Index of /dmn/pdumpq

Icon  Name                    Last modified      Size  Description
[DIR] Parent Directory                             -   
[TXT] BUGS                    12-Sep-2001 23:36  506   
[TXT] COPYING                 12-Sep-2001 23:36   18K  
[TXT] Makefile                12-Sep-2001 23:36  3.5K  
[TXT] READ_ME                 12-Sep-2001 23:36  2.1K  
[TXT] app.h                   12-Sep-2001 23:36  2.0K  
[TXT] cmdl.c                  12-Sep-2001 23:36  6.7K  
[TXT] func.c                  12-Sep-2001 23:36  5.2K  
[TXT] mail.c                  12-Sep-2001 23:36  2.3K  
[TXT] mail.h                  12-Sep-2001 23:36  1.5K  
[TXT] main.c                  12-Sep-2001 23:36  2.1K  
[TXT] pcap-ish.c              12-Sep-2001 23:36  1.9K  
[TXT] pcap-ish.h              12-Sep-2001 23:36  1.7K  
[   ] pdumpq                  12-Sep-2001 23:36   16K  
[SND] pdumpq-0.2-1.i386.rpm   12-Sep-2001 23:36   14K  
[SND] pdumpq-0.2-1.src.rpm    12-Sep-2001 23:36   29K  
[   ] pdumpq-0.2-1.tgz        12-Sep-2001 23:36   27K  GZIP compressed tar ar>
[   ] pdumpq.8                12-Sep-2001 23:36  6.9K  
[TXT] pdumpq.init             12-Sep-2001 23:36  3.8K  
[TXT] pdumpq.spec             12-Sep-2001 23:36  899   

pdumpq
======

Pdumpq takes packets over the netlink device which have been sent by
Netfilter's QUEUE target and dumps them in Pcap format. This format is
compatible with various packet sniffers such as tcpdump, snort and ethereal.

Features include automatic dumpfile rotation, firewall mark filtering and 
user-defined packet verdicts. If it is compiled with email support, you can 
have packet dumps sent via email. You can also send the pcap data stream to 
standard output for reading by another program.

You need to compile your kernel with netlink support and QUEUE target support.
Your firewall rule set needs to specify which packets to send to the netlink 
socket.

BUILD INSTRUCTIONS:
You need Netfilter/Iptables and libipq (which comes with netfilter).

	Edit Makefile
	make
	make install	/* You must be root to install */

The Makefile:
You can set some program defaults in the Makefile. It is well commented, so
the options should be pretty clear. You can choose to disable compilation of
the email alert option if you know you will never use it. Even if you build
it in, it will not send email unless you tell it to. There are some email-
specific options like timer and queue size that you can set. The other options
relate to automatic file rotation and packet verdicts. These options can also
be set on the command line when you run the program.

There is a Sys-V init script that has been contributed by Hal Burgiss. You will
need to create the symlinks needed to make the program run if you want it to
start automatically. Under Red Hat this can be done using chkconfig.

If you did not install the netfilter development libraries (libipq) you will
need to tell the makefile where to find them. You can also specify the install
directory and mandir. If your system kernel includes do not point to 2.4.X
includes you will need to tell the makefile where to find them.

make:
This software should build on any system which supports netfilter.

make install:
This will install the program and documentation.

USAGE:
Read the man page - pdumpq(8)

BUGS/PROBLEMS:
Please see the file BUGS