Packet-o-matic

User Tools

Site Tools

Trace: getting_started
pom:getting_started

Getting started

First, start packet-o-matic. This will start the program without any configuration. 

packet-o-matic

At this point, packet-o-matic listens on port 4655. Simply telnet it and start configuring it. 

telnet localhost 4655

You can also use the web interface. If you compiled it with xmlrpc-c support, start with the -X switch to enable the web interface. 

packet-o-matic -X

Then you can simply point your browser to http://localhost:8080.

To have a quick reference of all the parameters of each modules, you can run 

packet-o-matic -h

This is useful to have the list of all the match and their parameters.

You have to perform the following tasks to get a running configuration :

  • choose an input type and configure it
  • add the rules you need
  • add the targets you need
  • save the config

Real life example

The following example start an input pcap on eth0 (the default) and dump all the images that goes over HTTP on port 80 :

We use input pcap to sniff traffic on an network card. By default input_pcap will sniff on eth0. 

pom> input type set pcap

Our input now looks like this : 

pom> input show
Current input : pcap, mode interface (0 packets, 0 bytes)
  interface = eth0 
  snaplen = 1522 bytes
  promisc = no 
  filter =

We want to match everything destinated to the port 80. Packet in reverse direction will automatically found by the connection tracking modules. 

pom> rule add tcp.dport == 80
Added rule with id 0

As you can see, the rule has been created but is currently disabled : 

pom> rule show
Rule 0 (0 pkts, 0 bytes) (disabled) : 
  tcp.dport == 80

Thus we need to enable rules so it will process packets : 

pom> rule enable 0

We use target_http to dump parts of the HTTP traffic into files. We add this target to the rule 0. By default, target_http will dump everything into /tmp. 

pom> target add 0 http
Added target with id 0 to rule 0

Enable dumping the images. We want to dump the images 

pom> target parameter set 0 0 dump_img yes

If everything went fine, your target should look like this : 

pom> target show
Rule 0 : targets (0 pkts, 0 bytes) : 
   0) http, mode default (0 pkts, 0 bytes) (stopped)
        prefix = /tmp
        decompress = yes
        mime_types_db = /usr/local/share/packet-o-matic/mime_types.db
        log_file =
        log_format = %v %a %u %t "%r" %s %b
        dump_img = yes 
        dump_vid = no 
        dump_snd = no 
        dump_txt = no 
        dump_bin = no 
        dump_doc = no

We can now start the target we just added. 

pom> target start 0 0

Finaly we start the input to capture packets and start dumping the images. 

pom> input start

To save our changes we simply write the configuration 

pom> config write
Configuration written in pom.xml.conf
pom/getting_started.txt · Last modified: 2020/05/26 21:59 by 127.0.0.1