Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
SNIFFIT(5)		      File Formats Manual		    SNIFFIT(5)

NAME
       sniffit - configuration file for	sniffit	(name arbirtary)

DESCRIPTION
       This  page  describes  the  format for the config file for sniffit (see
       sniffit(8) ). This file allows you to specify  in  great	 detail	 witch
       packets	should	be  processed by sniffit.  This	file also controls (or
       will control) some functions for	the continuous logging ('-L' option).

       A sniffit config	file might look	like (Be sure to end it	with  a	 BLANK
       line):

	      #	Sniffit	Sample Config file -- Brecht Claerhout

	      logfile /var/adm/sniffit.today.log

	      #	First select all packets!
	      select both mhosts 1
	      select both mhosts 2

	      #	Now deselect all packets from/to those damn 'surfers'
	      deselect both port 80
	      deselect both port 8001

       This file will tell sniffit to process all packets on the subnet	except
       those FROM/TO ports 80 and 8001 (thus we	don't want logs	of those  mass
       WWW connections witch turn our logs unreadable).

GLOBAL FORMAT
       The file	consists of lines, lines are formed by fields, fields are sep-
       arated with SPACES (NO TABS).  Unix comment lines  (starting  with  '#'
       are allowed).  So this gives us:

	      <field1> <field2>	<field3> <field4> <field5>

FIELD FORMAT
       <field1>
	      select  -	Sniffit	will look for packets that match the following
	      description (other fields)

	      deselect - Sniffit will ignore packets that match	 the  descrip-
	      tion

	      logfile  -  change  the  logfile name to <field2>	instead	of the
	      default 'sniffit.log'

       <field2>
	      from - Packets FROM the host matching the	 following  desc.  are
	      considered.

	      to - similar, Packets TO the....

	      both - similar, Packets FROM or TO the....

	      a	filename - as an argument of 'logfile' in <field1>

       <field3>
	      host - The (de)selection criteria	involves a hostname.

	      port - similar, ... a portnumber

	      mhosts  -	 The  (de)selection  criteria involves multiple-hosts,
	      like with	the wildcars in	0.3.0, but without the 'x'

       <field4>
	      Either a hostname, a portnumber, a service name or a  numbet-dot
	      partial notation indicating multiple hosts depending on <field3>
	      (service names like 'ftp'	are resolved as	the services available
	      present  on  the	host  that runs	Sniffit, and translated	into a
	      port nr)

       <field5>
	      A	portnumber, if <field3>	was 'host' or 'mhosts'	(optional,  if
	      not filled in, all ports are going to be (de)selected)

FILE INTERPRETING
       The config file is interpreted SEQUENTIAL, so watch it, don't mix lines
       in a file. Example:

		    select both	mhosts 100.100.12.
		    deselect both port 80
		    select both	host 100.100.12.2

	      This file	will get you the packets:
		    a) Send by hosts '100.100.12.*'
		    b) EXCEPT the WWW packets
		    c) BUT showing the WWW packets concerning
		       100.100.12.2

		    select both	mhosts 100.100.12.
		    select both	host 100.100.12.2
		    deselect both port 80

	      Will give	you the	packets	(probably unwanted result):
		    a) Send by hosts '100.100.12.*'
		    b) Send from/to 100.100.12.2 (useless line)
		    c) deselecting all WWW packets on the subnet

AUTHOR
       Brecht Claerhout	<coder@reptile.rug.ac.be>

SEE ALSO
       sniffit(8)

								    SNIFFIT(5)

NAME | DESCRIPTION | GLOBAL FORMAT | FIELD FORMAT | FILE INTERPRETING | AUTHOR | SEE ALSO

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=sniffit&sektion=5&manpath=FreeBSD+12.0-RELEASE+and+Ports>

home | help