User Tools

Site Tools


pom:getting_started

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

pom:getting_started [2012/10/12 08:57] (current)
Line 1: Line 1:
 +===== Getting started =====
  
 +First, start packet-o-matic. This will start the program without any configuration.
 +  packet-o-matic
 +
 +At this point, packet-o-matic listens on port 4655. Simply telnet it and start configuring it.
 +  telnet localhost 4655
 +
 +You can also use the web interface. If you compiled it with xmlrpc-c support, start with the -X switch to enable the web interface.
 +  packet-o-matic -X
 +Then you can simply point your browser to [[http://​localhost:​8080]].
 +
 +To have a quick reference of all the parameters of each modules, you can run
 +  packet-o-matic -h
 +This is useful to have the list of all the match and their parameters.
 +
 +You have to perform the following tasks to get a running configuration :
 +  * choose an input type and configure it
 +  * add the rules you need
 +  * add the targets you need
 +  * save the config
 +
 +
 +===== Real life example =====
 +
 +
 +The following example start an input pcap on eth0 (the default) and dump all the images that goes over HTTP on port 80 :
 +
 +We use input pcap to sniff traffic on an network card. By default input_pcap will sniff on eth0.
 +  pom> input type set pcap
 +
 +Our input now looks like this :
 +  pom> input show
 +  Current input : pcap, mode interface (0 packets, 0 bytes)
 +    interface = eth0 
 +    snaplen = 1522 bytes
 +    promisc = no 
 +    filter = 
 +
 +We want to match everything destinated to the port 80. Packet in reverse direction will automatically found by the connection tracking modules.
 +  pom> rule add tcp.dport == 80
 +  Added rule with id 0
 +
 +As you can see, the rule has been created but is currently disabled :
 +  pom> rule show
 +  Rule 0 (0 pkts, 0 bytes) (disabled) : 
 +    tcp.dport == 80
 +
 +Thus we need to enable rules so it will process packets :
 +  pom> rule enable 0
 +
 +We use target_http to dump parts of the HTTP traffic into files. We add this target to the rule 0. By default, target_http will dump everything into /tmp.
 +  pom> target add 0 http
 +  Added target with id 0 to rule 0
 +
 +Enable dumping the images. We want to dump the images
 +  pom> target parameter set 0 0 dump_img yes
 +
 +If everything went fine, your target should look like this :
 +  pom> target show
 +  Rule 0 : targets (0 pkts, 0 bytes) : 
 +     0) http, mode default (0 pkts, 0 bytes) (stopped)
 +          prefix = /tmp
 +          decompress = yes
 +          mime_types_db = /​usr/​local/​share/​packet-o-matic/​mime_types.db
 +          log_file =
 +          log_format = %v %a %u %t "​%r"​ %s %b
 +          dump_img = yes 
 +          dump_vid = no 
 +          dump_snd = no 
 +          dump_txt = no 
 +          dump_bin = no 
 +          dump_doc = no 
 +
 +
 +We can now start the target we just added.
 +  pom> target start 0 0
 +
 +Finaly we start the input to capture packets and start dumping the images.
 +  pom> input start
 +
 +To save our changes we simply write the configuration
 +  pom> config write
 +  Configuration written in pom.xml.conf
 + 
pom/getting_started.txt ยท Last modified: 2012/10/12 08:57 (external edit)