<HTML> <HEAD> <TITLE>The KSnuffle Manual: Dynamic Plugins</TITLE> </HEAD> <BODY TEXT="#000000" BGCOLOR="#FFFFFF" LINK="#AA0000"> <FONT FACE="Helvetica"> <A HREF="http://www.kde.org/"><IMG SRC="logotp3.gif" ALT="The K Desktop Environment" BORDER=0 ></A> <BR> <HR noshade> <DIV ALIGN=right> <A HREF="index-6.html">Next</A> <A HREF="index-4.10.html">Previous</A> <A HREF="index.html#toc5">Table of Contents</A> </DIV> <BR> <H3> <A NAME="s2"></A>5. Plugins </H3> <P> <B>Plugins</B> provide a mechanism whereby additional modules can be loaded in order to display specific network traffic information, without the need for all such modules to appear in all sniffers at all times. </P> <P> KSnuffle 2.2 comes with five (well, for practical purposes, four) plugins: <UL> <LI><B>Demo</B><BR> This is a simple demonstration plugin. It does nothing other than copy some configuration information, and display a count of captured packets. The code can be used as a basis for a real plugin. </LI> <LI><B>Summary</B><BR> <A NAME="summary"></A> <A HREF="summary.html" target="Summary Plugin">Click for full size image</A><IMG SRC="summary_s.png"><BR> This plugin displays summary information. Each captured packet is classified as incoming (to the host), outgoing, passing (neither from nor to this host) or internal (or unknown if it cannot be classified, currently classification is based on IP address rather than MAC address). For each classification, the number of packets, and the total network and data traffic are shown. There are no configuration settings for this plugin. </LI> <LI><B>EndToEnd</B><BR> <A NAME="endtoend"></A> <A HREF="endtoend.html" target="EndtoEnd Plugin">Click for full size image</A><IMG SRC="endtoend_s.png"><BR> This plugin categorises captured packets by source and destination IP address. For each such category, packet count, plus total network and data traffic are shown, split between each direction. New source/destination pairs are added as they appear. There are no configuration settings for this plugin. Clicking on a column header sorts on that column; double clicking an entry forces that entry to the top of the display. </LI> <LI><B>DNS</B><BR> <A NAME="dns"></A> <A HREF="dns.html" target="DNS Plugin">Click for full size image</A><IMG SRC="dns_s.png"><BR> The DNS plugin examines DNS request messages, and displays the requestor, the server, the query and, if and when it the appears, the (first) answer. Note that a second or subsequent answer, nor authority or additional results are displayed. </LI> <LI><B>TCP/IP</B><BR> <A NAME="tcpip"></A> <A HREF="tcpip.html" target="DNS Plugin">Click for full size image</A><IMG SRC="tcpip_s.png"><BR> The TCP/IP plugin monitors TCP/IP packets, and attempts to display separate TCP/IP connections and the state at each end. Note that since <B>KSnuffle</B> cannot see the internal state of the machines at each end of the stream, it must make various assumptions, for instance that all packets are correctly recieved. Individual packets, and TCP/IP stream data can be displayed, as for the main <A HREF="index-4.7.html">packet</A> display. Note that packets are logged in files in <I>/tmp</I>, howeve these have no access for <I>group</I> or <I>other</I>, and are owned by the user running <B>ksnuffle</B>. </LI> </UL> </P> <P> Unless <B>KSnuffle</B> is run by <I>root</I>, it will only load plugins from the default plugin directory. This prevents privileged users from implementing their own trojan plugins. </P> <P> <A HREF="index-6.html">Next</A> <A HREF="index-4.10.html">Previous</A> <A HREF="index.html#toc5">Table of Contents</A> </P> <P> <HR size="3" noshade> </P> </BODY> </HTML>