On hold

please wait before starting anything. There will be a major update to Hinty to tackle type hinting of the core (at least fields & packet). This will allow contributors to tackle smaller parts (the layers). In the meantime, have a look at the other contributions wanted page: secdev/scapy#399 - thanks

Project "Hinty" aims at adding **Type hi

I might be missing something, but I'm not seeing test functions in termshark.go. It looks like there's a smattering of unit tests scattered throughout other files, which is good. More unit tests for the main file would be helpful here (and goes hand in hand with #20).

I would like to point out that identifiers like “_DLL_HEADER” and “_MOLOCH_LUA_” [do eventually not fit](https://www.securecoding.cert.org/conf

Recently I git cloned a zeek plugin, built it, and then wanted to add additional instrumentation (to understand it better) via the PLUGIN_DBG_LOG() macro mentioned here [1].

While adding the debug macros worked fine, I had difficulties switching on the debugging via the zeek --debug option. Why? Because the plugin name to be specified is case sensitive and if you get it wrong then there is

We need to test config file against errors

• Someone can try to use "yes" to turn on a boolean parameter which needs "on"
• Someone can wrong type a parameter
• Someone can write an invalid parameter
• Someone can write an invalid IP address / CIDR

Document all supported URL patterns for elastic and other configuration variables. Allow users to validate a head if URL parameters in configuration stand in the supported patterns.

Examples:

http://hostname
http://hostname:port
http://IP:port
https://IP:port
IP:port
hostname

.... I probably missed some supported patterns ...

You can sniff a packet, modify it, and re-send it using libtins. The only issue is dropping the original one so the receiver doesn't get two packets. This could be done via iptables rules, I'm sure there has to be some article describing how to do it.

Originally posted by @mfontanini in mfontanini/libtins#61 (comment)

The pcap-filter man page could benefit from some clarifications and improvements, such as:

1. proto qualifiers: The man page reads, "proto qualifiers restrict the match to a particular protocol. Possible protos are: ether, fddi, tr, wlan, ip, ip6, arp, rarp, decnet, tcp and udp. " However, as noted in the discussion from http://ask.wireshark.org/questions/26350/how-to-filter-wlan-with-a-capture

The project works with 8 modules < reference source/Module >

• Creating issue to accelerate/track test frame building of each module
• The test folder has a very basic example to start with.
• Feel free to make a pull request for the test cases

I get this error when I try to run node pcap on OS Sierra.

It works fine on El Capitan and Yosemite but I can only get it to work on OS Sierra. Any ideas why that could be? I couldn't find any obvious permissions to set when I

Describe the bug
Installation instructions in README.md file and on the Download and installation web page are outdated. Missing coverage for autogen.sh script.

To Reproduce
Steps to reproduce the behavior:

1. GIT Clone fresh Master source in a new empty folder
2. Attempt to execute ./configure per installation instructi

Right now a user has to figure out the verbosity levels with try and error or by reading the source code. There should be a table in the man page for this.

• what is the name of the switch for mirroring (name defined in the faucet.yaml, not dns, for example)
• the port that Poseidon uses for mirroring needs to be controlled by Faucet, therefore it needs to be an openflow port
• the port that Poseidon uses needs to be configured in faucet.yaml to be output_only: true and no native vlan (a port for mirroring from Faucet's perspective)
• Requiremen