Metasploit mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Question on Sniffer Extension

From: HD Moore <hdm () metasploit com>
Date: Tue, 07 Sep 2010 09:35:40 -0500
On 9/6/2010 11:06 PM, John Nash wrote:

Hello List,

Is it possible to add filters in the sniffer extension?

I tried remote sniffing, the major issue I am hitting is that most of
the traffic is local ARP and other broadcast packets. These are good to
understand which hosts are up in a passive way, but nothing more.

I would want to add specific filters like "tcp.port == 21" etc. to be
able to fine grained control on what i capture.


Nope, not yet. The filter language available in the Sniffer SDK involves
writing and compiling the filters in BPF assembler. There is a
pcap-compatible library somewhere, but I haven't had a chance to see if
the code can be copied into our extension easily.

-HD
_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework
Previous By Date Next
Previous By Thread Next

Current thread: