<HTML>
<HEAD>
<TITLE>The KSnuffle Manual: Dynamic Plugins</TITLE>
</HEAD>
<BODY TEXT="#000000" BGCOLOR="#FFFFFF" LINK="#AA0000">
<FONT FACE="Helvetica">
<A HREF="http://www.kde.org/"><IMG SRC="logotp3.gif" ALT="The K Desktop Environment" BORDER=0 ></A>
<BR>
<HR noshade>
<DIV ALIGN=right>
<A HREF="index-6.html">Next</A>
<A HREF="index-4.10.html">Previous</A>
<A HREF="index.html#toc5">Table of Contents</A>
</DIV>
<BR>
<H3>
<A NAME="s2"></A>5. Plugins
</H3>
<P>
<B>Plugins</B> provide a mechanism whereby additional modules can
be loaded in order to display specific network traffic information,
without the need for all such modules to appear in all sniffers at
all times.
</P>
<P>
KSnuffle 2.2 comes with five (well, for practical purposes, four)
plugins:
<UL>
<LI><B>Demo</B><BR>
This is a simple demonstration plugin. It does nothing other
than copy some configuration information, and display a count
of captured packets. The code can be used as a basis for a
real plugin.
</LI>
<LI><B>Summary</B><BR>
<A NAME="summary"></A>
<A HREF="summary.html" target="Summary Plugin">Click for full
size image</A><IMG SRC="summary_s.png"><BR>
This plugin displays summary information. Each captured packet
is classified as incoming (to the host), outgoing, passing
(neither from nor to this host) or internal (or unknown if it
cannot be classified, currently classification is based on IP
address rather than MAC address). For each classification, the
number of packets, and the total network and data traffic are
shown. There are no configuration settings for this plugin.
</LI>
<LI><B>EndToEnd</B><BR>
<A NAME="endtoend"></A>
<A HREF="endtoend.html" target="EndtoEnd Plugin">Click
for full size image</A><IMG SRC="endtoend_s.png"><BR>
This plugin categorises captured packets by source and
destination IP address. For each such category, packet count,
plus total network and data traffic are shown, split between
each direction. New source/destination pairs are added as they
appear. There are no configuration settings for this plugin.
Clicking on a column header sorts on that column; double
clicking an entry forces that entry to the top of the display.
</LI>
<LI><B>DNS</B><BR>
<A NAME="dns"></A>
<A HREF="dns.html" target="DNS Plugin">Click
for full size image</A><IMG SRC="dns_s.png"><BR>
The DNS plugin examines DNS request messages, and displays
the requestor, the server, the query and, if and when it
the appears, the (first) answer. Note that a second or
subsequent answer, nor authority or additional results are
displayed.
</LI>
<LI><B>TCP/IP</B><BR>
<A NAME="tcpip"></A>
<A HREF="tcpip.html" target="DNS Plugin">Click
for full size image</A><IMG SRC="tcpip_s.png"><BR>
The TCP/IP plugin monitors TCP/IP packets, and attempts to
display separate TCP/IP connections and the state at each
end. Note that since <B>KSnuffle</B> cannot see the internal
state of the machines at each end of the stream, it must make
various assumptions, for instance that all packets are
correctly recieved. Individual packets, and TCP/IP stream
data can be displayed, as for the main
<A HREF="index-4.7.html">packet</A> display. Note that
packets are logged in files in <I>/tmp</I>, howeve these
have no access for <I>group</I> or <I>other</I>, and are
owned by the user running <B>ksnuffle</B>.
</LI>
</UL>
</P>
<P>
Unless <B>KSnuffle</B> is run by <I>root</I>, it will only load
plugins from the default plugin directory. This prevents
privileged users from implementing their own trojan plugins.
</P>
<P>
<A HREF="index-6.html">Next</A>
<A HREF="index-4.10.html">Previous</A>
<A HREF="index.html#toc5">Table of Contents</A>
</P>
<P>
<HR size="3" noshade>
</P>
</BODY>
</HTML>
distrib
>
Mandriva
>
8.2
>
i586
>
media
>
contrib
>
by-pkgid
>
07e50cafac9da67d9e9336db4030817a
>
files
>
88
