Differences

This shows you the differences between two versions of the page.

--- start [2014/05/22 19:25] – Add output pcap_flow. gmsoft
+++ start [2020/05/26 21:59] (current) – external edit 127.0.0.1
@@ Line 1: / Line 1: @@
-====== Packet-o-matic wiki ======
+====== Packet-o-matic NG ======
-This wiki contains informations about the old version of packet-o-matic as well as the new version called pom-ng.
-===== Packet-o-matic NG =====
 Packet-o-matic NG aka pom-ng is the new generation of packet-o-matic. It is a complete rewrite based on the previous version with improved architectural design and packet processing.
 Notable new features are multi-input support and multi-thread processing.
+**If you are looking for documentation about the old version of packet-o-matic, see [[pom:start|here]].**
 ==== General ====
   * [[pom-ng:installation|Installation]] : Step by step intstallation procedure
   * [[pom-ng:getting_started|Getting started]] : Beginner's guide to pom-ng
+  * [[pom-ng:docsis:DOCSIS]] : Notes about sniffing DOCSIS streams
   * [[pom-ng:core|Core]] : Documentation pom-ng's core including command line parameters and global parameters
   * [[pom-ng:events|Events]] : List of all events that can be generated
   * [[pom-ng:lua|Lua]] : Lua API documentation
-  * [[pom-ng:features_wishlist|Features wishlist]] : List of features that need to be implemented
+  * [[pom-ng:roadmap|Roadmap]] : Roadmap for pom-ng
+  * [[pom-ng:features_wishlist|Features wishlist]] : Add the feature you'd like to see here !
   * [[pom-ng:troubleshooting|Troubleshooting]] : Troubleshooting steps for various problems
@@ Line 21: / Line 22: @@
 === Input ===
+  * [[pom-ng:input:docsis]] : Read DOCSIS packets from a digital TV card
+  * [[pom-ng:input:docsis_scan]] : Scan for DOCSIS streams using a digital TV card
+  * [[pom-ng:input:dvb_atsc]] : Read MPEG-TS packets from an ATSC/QAM card
   * [[pom-ng:input:dvb_c]] : Read MPEG-TS packets from a DVB-C card aka digital TV card
   * [[pom-ng:input:dvb_device]] : Read MPEG-TS packets from a DVB device, used only for specific cards with proprietary drivers
   * [[pom-ng:input:dvb_s]] : Read MPEG-TS packets from a DVB-S device aka satellite card
-  * [[pom-ng:input:kismet_drone]] : Connect to a [[https://kismetwireless.net/|Kismet]] drone.
+  * [[pom-ng:input:kismet_drone]] : Connect to a [[https://kismetwireless.net/|Kismet]] drone
   * [[pom-ng:input:pcap_dir]] : Read packets from pcap files in a directory
   * [[pom-ng:input:pcap_file]] : Read packets from a pcap file
@@ Line 37: / Line 41: @@
   * [[pom-ng:output:pcap_flow]] : Save connections into separate pcap files
   * [[pom-ng:output:tap]] : Dumps packets to a virtual tap interface
+=== Addons output ===
+  * [[pom-ng:addon_output:http_cookies]] : Dump HTTP session cookies in a text file
+  * [[pom-ng:addon_output:http_media]] : Dump HTTP images or video and create an apache like log for each file
+  * [[pom-ng:addon_output:http_searches]] : Dump searches performed on web sites based on a regex
+  * [[pom-ng:addon_output:wallofsheep]] : Dump All the clear-text password found in a text file
 === Protocol ===
@@ Line 49: / Line 60: @@
   * [[pom-ng:proto:icmp]] : Parse ICMP packets
   * [[pom-ng:proto:icmp6]] : Parse ICMPv6 packets
+  * [[pom-ng:proto:imap]] : Parse IMAP packets
   * [[pom-ng:proto:ipv4]] : Parse IP (version 4) packets
   * [[pom-ng:proto:ipv6]] : Parse IPv6 packets
@@ Line 59: / Line 71: @@
   * [[pom-ng:proto:pppoe]] : Parse PPPoE packets
   * [[pom-ng:proto:radiotap]] : Parse radiotap packets used for encapsulating wireless (802.11) frames
+  * [[pom-ng:proto:rtp]] : Parse RTP packets
+  * [[pom-ng:proto:sip]] : Parse SIP packets
   * [[pom-ng:proto:smtp]] : Parse the SMTP protocol
   * [[pom-ng:proto:tcp]] : Parse TCP packets
@@ Line 69: / Line 83: @@
   * [[pom-ng:analyzer:dns]] : Analyze DNS packets
   * [[pom-ng:analyzer:docsis]] : Analyze DOCSIS packets
+  * [[pom-ng:analyzer:dtmf]] : Analyze DTMF events in SIP sessions
   * [[pom-ng:analyzer:gif]] : Analyze GIF images
   * [[pom-ng:analyzer:http]] : Analyze HTTP connections
   * [[pom-ng:analyzer:http_post]] : Analyze HTTP POST payloads (form-urlencoded)
+  * [[pom-ng:analyzer:imap]] : Analyzer IMAP packets
   * [[pom-ng:analyzer:jpeg]] : Analyze JPEG images
   * [[pom-ng:analyzer:multipart]] : Analyzer MIME multipart payloads
@@ Line 78: / Line 94: @@
   * [[pom-ng:analyzer:ppp_pap]]: Analyze PPP-PAP events
   * [[pom-ng:analyzer:rfc822]] : Analyzer RFC822 messages
+  * [[pom-ng:analyzer:rtp]] : Analyze RTP streams
+  * [[pom-ng:analyzer:sdp]] : Analyze SDP describing media sessions
+  * [[pom-ng:analyzer:sip]] : Analyzer SIP messages and session
   * [[pom-ng:analyzer:smtp]] : Analyze SMTP connections
   * [[pom-ng:analyzer:tftp]] : Analyze TFTP packets
@@ Line 85: / Line 104: @@
   * [[pom-ng:datastore:sqlite]] : SQLite backend
-----
-===== Packet-o-matic (old version) =====
