IPaudit is a very useful utility for a Linux user on a LAN. This listens to all data transferred over a LAN connection and then will print a summary of all data sent through the network interfaces.
Download the tarball from the website here: http://ipaudit.sourceforge.net/index.html.
Then unpack.
Install the patch below before compilation, this will allow it to compile on a modern Linux distribution.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 | --- ./src/beta/dcalc.c +++ ./src/beta/dcalc.c @@ -12,6 +12,7 @@ Include Files ------------------------------------------------------------------------ */ +#include <ctype.h> #include <stdio.h> #include <stdlib.h> #include <string.h> --- ./src/beta/pdate.c +++ ./src/beta/pdate.c @@ -8,6 +8,7 @@ Include Files ------------------------------------------------------------------------ */ +#include <ctype.h> #include <stdio.h> #include <stdlib.h> #include <string.h> --- ./src/hash.c +++ ./src/hash.c @@ -37,6 +37,7 @@ */ #include <stdio.h> #include <stdlib.h> +#include <string.h> #include "hash.h" --- ./src/ipaudit.c +++ ./src/ipaudit.c @@ -37,6 +37,7 @@ Include Files ------------------------------------------------------------------------ */ +#include <errno.h> #include <stdio.h> #include <stdlib.h> #include <sys/types.h> @@ -217,7 +218,6 @@ Global VARIABLES ------------------------------------------------------------------------ */ -extern INT errno; extern CHAR pcap_version[]; --- ./src/ipstrings.c +++ ./src/ipstrings.c @@ -40,6 +40,7 @@ Include Files ------------------------------------------------------------------------ */ +#include <errno.h> #include <stdio.h> #include <stdlib.h> #include <sys/types.h> @@ -247,7 +248,6 @@ Global VARIABLES ------------------------------------------------------------------------ */ -extern INT errno; extern CHAR *pcap_version[]; --- ./src/total.c +++ ./src/total.c @@ -141,7 +141,7 @@ Main FUNCTION ------------------------------------------------------------------------ */ -main (INT argc, CHAR *argv[]) { +INT main (INT argc, CHAR *argv[]) { INT arg; INT nkey, ndata, nproc, nfield; INT nrdata; |
Then run “make”. Once that is completed, copy the binaries to /usr/local/bin and you are done.
Below is a sample session recording data transferred through the Ethernet interface.
jason@jason-Lenovo-H50-55:~/Documents/ipaudit-0.95$ sudo ipaudit -w dump.fil -p1:2:6,21,23 enp0s25 ^C065.108.201.176 192.168.001.002 17 56881 51413 136 100 1 1 072.039.154.030 192.168.001.002 17 6881 51413 100 0 1 0 073.137.059.045 192.168.001.002 17 49213 51413 236 0 2 0 074.059.228.225 192.168.001.002 17 6882 51413 136 341 1 1 086.096.025.111 192.168.001.002 17 45051 51413 200 0 2 0 112.038.051.250 192.168.001.002 17 13072 51413 136 0 1 0 181.221.108.069 192.168.001.002 17 6881 51413 100 122 1 1 183.252.037.104 192.168.001.002 17 55703 51413 136 310 1 1 185.125.190.058 192.168.001.002 17 123 37370 90 90 1 1 192.168.001.001 224.000.000.001 2 0 0 0 50 0 1 192.168.001.002 193.009.114.004 17 51413 57765 310 136 1 1 192.168.001.002 224.000.000.022 2 0 0 0 54 0 1 192.168.001.005 192.168.001.255 17 50525 51007 0 5952 0 32 192.168.001.005 224.000.000.022 2 0 0 0 108 0 2 |
This program was last updated in 2013, but the patch above fixes it and it compiled fine on my machine.
The example below captures 500 packets from the network interface and then saves them to the traffic.out file.
jason@jason-Lenovo-H50-55:~/Documents/ipaudit-0.95$ sudo ipaudit -c 500 enp0s25 > traffic.out |