7. Caveats
Please note the following points.
-
KSnuffle is based on libpcap-0.4, as used in, for example,
the tcpdump utility. Since I only have access to Linux
machines, I only have libpcap for Linux. If you wish to run
KSnuffle on a system other than Linux, you will need to get hold
of a suitable version of libpcap and rebuild the program.
-
KSnuffle bypasses the defined libpcap API. Specifically,
it may construct multiple filter programs for a single packet
capture instance, and applies these directly to captured packets;
the libpcap packet capture loop actually runs with a null
filter program which accepts all packets. So far as I can tell,
this works correctly for Linux, but I cannot test other systems.
-
Since I only have access to x86 machines, I cannot test KSnuffle
on big-endian machines.
-
Some of the KSnuffle code is Lunux dependant (eg., it uses
/proc/net/arp to obtain mappings between MAC and IP
addresses). Your milage may vary under other Unix's.
-
The protocol decoding in this version assumes that it is
handling correct packets. Hence, it would be possible to crash
KSnuffle by sending it, for instance, a suitably crafted
DNS datagram. However, so far as I am aware, it is not
susceptible to buffer overflow attacks.
Next
Previous
Table of Contents