5. Plugins
Plugins provide a mechanism whereby additional modules can
be loaded in order to display specific network traffic information,
without the need for all such modules to appear in all sniffers at
all times.
KSnuffle 2.1 comes with five (well, for practical purposes, four)
plugins:
- Demo
This is a simple demonstration plugin. It does nothing other
than copy some configuration information, and display a count
of captured packets. The code can be used as a basis for a
real plugin.
- Summary
Click for full
size image
This plugin displays summary information. Each captured packet
is classified as incoming (to the host), outgoing, passing
(neither from nor to this host) or internal (or unknown if it
cannot be classified, currently classification is based on IP
address rather than MAC address). For each classification, the
number of packets, and the total network and data traffic are
shown. There are no configuration settings for this plugin.
- EndToEnd
Click
for full size image
This plugin categorises captured packets by source and
destination IP address. For each such category, packet count,
plus total network and data traffic are shown, split between
each direction. New source/destination pairs are added as they
appear. There are no configuration settings for this plugin.
Clicking on a column header sorts on that column; double
clicking an entry forces that entry to the top of the display.
- DNS
Click
for full size image
The DNS plugin examines DNS request messages, and displays
the requestor, the server, the query and, if and when it
the appears, the (first) answer. Note that a second or
subsequent answer, nor authority or additional results are
displayed.
- TCP/IP
Click
for full size image
The TCP/IP plugin monitors TCP/IP packets, and attempts to
display separate TCP/IP connections and the state at each
end. Note that since KSnuffle cannot see the internal
state of the machines at each end of the stream, it must make
various assumptions, for instance that all packets are
correctly recieved. Individual packets, and TCP/IP stream
data can be displayed, as for the main
packet display. Note that
packets are logged in files in /tmp, howeve these
have no access for group or other, and are
owned by the user running ksnuffle.
Unless KSnuffle is run by root, it will only load
plugins from the default plugin directory. This prevents
privileged users from implementing their own trojan plugins.
Next
Previous
Table of Contents