Metasploit mailing list archives
Re: Question on Sniffer Extension
From: HD Moore <hdm () metasploit com>
Date: Tue, 07 Sep 2010 09:35:40 -0500
On 9/6/2010 11:06 PM, John Nash wrote:
Hello List, Is it possible to add filters in the sniffer extension? I tried remote sniffing, the major issue I am hitting is that most of the traffic is local ARP and other broadcast packets. These are good to understand which hosts are up in a passive way, but nothing more. I would want to add specific filters like "tcp.port == 21" etc. to be able to fine grained control on what i capture.
Nope, not yet. The filter language available in the Sniffer SDK involves writing and compiling the filters in BPF assembler. There is a pcap-compatible library somewhere, but I haven't had a chance to see if the code can be copied into our extension easily. -HD _______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- Question on Sniffer Extension John Nash (Sep 06)
- Re: Question on Sniffer Extension ricky-lee birtles (Sep 07)
- Re: Question on Sniffer Extension HD Moore (Sep 07)