Overview
snifob is a sniffer output beautifier written in perl. It colourizes and
de-hex-ifies console based packet sniffer output to improve readability.
It currently supports snort, tcpdump, and Solaris's snoop. It can be invoked as a
wrapper to the packet sniffer, or in a command pipeline (E.g.: tcpdump -lvvenxs 1518 | snifob).
for more details, download and run snifob with --help
or run "perldoc snifob".
Tidbits
# snort support requires this patch which can be applied with the gnu patch program.
After applying the patch with "patch" you can configure, compile, and then run snort with -B as one of the options.
# snifob is beta software. I think it executes as expected and have tested it myself, but it needs more eyes than mine. It probably also needs more documentation, and I need to improve this web page.
# snifob will undergo multiple iterations of improvement
as I have time and as people use it and give me feedback
on it.
Possible problems
It doesn't run:
Is your path correct ?
Does perl live somewhere other than /usr/bin/perl ?
Have you edited $sniffer, $sniffer_dump, $sniffer_options, $sniffer_options_dump ?
No output is showing up:
are you running tcpdump with -l ?
are you running patched snort with -B ?