snifob is a sniffer output beautifier written in perl. It colourizes and
de-hex-ifies console based packet sniffer output to improve readability.
It currently supports snort,
tcpdump, and Solaris's snoop. It can be invoked as a
wrapper to the packet sniffer, or in a command pipeline (E.g.: tcpdump -lvvenxs 1518 | snifob).
for more details, download and run snifob with --help
or run "perldoc snifob".
snort support requires this patch
which can be applied with the gnu patch
After applying the patch with "patch" you can configure, compile,
and then run snort with -B as one of the options.
snifob is beta software. I think it executes as expected
and have tested it myself, but it needs more eyes than mine. It
probably also needs more documentation, and I need to improve this
snifob will undergo multiple iterations of improvement
as I have time and as people use it and give me feedback
It doesn't run:
Is your path correct ?
Does perl live somewhere other than /usr/bin/perl ?
Have you edited $sniffer, $sniffer_dump, $sniffer_options, $sniffer_options_dump ?
No output is showing up:
are you running tcpdump with -l ?
are you running patched snort with -B ?
snifob was developed with snort 1.6.3, tcpdump 3.5.2,
vim 5.6, perl 5.005_03, on Debian GNU/Linux 2.2.
It is also known to run on Solaris 7, RedHat 6.2 and 7.0.
You can acquire it here.
Please send feedback to: Holt Sorenson - hso at nosneros dot net