Difference between pages "Libdnet" and "Barnyard2"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
(References)
 
(Created page with "==About == Barnyard is a critical tool for the parsing of Snort's unified binary files, processing and on-forwarding to a variety of output plugins. Unfortunately it has not s...")
 
Line 1: Line 1:
== Abstract ==
+
==About ==
 +
Barnyard is a critical tool for the parsing of Snort's unified binary files, processing and on-forwarding to a variety of output plugins. Unfortunately it has not seen an updated in over 4 years and is not going to be maintained by the original developers. With the new version of the unified format (ie. unified2) arriving we need something to bridge this gap.
 +
To quote directly from the Snort FAQ:
 +
* "Barnyard is an output system for Snort. Snort creates a special binary output format called unified. Barnyard reads this file, and then resends the data to a database backend. Unlike the database output plug-in, Barnyard is aware of a failure to send the alert to the database, and it stops sending alerts. It is also aware when the database can accept connections again and will start sending the alerts again."
  
* libdnet provides a simplified, portable interface to several low-level networking routines, including
+
The SXL team love barnyard. So much so that we want it to stay and have been tinkering around with the code to give it a breath of new life. Here is what we have achieved to far for this reinvigorated code base:
* network address manipulation
+
Parsing of the new unified2 log files.
* kernel arp(4) cache and route(4) table lookup and manipulation
+
*Maintaining majority of the command syntax of barnyard.
* network firewalling (IP filter, ipfw, ipchains, pf, PktFilter, ...)
+
*Addressed all associated bug reports and feature requests arising since barnyard-0.2.0.
* network interface lookup and manipulation
+
*Completely rewritten code based on the GPLv2 Snort making it entirely GPLv2.
* IP tunnelling (BSD/Linux tun, Universal TUN/TAP device)
+
* raw IP packet and Ethernet frame transmission
+
 
+
== Supported languages ==
+
 
+
* C, C++
+
* Python
+
* Perl, Ruby (see below)
+
 
+
== Supported platforms ==
+
 
+
* BSD (OpenBSD, FreeBSD, NetBSD, BSD/OS)
+
* Linux (Redhat, Debian, Slackware, etc.)
+
* MacOS X
+
* Windows (NT/2000/XP)
+
* Solaris
+
* IRIX
+
* HP-UX
+
* Tru64
+
 
+
== External Links ==
+
* [http://search.cpan.org/~vman/Net-Libdnet-0.01/ Net::Libdnet] - Perl interface to libdnet
+
* [http://www.shmoo.com/~bmc/software/ruby/ruby-dnet/ dnet.rb] - Ruby interface to libdnet
+
* [http://www.tcpdump.org/ libpcap] - portable packet capture library
+
* [http://winpcap.polito.it/ winpcap] - libpcap for Windows
+
* [http://monkey.org/~dugsong/pypcap/ pypcap] - libpcap Python module
+
* [http://monkey.org/~dugsong/dpkt/ dpkt] - fast, simple packet creation and parsing in Python
+
* [http://www.packetfactory.net/projects/libnet/ libnet] - packet construction library
+
* [http://www.hsc.fr/ressources/outils/pktfilter/index.html.en PktFilter] - win32 service to configure the IPv4 filtering driver in Windows 2000/XP/Server 2003
+
* [http://vtun.sourceforge.net/tun/ Universal TUN/TAP driver] - virtual point-to-point network tunnel device
+
* [http://www-user.rhrk.uni-kl.de/~nissler/tuntap/ TUN/TAP driver for MacOS X]
+
* [http://libdnet.sourceforge.net/tun-1.1-sol80.sparc64.gz Tunnel driver for Solaris 8 (sparc64)]
+
  
 
== References ==
 
== References ==
 
+
All information on this page is referenced to [http://www.securixlive.com/barnyard2/about.php securixlive.com] where further information about Barnyard can be found.
All information obtained on this page can be found at [http://libdnet.sourceforge.net/]
+

Revision as of 17:17, 13 March 2013

About

Barnyard is a critical tool for the parsing of Snort's unified binary files, processing and on-forwarding to a variety of output plugins. Unfortunately it has not seen an updated in over 4 years and is not going to be maintained by the original developers. With the new version of the unified format (ie. unified2) arriving we need something to bridge this gap. To quote directly from the Snort FAQ:

  • "Barnyard is an output system for Snort. Snort creates a special binary output format called unified. Barnyard reads this file, and then resends the data to a database backend. Unlike the database output plug-in, Barnyard is aware of a failure to send the alert to the database, and it stops sending alerts. It is also aware when the database can accept connections again and will start sending the alerts again."

The SXL team love barnyard. So much so that we want it to stay and have been tinkering around with the code to give it a breath of new life. Here is what we have achieved to far for this reinvigorated code base: Parsing of the new unified2 log files.

  • Maintaining majority of the command syntax of barnyard.
  • Addressed all associated bug reports and feature requests arising since barnyard-0.2.0.
  • Completely rewritten code based on the GPLv2 Snort making it entirely GPLv2.

References

All information on this page is referenced to securixlive.com where further information about Barnyard can be found.