Latest Version: 1.0
What is Hafiye?
When I looked at the source code for various famous sniffers, I've noticed that they all had all seperate .C files for interpreting various protocols. Why not have a sniffer that can understand user-supplied protocol details? Here it is.
When fired, Hafiye first visits each sub-directory under its knowledge-base
directory and opens to see whether it is a protocol knowledge-base file.
If so, It loads the necessary information from that file and places it
into its memory space.
After constructing the supplied knowledge-base, Hafiye starts looping for receiving packets. When a packet arrives, it demultiplexes the layers according to its knowledge-base and prints protocol-based information.
Sample output is provided here. This is a POP3 session where Hafiye successfully captured both the protocol headers and the payload: username/password
You can see the ChangeLog file to see what has changed between the releases.
You can download EnderUNIX Hafiye from EnderUNIX or
Read the INSTALL document as well as the README document to install and deploy EnderUNIX Hafiye, You can find README.configfile document helpful about custom protocol definition files.
You can subscribe to our mailing list.
Send an blank mail to [email protected]
Mail archive is available at http://list.enderunix.org/hafiye
(c) 2002, EnderUNIX Software Development Team Istanbul/Turkey