flare-fakenet-ng icon indicating copy to clipboard operation
flare-fakenet-ng copied to clipboard

Published 20 hours ago verified publisher icon mandiant

[Feature] Configurable pcap verbosity

Open strictlymike opened this issue 8 years ago • 1 comments

FakeNet-NG currently records datagrams at various intermediate stages within the pcap it creates:

  • Before any modification
  • After IP redirection
  • After port redirection

Users would like to be able to configure FakeNet-NG to omit some of the duplicate (modified) datagrams. It is easy to imagine that users might want at least these three pre-set modes of behavior:

  • Before any modification
  • After all modifications
  • Verbose

Furthermore, users may foreseeably wish to configure FakeNet-NG to write multiple pcaps, selecting the mode (from the above) for each.

strictlymike avatar Aug 29 '17 18:08 strictlymike

The proxy listener adds a new layer of complexity to this which should be included in the design and implementation of this feature. Specifically, the proxy listener causes traffic to exist twice in the same pcap, and where SSL/TLS is used, it means the traffic will appear both encrypted and decrypted within the same pcap.

strictlymike avatar Jun 08 '18 14:06 strictlymike