-
Notifications
You must be signed in to change notification settings - Fork 0
/
README
116 lines (85 loc) · 3.71 KB
/
README
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
hashgrabd
---------
About
-----
Hashgrabd is a utility designed to obtain the cryptographic hashes that
uniquely identify shared files on peer to peer networks. Hashgrabd currently
supports the BitTorrent and eDonkey protocols.
Limitations
-----------
BitTorrent hashes are only obtained the announcement TCP packets, it does not
monitor sessions that actually transfer data. Only a limited subset of eDonkey
opcodes are implemented, these are those most likely to contain a useful valid
hash.
Outputs
-------
Hashgrabd can either output to STDOUT or a UDP network socket, each UDP packet
contains a single line that would have been output via STDOUT.
Compiling
---------
At current hashgrabd does not have a ./configure script, and should compile
successfully on most modern operating systems. It has been tested on FreeBSD
and Linux.
1. Obtain current release of hashgrabd.
# wget http://github.com/tignetworking/hashgrabd/tarball/release-current
2. Extract current release of hashgrabd, XXXXXXX will very depending on git
commits.
# tar xvzf tignetworking-hashgrabd-XXXXXXX.tar.gz
3. Build hashgrabd
# make
The resulting executable should be portable to move into whatever directory you
require.
Running
-------
Command-line parameters are listed upon executing the program with no
arguements.
hashgrabd: no capture interface defined
hashgrabd: program usage
hashgrabd: -v - print current version
hashgrabd: -i <device> - device to capture packets from
hashgrabd: -P - set capture device to promiscuous
hashgrabd: -d - daemonise this program
hashgrabd: -e - grab edonkey/emule hashes
hashgrabd: -F - grab edonkey filename
hashgrabd: -b - grab bittorrent hashes
hashgrabd: -f <filename> - file to capture packets to
hashgrabd: -c - print output to console
hashgrabd: -n - print output to network via udp
hashgrabd: -h <hostname> - hostname to send udp to (default => localhost)
hashgrabd: -p <port> - port to send udp to (default => 10000)
hashgrabd: "<filter>" - bpf filter to be applied to traffic
Examples
--------
* Capture eDonkey only from eth0 and display on screen.
./hashgrabd -e -c -i eth0
* Capture both eDonkey and BitTorrent from eth0 and display on screen.
./hashgrabd -b -e -c -i eth0
* Capture BitTorrent only from eth0, export via UDP and daemonise into
background.
./hashgrabd -b -i eth0 -n -h localhost -p 10000 -d
* Capture BitTorrent and eDonkey packets from eth0 only outgoing from a local
private network, exporting via UDP and daemonise into background.
./hashgrabd -b -e -i eth0 -n -h localhost -p 10000 -d "src net 10.0.0.0/8"
See Also
--------
hashgrab-captured - Perl script to capture from network, store either on
disk or into MySQL database.
hashgrab-web - PHP site to read from MySQL database, propulated from
hashgrab-captured.
Authors
-------
hashgrabd is maintained by the following individuals:
o Peter Wood <[email protected]> (Project Lead)
o Daniel Meyers <[email protected]>
License
-------
Copyright (C) 2010 University of Lancaster
This program is free software: you can redistribute it and/or modify it
under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version. This program is distributed in the
hope that it will be useful, but WITHOUT ANY WARRANTY; without
even the implied warranty of MERCHANTABILITY or FITNESS FOR
A PARTICULAR PURPOSE. See the GNU General Public License
for more details. You should have received a copy of the GNU General
Public License along with this program. If not, see <http://www.gnu.org/licenses/>.