Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Tracking tools?

From: isdmill () gatekeeper ddp state me us (David Miller)
Date: Wed, 14 Aug 1996 23:56:41 -0400

Please forgive me if this message is a bit off subject, as it doesn't
expose any holes....

I've got a tcpdump of the network while a hacker broke into a machine. I
created it on a FreeBSD system with tcpdump -w .... (filters omitted).

I can read the file back just fine with a tcpdump -r, and dump the raw
data with a -x, but that's less than real useful.

Can anyone point out some tools I might apply to this dump file in order
to track the session which actually hacked root?  I'd most like to see
one of the monitoring programs which can be fed from the dump file, but
I'd be happy with something which would give me an ascii dump of the
data portions of selected packets.

Thanks in advance:)

--- David Miller

----------------------------------------------------------------------------
                It's *amazing* what one can accomplish when
                    one doesn't know what one can't do!
Previous By Date Next
Previous By Thread Next

Current thread: