Projects / iplog

iplog

iplog is a TCP/IP traffic logger. Currently, it is capable of logging TCP, UDP, and ICMP traffic. iplog is able to detect TCP port scans, TCP null scans, FIN scans, UDP and ICMP "smurf" attacks, bogus TCP flags, TCP SYN scans, TCP "Xmas" scans, ICMP ping floods, UDP scans, and IP fragment attacks. iplog is able to run in promiscuous mode and monitor traffic to all hosts on a network. iplog uses libpcap to read data from the network and can be ported to any system that supports pthreads and on which libpcap will function.

Tags
Licenses
Operating Systems
Implementation

RSS Recent releases

  •  30 Jan 2001 06:13

    Release Notes: Bugfixes and the addition of a "--pid-file" command-line argument.

    •  30 Jan 2001 06:13

      Release Notes: This release includes the ability to detect TCP SYN scans, and has been fixed to allow building on Solaris 8.

      •  30 Jan 2001 06:13

        Release Notes: Fixes for switching users and getting IDENT info.

        •  30 Jan 2001 06:13

          Release Notes: Lots of bugfixes, support for a configuration file, and fixes to build on lots of platforms.

          •  30 Jan 2001 06:13

            Release Notes: The ability to detect when interfaces go down and re-open them when they come back up, detection of a new class of Xmas scans (which were recently discussed on Bugtraq), the ability to listen on loopback interfaces, and fixes for lots of bugs, including lockups that occurred when iplog was listening on more than one interface.

            RSS Recent comments

            24 Feb 2002 04:22 aamoruso Thumbs up

            Iplog : machine readable results
            Why not add an option to create machine readable output, in
            order to be easily processed ?
            I mean an output like

            A=<Action>
            P=<Proto>
            SI=<Source IP Address>
            DI=<Dest IP Address>
            SP=<Source Port>
            DP=<Dest Port>

            etc. all in one line, with commas or spaces between fields
            e.g.

            A=PING P=ICMP SI=1.2.3.4 DI=192.168.0.1

            A=CONNECT P=TCP SI=1.2.3.4 DI=192.168.0.2 SP=3030
            DP=80

            A=SYN_SCAN

            etc. etc.

            Using existing command line options, output will be
            produced on stdout or external file.

            If you don't want to make this change, can I do it and submit
            the resulting code?
            I'll wait your answer!!! Email me back!

            Bye

            09 Nov 1999 01:39 ka0srit

            wont run under RH6.1
            Im having trouble getting IPLOG to run under RH6.1 with the following libpcap installed:

            libpcap-0.4a7-2
            libpcap-devel-0.4a7-2

            Compile throws no error. But execution takes up 99% of my cpu.

            Links

            Heartbeat

            Google Chart
            Popularity Score
            110.20
            Vitality Score
            4.80
            Subscriptions
            23
            Voting Score: 2 (3 votes)
            Screenshot

            Project Spotlight

            The ACE ORB from the doc group

            A CORBA C++ ORB.

            Screenshot

            Project Spotlight

            Dada Mail

            A simple, Web-based mailing list manager.