Redhive: Peep Traffic Monitor
          pedram amini <pedram@redhive.com, http://pedram.redhive.com>

###
### What is this?

    A client for Peep! (The Network Auralizer) (http://peep.sourceforge.net).
When I first started playing with Peep I expected it to generate noises based
off of live network traffic. To my horror *gasp* this was not the case. The
sample clients that were provided generated events based off of log analysis.
The downfall to this approach is that only traffic to and from your server (web,
pop, smtp) could be "seen". So I wrote my own client, a small tcpdump wrapper,
to generate events through watching the wire.

    In this package you will find:
        - README                this file.
        - traffic_monitor.pl    the client script.
        - peep.conf             default peep.conf plus my additions.


###
### How do I set it up?

You need to insert the following in peep.conf to setup the client:

------ snip snip -----
client traffic_monitor
    class home
    port 1999
    config
        # service       event
        21              tm-ftp
        22              tm-ssh
        25              tm-smtp
        53              tm-dns
        80              tm-http
        110             tm-pop
        443             tm-https
    end config
end client traffic_monitor
------ snip snip -----

And the following also in peep.conf under the events sections to map sounds to
our events (you can change these as you see fit).

------ snip snip -----
# redhive: traffic monitor
tm-ftp       /usr/local/share/peep/sounds/wetlands/events/cardinal-05.*        1
tm-ssh       /usr/local/share/peep/sounds/wetlands/events/chatter-01.*         1
tm-smtp      /usr/local/share/peep/sounds/wetlands/events/light-chirps-01.*    1
tm-dns       /usr/local/share/peep/sounds/wetlands/events/squeak-02.*          1
tm-http      /usr/local/share/peep/sounds/wetlands/events/jay-01.*             1
tm-pop       /usr/local/share/peep/sounds/wetlands/events/light-chirps-04.*    1
tm-https     /usr/local/share/peep/sounds/wetlands/events/robin-01.*           1
end events
------ snip snip -----

Finally, you must restart the peep server and start the client. YOU MUST RUN THE
CLIENT AS ROOT. This is because we're using tcpdump to sniff all traffic. That
should be all. Oh yes, at the top of the client is a print_flag that you can use
to control whether or not the client prints output. I start the client like so:
    nohup ./traffic_monitor.pl &


###
### How do I add / remove services to generate events on?

    Four simple steps:
        - modify the tcpdump filter string at the top of the client to reflect
          the services you wish to watch for.
        - add the services to peep.conf in the client config area.
        - make an event entry for all your services in peep.conf.
        - restart client / server.