Bugtraq mailing list archives
Tracking tools?
From: isdmill () gatekeeper ddp state me us (David Miller)
Date: Wed, 14 Aug 1996 23:56:41 -0400
Please forgive me if this message is a bit off subject, as it doesn't expose any holes.... I've got a tcpdump of the network while a hacker broke into a machine. I created it on a FreeBSD system with tcpdump -w .... (filters omitted). I can read the file back just fine with a tcpdump -r, and dump the raw data with a -x, but that's less than real useful. Can anyone point out some tools I might apply to this dump file in order to track the session which actually hacked root? I'd most like to see one of the monitoring programs which can be fed from the dump file, but I'd be happy with something which would give me an ascii dump of the data portions of selected packets. Thanks in advance:) --- David Miller ---------------------------------------------------------------------------- It's *amazing* what one can accomplish when one doesn't know what one can't do!
Current thread:
- real time decode of tcpdump output, (continued)
- real time decode of tcpdump output Michael Ryan (Aug 19)
- WU.FTPD vulnerability: gnu tar possibly others Alan Cox (Aug 19)
- Re: WU.FTPD vulnerability: gnu tar possibly others Pedro Melo (Aug 19)
- Re: WU.FTPD vulnerability: gnu tar possibly others Christian Limpach (Aug 19)
- SECURITY FIX/UPDATE: anonftp Elliot Lee (Aug 19)
- Re: Possible bufferoverflow condition in lpr, xterm and xload Igor Chudov @ home (Aug 18)
- Re: Possible bufferoverflow condition in lpr, xterm and xload Evil Pete (Aug 18)
- CERT Advisory CA-96.18 - Vulnerability in fm_fls CERT Advisory (Aug 14)
- Re: Possible bufferoverflow condition in lpr, xterm and xload Ficus Kirkpatrick (Aug 13)
- Re: Possible bufferoverflow condition in lpr, xterm and xload Alexander O. Yuriev (Aug 14)
- Tracking tools? David Miller (Aug 14)
- Re: Tracking tools? Gene Titus (Aug 15)
- Re: Tracking tools? neill (Aug 15)
- Re: Tracking tools? Tracy R. Reed (Aug 15)
- SGI Security Advisory 19960801-01-PX, SGI Security Coordinator (Aug 17)
- CERT Advisory CA-96.19 - Vulnerability in expreserve Pete Ashdown (Aug 15)
- Re: CERT Advisory CA-96.19 - Vulnerability in expreserve Casper Dik (Aug 18)
- Re: Tracking tools? Greg Miller (Aug 15)
- Re: mail storm Valdis.Kletnieks () vt edu (Aug 13)
- Re: mail storm Darrell Fuhriman (Aug 13)
- Re: mail storm Ed Arnold (Aug 14)