can I do it and submit
            the resulting code?
            I'll wait your answer!!! Email me back!

            Bye

            09 Nov 1999 01:39 ka0srit

            wont run under RH6.1
            Im having trouble getting IPLOG to run under RH6.1 with the following libpcap installed:

            libpcap-0.4a7-2
            libpcap-devel-0.4a7-2

            Compile throws no error. But execution takes up 99% of my cpu.

            Screenshot

            Project Spotlight

            OpenStack4j

            A Fluent OpenStack client API for Java.

            Screenshot

            Project Spotlight

            TurnKey TWiki Appliance

            A TWiki appliance that is easy to use and lightweight.