iplog is a TCP/IP traffic logger. Currently, it is capable of logging TCP, UDP, and ICMP traffic. iplog is able to detect TCP port scans, TCP null scans, FIN scans, UDP and ICMP "smurf" attacks, bogus TCP flags, TCP SYN scans, TCP "Xmas" scans, ICMP ping floods, UDP scans, and IP fragment attacks. iplog is able to run in promiscuous mode and monitor traffic to all hosts on a network. iplog uses libpcap to read data from the network and can be ported to any system that supports pthreads and on which libpcap will function.
|Tags||Security Logging Monitoring|
|Operating Systems||POSIX BSD BSD/OS FreeBSD NetBSD OpenBSD IRIX Linux Solaris|
Release Notes: Bugfixes and the addition of a "--pid-file" command-line argument.
Release Notes: This release includes the ability to detect TCP SYN scans, and has been fixed to allow building on Solaris 8.
Release Notes: Fixes for switching users and getting IDENT info.
Release Notes: Lots of bugfixes, support for a configuration file, and fixes to build on lots of platforms.
Release Notes: The ability to detect when interfaces go down and re-open them when they come back up, detection of a new class of Xmas scans (which were recently discussed on Bugtraq), the ability to listen on loopback interfaces, and fixes for lots of bugs, including lockups that occurred when iplog was listening on more than one interface.