Project

nflog

0.0
No commit activity in last 3 years
No release in over 3 years
nfloggdelugre/ruby-nflogHomepageDocumentationSource CodeBug TrackerWiki
nflog is a wrapper around libnetfilter_log that allows you to capture packets using the NFLOG target of netfilter.
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
 Popularity
Downloads
5,404
Stars
1
Forks
0
Watchers
2
 Releases
Current version
1.0.1
Total releases
2
First release
2014-12-17
Latest release
2014-12-17
 Issues
Open Issues
0
Closed Issues
1
Total Issues
1
Issue Closure Rate
100%
 Development
Primary Language
Ruby
Licenses
GPL
Average date of last 50 commits
2014-12-17
Reverse Dependencies
0

 Dependencies

Runtime

ffi
>= 0
nfnetlink
>= 0
 Project Readme

Description of nflog

nflog is a wrapper around libnetfilter_log for Ruby.

For example, you can receive captured packets for the NFLOG group 1:

require 'nflog'

Netfilter::Log.create(1) do |packet|
    link, data = packet.data

    puts "Timestamp: #{packet.timestamp}"
    puts "Prefix: #{packet.prefix}"
    puts "UID: #{packet.uid}"
    puts "GID: #{packet.gid}"
    puts "Interface: #{packet.indev_name}"
    puts "Physical interface: #{packet.phys_indev_name}"
    puts "Ethernet: #{link.unpack("H*")[0]}" 
    puts "Payload: #{data.unpack("H*")[0]}" 
end

Setting up iptables

This example rule can be used for sniffing incoming UDP traffic:

iptables -A INPUT -p udp -j NFLOG --nflog-group 1

Setting up ebtables

You will need ebtables for sniffing at layer 2. Here is an example for capturing incomping ARP frames:

ebtables -t nat -A PREROUTING -p arp --nflog-group 1 -j ACCEPT

Dependencies

You need to have kernel support for NFLOG and libnetfilter_log installed to get it working. nflog depends on nfnetlink and ffi (https://github.com/ffi/ffi/wiki/)

Contact

Guillaume Delugré, guillaume at security-labs dot org