|
Thongs is raw ethernet frame listening/analysing/filtering/logging/crafting utility for linux. It aims to be lightweight console utility, still offering some runtime controls via menus etc. This is done using ncurses library. Thongs project was derived from nibbles, and this may still be seen in some parts of documentation etc.
Thongs can be used to:
- Logging frames to pcapNG file
- Displaying frames on console
- filtering displayed / stored frames based on keystring lists and some protocol aware filters
- There are 3 types of filters
- include filters
- exclude filters
- highlight filters
- Ethernet packet crafting and sending
- Storing/Loading crafted packets to text file
- Finding C structures/definitions from header files
- Using config file to set log file name, initial filters etc.
After obtaining thongs you need to compile and (optionally) install it. This can be done by issuing commands
make
sudo make install
in folder where Makefile is located. Note that thongs needs ncurses library (also form, menu and panel libraries). Typically these are all included in ncurses development library, often called as ncurses-devel. On Fedora you can install ncurses by issuing command
sudo yum install ncurses-devel
Thongs provides minimal help when ran with --help option.
thongs-sniffer --help
There is also man pages for thongs online and included in downloads. You should be able to read them using command
man thongs
or even without installation by switching into man folder included in packet and typing
man ./thongs.8
Thongs can also display runtime help when F2 is pressed.
Feel free to contact me via email (mazziesaccount@gmail.com) or just fork the project from github, improve thongs and send me patch(es). I am open to suggestions and glad when receiving bug fixes. Adding support for new protocols should not be terribly hard. You can check the protocolparser.c and protocolparser.h files for generic protocol parsing operations, and some of the protocolparser_<protocol> files for protocol specific portions.
|