Packet-o-matic Wiki

Packet-o-matic is a free software that process network packets in real time and provide different kind of output. It's fully modular and easily extensible.

This application is still under heavy development. Don't hesitate to report bugs, feature requests and comments to gmsoft@tuxicoman.be.

• Installation : All you need to know to install packet-o-matic
• Getting started : Quick steps to have it up and running
• Command reference : All the commands explained
• Rules syntax : Explains the rules syntax
• Tips and tricks : Some useful things to know
• Configuration examples : Some configuration examples
• XML-RPC interface : Documentation of the XML-RPC interface
• Datastore usage and configuration : Document how datastore works

The input modules are modules used to capture packets and process them. The following inputs are currently implemented :

• input_docsis : Read a DOCSIS stream from a DVB-C or ATSC card
• input_pcap : Read packets from a network card or pcap files

The target modules are modules used to process the packets and provide the desired output. The following targets are currently implemented :

• target_display : Show packet information
• target_dump_payload : Dump raw connection payload into separate files
• target_http : Dump content or log HTTP connections
• target_inject : Reinject packets on an interface
• target_irc : Dump IRC connection into separate files with irssi-like log format
• target_msn : Dump MSN conversations and various files
• target_null : Does nothing, used for debugging
• target_pcap : Save packets into pcap files useable for example by tcpdump and wireshark
• target_pop : Dump emails and login information from POP3 connections
• target_rtp : Dump VoIP traffic (RTP streams) into wave files
• target_tap : Create a virtual interface and send all the packets to it
• target_tcpkill : Send TCP RST packets to kill TCP connections
• target_tftp : Dump tftp traffic into files

The match modules are modules used to identify the packets content and match fields in their headers. The following match are currently implemented :

• match_80211 : Match wireless 802.11 frames
• match_docsis : Match DOCSIS frames
• match_docsis_mgmt : Match DOCSIS management frames
• match_ethernet : Match ethernet frames
• match_icmp : Match ICMP packets
• match_icmpv6 : Match ICMPv6 packets
• match_ipv4 : Match IPv4 packets commonly known as IP
• match_ipv6 : Match IPv6 packets, the next generation of the IP protocol
• match_linux_cooked : Match linux_cooked frames that are produced when sniffing special interfaces like PPP interfaces
• match_ppi : Match PPI headers (CACE wireless headers)
• match_ppp : Match PPP packets
• match_pppoe : Match PPP over Ethernet (PPPoE) packets
• match_prism : Match prism2/AVS wireless headers
• match_radiotap : Match radiotap wireless headers
• match_rtp : Match RTP packets used in VoIP for both voice and video
• match_tcp : Match TCP segments
• match_undefined : Used internally to specify that the next layer has an unknown type
• match_udp : Match UDP datagrams
• match_vlan : Match 802.1Q frames aka VLAN frames

The helper modules are useful and sometimes mandatory to reassemble some streams. The following helper modules are implemented :

• helper_docsis : Allow dynamic resizing of the payload in DOCSIS headers
• helper_ipv4 : Reassemble IPv4 fragments into a single packet
• helper_ipv6 : Allow dynamic resizing of the payload in IPv6 headers
• helper_pppoe : Allow dynamic resizing of the payload in PPPoE packets
• helper_rtp : Perform RTP reordering
• helper_tcp : Perform TCP reassembly and reordering

The connection tracking modules (aka conntrack) are used to identify to what connection a packet belongs and to store informations about this connection and retrieve them later.

• conntrack_ipv4 : Track IPv4 connections
• conntrack_ipv6 : Track IPv6 connections
• conntrack_rtp : Track RTP connections
• conntrack_udp : Track UDP connections
• conntrack_tcp : Track TCP connections

The datastore modules allow targets to save data in databases.

• datastore_mysql : Handle MySQL databases
• datastore_postgres : Handle PostgreSQL databases
• datastore_sqlite : Handle SQLite databases