			Grabbing ethernet traffic

    Introduction
    ------------

Program Skyfish is intended for interception Ehternet of a stream from network
 interfaces, whether it be a satellite card or usual network, with the 
subsequent preservation of contents. There is an opportunity of the instruction
 of a filtration as a file and to its size. The program consists of two basic 
 parts. The module ng_skyfish.ko loaded into a kernel and actually, programs 
 for the analysis and a filtration of the traffic.

At the first start of the program the module will be loaded and there should be 
a device/dev/skyfish through which we and shall receive packages for the 
analysis the program skyfish. 

Example of a configuration file /usr/local/etc/skyfish.conf.dist, on the basis 
of it create the and keep in the same directory as skufish.conf.

At start of the program we pay attention to a line " Symbol rate: " 
it should not be red, and there should be a speed, capture of a stream means is.    

    INTERFACE
    ---------

In heading of the program the version of the program and following fields 
is specified: 
    Symbol Rate current speed of stream 
    In: 	general last stream 
    Write: 	how many the byte have been written down on a disk. 
    CountPKS: 	quantity of open streams 
    Bad: 	quantity of packages with the wrong control sum
	Buf:	count overload buffer, drop packets occur.

    CONTROL
    -------
    
Management very simple by means of keys. For moving the cursor on the screen 
keys are used: 
	'DOWN'	-	move cursor
	'UP' 	-
	'LEFT'	-
	'RIGTH'	-
	' DELETE ' - to remove the allocated file or set allocated filter in 0
	'g' -	show window to change filtering by size
	'1'-'0'   - change step by *10
	Page_up	  - increade
	Page_down - decrease
	'S'	  - save new parametres in skyfish.conf
	'v' -	for testing only
	'Q' - 	exit programm
	' h ' - to show the latent streams 
	' i ' - to show header HTTP 

    ADJUSTMENT 
    ----------

adjustment the Description of a file of adjustments skyfish.conf 

version 0.90 			// for verification of a file of adjustments with the version of the program 
iface dvb0 			// the listened interface is specified. 
iface msk0 			// as an example.. Additions of the second interface [not necessarily] 
OK /fromsat/ok 		// a way where will be located the caught files
TEMP /fromsat/temp 	// a time place for assembly of files 
INCOMPLETE /fromsat/incomplete // a directory for beaten or not full loaded a broad gully file 
LOG ./skyfish.log		// log file
TIME_LIVE_THREAD 600 		// time of a life of stream 
TIME_END_FILE 1600 		// how many to wait for files after the termination of record in a file before removal
NOCOMPLETE 90 			// the percent of integrity of a beaten file for a premise in a folder incomplete 
MAXTHREADS 300 			// the maximum quantity of streams 
Further goes the description of the filter as and to the size if it is not necessary to accept 
the type given at all we put a sign '-'.
type rar	5Mb	1Gb
type jpeg	300Kb	2Mb
type gif	120Kb	600Kb
type html	-
type swf	-
type msi	10Mb	100Mb
type jsp	-

Surkov Andrey. <nsand@sura.ru>
