|
Unmaintained
This software is unmaintained. Lestat
Free Software
|
Lestat is comprised of two halves - a simple Perl agent which listens for the connections and logs them to a database, and a reporting half which pulls the database information out and displays it. Both halves are completely independent and can easily run upon different hosts. The agent, lestat, is the software which does most of the work. Utilitizing the 'Net::Pcap' module it is capable of intercepting all packets destined for the host it is running upon, and decoding the header information. All captured packets have their details written to a database, which they can later be extracted from - and viewed using the supplied PHP scripts. The database schema is reproduced below. As you can see it is very simple - all the details are stored in a single table which looks like this: create table connectiosn ( id int default '0' NOT NULL AUTO_INCREMENT, src_ip VARCHAR(16), dst_ip VARCHAR(16), src_port int, dst_port int, time TIMESTAMP, PRIMARY KEY(id) ); 'src' is used consistently as to represent the source of the captured packet, and 'dst' is the destination of the packet. The destination of the packet should always match the ip address of your capturing machine - unless you're fiddling with the code.. The display of the data is conducted via a collection of PHP scripts. Although lestat itself is written in Perl, the ease with which database code can be constructed within PHP made this a reasonable choice. The display is fairly straightforward at the moment - there are a couple of different forms of processing which are used:
Future enhancments are planned - which include the ability to plot trends over a week or more, and search for hosts. Each of the pages is constructed via a simple template, stored within the web/tmpl/ directory. I'd appreciate any enhanced versions of these templates, because I know writing a good GUI is hard. |
|
[ Sitemap | Contact Me ]
|
|