EnderUNIX Hafiye

Latest Version: 1.0

What is Hafiye?

When I looked at the source code for various famous sniffers, I've noticed that they all had all seperate .C files for interpreting various protocols. Why not have a sniffer that can understand user-supplied protocol details? Here it is.

When fired, Hafiye first visits each sub-directory under its knowledge-base directory and opens to see whether it is a protocol knowledge-base file. If so, It loads the necessary information from that file and places it into its memory space.
After constructing the supplied knowledge-base, Hafiye starts looping for receiving packets. When a packet arrives, it demultiplexes the layers according to its knowledge-base and prints protocol-based information.

Mirror Sites

Acikkod

Features

Multi Platform Support (Posix Compliant)

Customizable Protocol Definitions (Layer II, III and IV)

Customizable Packet Interpretation (Layer II, III and IV)

Sample Output

Sample output is provided here. This is a POP3 session where Hafiye successfully captured both the protocol headers and the payload: username/password

News

August 24, 2004
Serkan Akpolat reported a terminal escape sequence injection issue, which may lead to a bug when working
inside a buggy terminal device/emulator. Anyhow, the change is applied to the source. Please re-download
Hafiye 1.0 if you've downloaded it prior to August 25, 2004 10:30 EEST. Here is the patch for the old souce.
Note that, you don't need to bother if you're not using a broken terminal emulator or terminal.

ChangeLog

You can see the ChangeLog file to see what has changed between the releases.

Download

You can download EnderUNIX Hafiye from EnderUNIX or Acikkod.org

FreeBSD Package

Debian Package

Install

Read the INSTALL document as well as the README document to install and deploy EnderUNIX Hafiye, You can find README.configfile document helpful about custom protocol definition files.

Authors

Murat Balaban [murat at enderunix dot org]

Mailing List

You can subscribe to our mailing list.
Send an blank mail to [email protected]
Mail archive is available at http://list.enderunix.org/hafiye

Thanks

FreeBSD Ports Tree Maintainer [ports at freebsd dot org] for the FreeBSD port/package

Murat Demirten [murat at debian dot org] for the Debian package

Atilim Boy [aboy at trunix dot org]

Sensei original idea owner.

My team friends Ismail, Omer and Baris.