iplog 2.2.3 by Ryan McCabe ------------------------------------------ iplog is a TCP/IP traffic logger. Currently, it is capable of logging TCP, UDP and ICMP traffic. Adding support for other protocols should be relatively easy. iplog's capabilities include the ability to detect TCP port scans, TCP null scans, FIN scans, UDP and ICMP "smurf" attacks, bogus TCP flags (used by scanners to detect the operating system in use), TCP SYN scans, TCP "Xmas" scans, ICMP ping floods, UDP scans, and IP fragment attacks. iplog is able to run in promiscuous mode and monitor traffic to all hosts on a network. iplog uses libpcap to read data from the network and can be ported to any system that supports pthreads and on which libpcap will function. NOTE ---- Some people have reported that iplog doesn't log anything for them. To those people: Can you try commenting out line 41 of iplog.c and seeing if that makes iplog produce logs. If it does, what percentage of CPU time does ps or top show iplog consuming? If deleting that line helps you at all, I'd be interested in hearing about it. Could you send me email with your operating system and OS version and details about what happened when you removed that line. TESTED PLATFORMS ---------------- * FreeBSD (3.x, 4.0) * OpenBSD (2.6 and up) * BSDI (4.0, 4.01) * Solaris (2.5.1, 7, 8) * IRIX 6.5 GETTING IPLOG ------------- The primary distribution site for iplog is http://ojnk.sourceforge.net Mirrors: USA: ftp://ojnk.sourceforge.net/pub/ojnk/iplog USA: http://www.numb.org/~odin OTHER ----- Please note that iplog will not build with BSD make. GNU make must be used. It is available from any GNU mirror. Please do not send me email about iplog not building on BSD if you're not using GNU make. libpcap can be retrieved from http://www.tcpdump.org If you compile libpcap yourself, remember to put "mkdir /usr/local/include/net ; make install-incl" "make install" alone will not install the pcap header files. The linuxthreads library (for Linux libc5) can be found at ftp://ftp.inria.fr/INRIA/Projects/cristal/Xavier.Leroy/linuxthreads.tar.gz GNU make can be found at ftp.gnu.org:/pub/gnu/make Any contributions (testing, comments, bug reports, ports, enhancements, etc) are greatly appreciated. $Id: README,v 1.20 2001/01/01 19:42:54 odin Exp $