The WebTap application relies on a customized variant of the tcpick packet sniffer. In this section I will give detailed instruction on how to build the modified tcpick. If you cannot follow the instructions or you think that anything needs to be pointed out more clearly, then please give me a hint: chris (at) jwall . org.
In order to build tcpick, you need to get the source and have a development environment installed (that is c-compiler, libc-headers, etc.). Most important you need to have the libpcap library and its headers available on your systems.
- Preparing your environment
As tcpick relies on the packet-capture library libpcap you need to have this available on your systems. As you are going to compile tcpick we also need to have the library's header files available. On Debian or Ubuntu systems, these can quickly by installed using
sudo apt-get install libpcap0.7 libpcap0.7-devThis will install the library itself (libpcap0.7) as well as the header files (libpcap0.7-dev).
- Getting the Source
The source of tcpick is available from its sourceforge site. For the impatient, I have a direct link available: http://kent.dl.sourceforge.net/sourceforge/tcpick/tcpick-0.2.1.tar.gz
Simple download the source using your favorite leecher:
- Patching the Source
Before tcpick can be built, we need to apply the patch, that is required for use with WebTap. The patch is available here: tcpick.patch.gz. Simple right-click-and-safe the URL or again use your leecher:
Now we are ready to untar the source and apply the patch. In case you downloaded all the stuff into your current working directory, you can simply get along by issuing
gunzip tcpick.patch.gz tar xzvf tcpick-0.2.1.tar.gz cd tcpick-0.2.1 patch -p1 < ../tcpick.patch
- Configuring and Compiling Tcpick
The last step is to run the
configurescript and compile tcpick using
./configure make make install # optionalAs for the last
make install: this is optional, though recommended. You don't need to install tcpick right now. For trying out the WebTap you may simply start tcpick from its source-directory.
The patched tcpick now allows for a new sub-option "B" to be issued. For more details on the patch and this option, see the Tcpick Patch page. After you got tcpick build, you can start the WebTap by starting tcpick and piping its output to the tap (all in one line):
tcpick -i eth0 -n -h -bBR "tcp port 80" | java -jar org.jwall.web.tap-0.4.6.jar \ -o /path/to/audit-directory