The below is only applicable to the old version called “packet-o-matic” and not pom-ng !

If you are looking for instructions about pom-ng, see here.

• Installation : All you need to know to install packet-o-matic
• Getting started : Quick steps to have it up and running
• Command reference : All the commands explained
• Rules syntax : Explains the rules syntax
• Tips and tricks : Some useful things to know
• Configuration examples : Some configuration examples
• XML-RPC interface : Documentation of the XML-RPC interface
• Datastore usage and configuration : Document how datastore works
• DVB/ATSC cards : List of DVB/ATSC cards which were tested

The input modules are modules used to capture packets and process them. The following inputs are currently implemented :

• docsis : Read a DOCSIS stream from a DVB-C or ATSC card
• pcap : Read packets from a network card or pcap files

The target modules are modules used to process the packets and provide the desired output. The following targets are currently implemented :

• display : Show packet information
• dump_payload : Dump raw connection payload into separate files
• http : Dump content or log HTTP connections
• inject : Reinject packets on an interface
• irc : Dump IRC connection into separate files with irssi-like log format
• msn : Dump MSN conversations and various files
• null : Does nothing, used for debugging
• pcap : Save packets into pcap files useable for example by tcpdump and wireshark
• pop : Dump emails and login information from POP3 connections
• rtp : Dump VoIP traffic (RTP streams) into wave files
• tap : Create a virtual interface and send all the packets to it
• tcpkill : Send TCP RST packets to kill TCP connections
• tftp : Dump tftp traffic into files

The match modules are modules used to identify the packets content and match fields in their headers. The following match are currently implemented :

• 80211 : Match wireless 802.11 frames
• docsis : Match DOCSIS frames
• docsis_mgmt : Match DOCSIS management frames
• ethernet : Match ethernet frames
• icmp : Match ICMP packets
• icmpv6 : Match ICMPv6 packets
• ipv4 : Match IPv4 packets commonly known as IP
• ipv6 : Match IPv6 packets, the next generation of the IP protocol
• linux_cooked : Match linux_cooked frames that are produced when sniffing special interfaces like PPP interfaces
• ppi : Match PPI headers (CACE wireless headers)
• ppp : Match PPP packets
• pppoe : Match PPP over Ethernet (PPPoE) packets
• prism : Match prism2/AVS wireless headers
• radiotap : Match radiotap wireless headers
• rtp : Match RTP packets used in VoIP for both voice and video
• tcp : Match TCP segments
• undefined : Used internally to specify that the next layer has an unknown type
• udp : Match UDP datagrams
• vlan : Match 802.1Q frames aka VLAN frames

The helper modules are useful and sometimes mandatory to reassemble some streams. The following helper modules are implemented :

• docsis : Allow dynamic resizing of the payload in DOCSIS headers
• ipv4 : Reassemble IPv4 fragments into a single packet
• ipv6 : Allow dynamic resizing of the payload in IPv6 headers
• pppoe : Allow dynamic resizing of the payload in PPPoE packets
• rtp : Perform RTP reordering
• tcp : Perform TCP reassembly and reordering

The connection tracking modules (aka conntrack) are used to identify to what connection a packet belongs and to store informations about this connection and retrieve them later.

• ipv4 : Track IPv4 connections
• ipv6 : Track IPv6 connections
• rtp : Track RTP connections
• udp : Track UDP connections
• tcp : Track TCP connections

The datastore modules allow targets to save data in databases.

• mysql : Handle MySQL databases
• postgres : Handle PostgreSQL databases
• sqlite : Handle SQLite databases