About
packet-o-matic is a real time packet processor under the GPL license. It reads the packet from an input module, match the packet using rules and connection tracking information and then send it to a target module.
This has been tested on Linux/x86, Linux/x86_64, Linux/hppa, Linux/sparc, FreeBSD/x86, Solaris/sparc and OSX/ppc.
News
2008/12/02 : New mode directory for input_pcap.
2008/11/24 : New updated Gentoo ebuild here.
2008/11/22 : Recoded target_http to support chunked and gzip encoding.
2008/11/11 : Added sqlite3 support.
2008/11/10 : Added datastore support. Currently only PostgreSQL but more to come.
2008/08/11 : Added target_msn. Not yet complete but being worked on.
2008/08/24 : Libnet dependency is gone, replaced by libpcap.
2008/08/21 : New forums available here.
2008/08/12 : Defcon slides available here.
2008/08/08 : Built-in web interface now available.
2008/07/15 : Added support for OSX.
2008/06/20 : XML-RPC interface now useable.
2008/06/07 : New IRC channel on freenode : #packet-o-matic
2008/04/13 : Added support for solaris and for filters in input_pcap.
2008/04/12 : Added support for packet expectations.
2008/04/04 : Added support for non x86 architectures.
2008/03/05 : New target_pop has been added to dump POP3 connections.
2008/02/20 : Added support for bi directional streams in target_rtp.
2008/02/10 : Renamed target_wave to target_rtp. Added support for vlan.
2008/01/24 : New helper_rtp. This should improve dumping the audio.
2007/11/20 : File path in target http, dump_payload and wave can contain variable like ${match.field} which will be expanded.
2007/11/09 : The wiki is online. Check it out here.
2007/11/08 : No need to touch the xml file anymore. Start packet-o-matic with -e, telnet to port 4655 and configure what you need.
2007/11/06 : Everything can now be administered with the telnet interface. You still need a small config file with an input configured to start with for now.
2007/09/18 : Changed the way inputs are configured. You have to specify the mode in the input tag.
2007/09/10 : Configuration format changed for the match tag. Review the new format in the example file.
Main features
The main feature of packet-o-matic is to be modular. It works for any protocol as long as its corresponding module is found. It has a management console. This means that you can telnet in packet-o-matic and change the configuration in real time. Here is a list of what it can do :
- connection tracking currently for ipv4, ipv6, tcp, udp, rtp
- ip reassembly, tcp reordering
- match the complete protocols encapsulation i.e. "ethernet->ipv6->ipv4->udp->rtp"
- process all the packets in real time to provide the desired output
What it can do
- save all the VoIP calls going on an interface in separate files in real time
- reinject packets destinated to a specific ip and port on another interface or save them in a file
- dump each file of all the http connections in separate files on the disk
- show the important info and an hexadecimal dump of each packet while doing the above three at the same time
- lots of other stuff which would be too long to list here
Modules
Currently implemented modules :
- input modules : docsis, pcap
- match modules : docsis, ethernet, icmp, icmpv6, ipv4, ipv6, linux_cooked, rtp, tcp, udp, vlan
- conntrack modules : ipv4, ipv6, rtp, tcp, udp
- helper modules : ipv4, tcp, rtp
- target modules : display, dump_payload, http, inject, irc, null, pcap, pop, tap, tcpkill, rtp
Sources
Source code is available via svn. You can download a live copy of the source repository by using the following command :
svn checkout https://svn.tuxicoman.be/svn/packet-o-matic/trunk packet-o-matic
Alternatively, you can browse the sources using WebSVN.
Contact
Feel free to contact me directly via email at gmsoft@tuxicoman.be. Any comment, suggestion or feature request is highly appreciated.
You can aslo come on irc.freenode.net and join #packet-o-matic where I'll be hanging.