pipedump Code
Proxies data from stdin/stdout/stderr and logs it in pcap files.
Brought to you by:
syzdek
Menu
▾
▴
Tree [35d1ea] master next pu / History
Read Me
Pipe Dump Utility & Library
===========================
Pipe Dump is a utility which captures the data sent to STDIN and from
STDOUT/STDERR of a program. This is accomplished using fork() and pipe()
to transmit and receive data from the forked process to the pipe dump
utility. Captured data is stored in a file using the libpcap file format.
This is useful for capturing interactions with commands executed
from an SSH connection.
Contents
--------
1. Disclaimer
2. Software Requirements
3. Maintainers
4. Examples
5. Community
6. Source Code
Disclaimer
----------
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL BINDLE BINARIES BE LIABLE FOR
ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
SUCH DAMAGE.
Software Requirements
---------------------
* Git 1.7
* GCC/LLVM
* GNU Autoconf
* GNU Automake
* GNU Libtool
Maintainers
-----------
David M. Syzdek,
Bindle Binaries,
syzdek@bindlebinaries.com
Examples
--------
Command Line
------------
$ cat /etc/resolv.conf | pipedump -dd -o file.pcap -- grep \
-i nameserver
SSH Authorized Keys
-------------------
Pipedump can be inserted into an authorized_keys file to record an SSH
session. This is useful for debugging utilities which use SSH for
authentication and transport such as Gitolite.
Original Entry:
ssh-rsa AAAA..ooU= user@host
Updated Entry:
command="pipedump -dd -o ssh.pcap -- ${SSH_ORIGINAL_COMMAND}" ssh-rsa AAAA..ooU= user@host
Note that the actual RSA key in the above examples has been
truncated to make the lines easier to read.
Display libpcap File
--------------------
Display payload as hexdump:
$ tcpdump -qns 0 -X -r file.pcap
Display payload as ASCII text:
$ tcpdump -qns 0 -A -r file.pcap
Community
---------
Source Code Repository:
https://github.com/bindle/pipedump/
Issue Tracking:
https://github.com/bindle/pipedump/issues
Source Code
-----------
The source code for this project is maintained using git (http://git-scm.com).
The following contains information to checkout the source code from the git
repository.
Download URLs:
http://sourceforge.net/projects/pipedump/files/
Git URLs:
git://github.com/bindle/pipedump.git
git://git.code.sf.net/p/pipedump/code
Downloading Source with Git:
$ git clone --recursive git://github.com/bindle/pipedump.git pipedump
Preparing Source from Git:
$ cd piepdump
$ autoreconf -I ./m4/ -I ./contrib/bindletools/m4/ -i
Git Branches:
master - Current release of packages.
next - changes staged for next release
pu - proposed updates for next release
xx/yy+ - branch for testing new changes before merging to 'pu' branch
