At this point of time SNIPHER is not an exact sniffer!! or I think so.
Regular expressions are specified for originating (IP_CT_NEW)connection and I track ONLY those ones.
Other connections will simply pass through.
I need to do something like
1) REGEXes on the NEW connection.
2) On matching connections, it will MARK that connection using conntrack (I dont know how, at this time
!!) and SNIFF all the data on marked connection only.
--> Some thoughts like Creating a HASHTABLE using 4 fields [src_ip, src_port, dst_ip, dst_port].
I believe it will give a unique value on some operation and storing the data in that hashtable !!
3) Once this is done, also look for the utilities online which let you QUANTIFY PERFORMANCE !!
No comments:
Post a Comment