thongs - raw ethernet frame sniffer and generator


What is thongs

Thongs is raw ethernet frame listening/analysing/filtering/logging/crafting utility for linux. It aims to be lightweight console utility, still offering some runtime controls via menus etc. This is done using ncurses library. Thongs project was derived from nibbles, and this may still be seen in some parts of documentation etc.

What thongs does

Thongs can be used to:

  • Logging frames to pcapNG file
  • Displaying frames on console
  • filtering displayed / stored frames based on keystring lists and some protocol aware filters
  • There are 3 types of filters
    • include filters
    • exclude filters
    • highlight filters
  • Ethernet packet crafting and sending
  • Storing/Loading crafted packets to text file
  • Finding C structures/definitions from header files
  • Using config file to set log file name, initial filters etc.

Install

After obtaining thongs you need to compile and (optionally) install it. This can be done by issuing commands

make
sudo make install

in folder where Makefile is located. Note that thongs needs ncurses library (also form, menu and panel libraries). Typically these are all included in ncurses development library, often called as ncurses-devel. On Fedora you can install ncurses by issuing command

sudo yum install ncurses-devel

More information

Thongs provides minimal help when ran with --help option.

thongs-sniffer --help

There is also man pages for thongs online and included in downloads. You should be able to read them using command

man thongs

or even without installation by switching into man folder included in packet and typing

man ./thongs.8

Thongs can also display runtime help when F2 is pressed.

Development ideas/needs or just an urge to write C?

Feel free to contact me via email (mazziesaccount@gmail.com) or just fork the project from github, improve thongs and send me patch(es). I am open to suggestions and glad when receiving bug fixes. Adding support for new protocols should not be terribly hard. You can check the protocolparser.c and protocolparser.h files for generic protocol parsing operations, and some of the protocolparser_<protocol> files for protocol specific portions.







See also my other projects:
nibbles - UDP print listener | NSN - Network Status Notifier | epb - Ethernet Packet Bombardier

Liked this program?
Donate to help me spend more time developing these =)

Valid HTML 4.01 Transitional