>
> In article <199807300834.KAA00279.kithrup.freebsd.chat@cdsec.com> you write:
> >How about an article on BPF and/or libpcap? I could easily write something
> >like that...
>
> What would you say?
>
> DDJ, unfortunately, doesn't really want kernel hacking articles. But they can
> be persuaded if you can also make it about something else -- the truss
> article, for example, was in their "performance and debugging" issue, because
> truss can be used for that. And the second one was in their "networking"
> issue.
>
> bpf and libpcap are ported to linux as well. So if you could come up with an
> application for it (for example... I use a modified verison of tcpdump to keep
> track of my network bandwidth; it's not great, and could definitely be done
> better), DDJ or Linux Journal may be interested...
I have written a program that uses libpcap to log TCP connections when they
close, with client, server, duration, bytes sent, bytes received, and,
in the case of FTP, files transferred, or HTTP, URLs requested, or
NNTP, newsgroups browsed. I have also written an ident spoofer using the
BPF device, and a simple extension to the BPF code that allows BPF programs
to use labels and be `linked' before downloding to the BPF device. So
there is definitely scope here I think.
Ideally I would cover the program that logs the TCP connections, although
I'll probably step on some toes, as my partners want to turn this into a
commercial product. But I could probably strip it down a bit, and maybe
just suggest the application-specific stuff as possible extensions.
--
Dr Graham Wheeler E-mail: gram@cdsec.com
Citadel Data Security Phone: +27(21)23-6065/6/7
Internet/Intranet Network Specialists Mobile: +27(83)253-9864
Firewalls/Virtual Private Networks Fax: +27(21)24-3656
Data Security Products WWW: http://www.cdsec.com/
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-chat" in the body of the message