-**The below is only applicable to the old version called "packet-o-matic" and not pom-ng !**
-==== General ====
-  * [[pom:installation|Installation]] : All you need to know to install packet-o-matic
-  * [[pom:getting_started|Getting started]] : Quick steps to have it up and running
-  * [[pom:command_reference|Command reference]] : All the commands explained
-  * [[pom:rules_syntax|Rules syntax]] : Explains the rules syntax
-  * [[pom:tips_and_tricks|Tips and tricks]] : Some useful things to know
-  * [[pom:config_examples|Configuration examples]] : Some configuration examples
-  * [[pom:xmlrpc_interface|XML-RPC interface]] : Documentation of the XML-RPC interface
-  * [[pom:datastore_config|Datastore usage and configuration]] : Document how datastore works
-  * [[pom:docsis:dvbcards|DVB/ATSC cards]] : List of DVB/ATSC cards which were tested
-==== Modules ====
-=== Input modules ===
-The input modules are modules used to capture packets and process them. The following inputs are currently implemented :
-  * [[pom:input:docsis]] : Read a DOCSIS stream from a DVB-C or ATSC card
-  * [[pom:input:pcap]] : Read packets from a network card or pcap files
-=== Target ===
-The target modules are modules used to process the packets and provide the desired output. The following targets are currently implemented :
-  * [[pom:target:display]] : Show packet information
-  * [[pom:target:dump_payload]] : Dump raw connection payload into separate files
-  * [[pom:target:http]] : Dump content or log HTTP connections
-  * [[pom:target:inject]] : Reinject packets on an interface
-  * [[pom:target:irc]] : Dump IRC connection into separate files with irssi-like log format
-  * [[pom:target:msn]] : Dump MSN conversations and various files
-  * [[pom:target:null]] : Does nothing, used for debugging
-  * [[pom:target:pcap]] : Save packets into pcap files useable for example by tcpdump and wireshark
-  * [[pom:target:pop]] : Dump emails and login information from POP3 connections
-  * [[pom:target:rtp]] : Dump VoIP traffic (RTP streams) into wave files
-  * [[pom:target:tap]] : Create a virtual interface and send all the packets to it
-  * [[pom:target:tcpkill]] : Send TCP RST packets to kill TCP connections
-  * [[pom:target:tftp]] : Dump tftp traffic into files
-=== Match ===
-The match modules are modules used to identify the packets content and match fields in their headers. The following match are currently implemented :
-  * [[pom:match:80211]] : Match wireless 802.11 frames
-  * [[pom:match:docsis]] : Match DOCSIS frames
-  * [[pom:match:docsis_mgmt]] : Match DOCSIS management frames
-  * [[pom:match:ethernet]] : Match ethernet frames
-  * [[pom:match:icmp]] : Match ICMP packets
-  * [[pom:match:icmpv6]] : Match ICMPv6 packets
-  * [[pom:match:ipv4]] : Match IPv4 packets commonly known as IP
-  * [[pom:match:ipv6]] : Match IPv6 packets, the next generation of the IP protocol
-  * [[pom:match:linux_cooked]] : Match linux_cooked frames that are produced when sniffing special interfaces like PPP interfaces
-  * [[pom:match:ppi]] : Match PPI headers (CACE wireless headers)
-  * [[pom:match:ppp]] : Match PPP packets
-  * [[pom:match:pppoe]] : Match PPP over Ethernet (PPPoE) packets
-  * [[pom:match:prism]] : Match prism2/AVS wireless headers
-  * [[pom:match:radiotap]] : Match radiotap wireless headers
-  * [[pom:match:rtp]] : Match RTP packets used in VoIP for both voice and video
-  * [[pom:match:tcp]] : Match TCP segments
-  * [[pom:match:undefined]] : Used internally to specify that the next layer has an unknown type
-  * [[pom:match:udp]] : Match UDP datagrams
-  * [[pom:match:vlan]] : Match 802.1Q frames aka VLAN frames
-=== Helper ===
-The helper modules are useful and sometimes mandatory to reassemble some streams. The following helper modules are implemented :
-  * [[pom:helper:docsis]] : Allow dynamic resizing of the payload in DOCSIS headers
-  * [[pom:helper:ipv4]] : Reassemble IPv4 fragments into a single packet
-  * [[pom:helper:ipv6]] : Allow dynamic resizing of the payload in IPv6 headers
-  * [[pom:helper:pppoe]] : Allow dynamic resizing of the payload in PPPoE packets
-  * [[pom:helper:rtp]] : Perform RTP reordering
-  * [[pom:helper:tcp]] : Perform TCP reassembly and reordering
-=== Connection tracking ===
-The connection tracking modules (aka conntrack) are used to identify to what connection a packet belongs and to store informations about this connection and retrieve them later.
-  * [[pom:conntrack:ipv4]] : Track IPv4 connections
-  * [[pom:conntrack:ipv6]] : Track IPv6 connections
-  * [[pom:conntrack:rtp]] : Track RTP connections
-  * [[pom:conntrack:udp]] : Track UDP connections
-  * [[pom:conntrack:tcp]] : Track TCP connections
-=== Datastore ===
-The datastore modules allow targets to save data in databases.
-  * [[pom:datastore:mysql]] : Handle MySQL databases
-  * [[pom:datastore:postgres]] : Handle PostgreSQL databases
-  * [[pom:datastore:sqlite]] : Handle SQLite databases