Honeypots mailing list archives
Re: Use of pcap_api.pl
From: Camilo Viecco <cviecco () indiana edu>
Date: Fri, 15 Sep 2006 08:55:52 -0400
Hi Leonard... do: "./pcap_api.pl -M 1 'sensor=2170483942;con_id=541689' > pcap_temp.pcap" Two things to notice: 1. the -M option,for command line, needs a 1 in oder to be correctly accepted (there was a problem with detecting flags appropiately, so -M 1 became an option) 2. The cgi parameters must be specified as one parameter, (look at the quotes) Hope this helps Camilo Leonard Kwan wrote:
Hi, I was wondering whether someone could let me know how to use the pcap_api.pl? Basically I am trying to get the packet captures that the honeywall records. I would then like to load these into a database for the purposes of data mining. From what I've been able to gather from the Flow.pl I need to specify several parameters, but unfortunately have not had any luck getting it to work. I've tried ./pcap_api.pl -M sensor=2170483942;con_id=541689 > pcap_temp.txt to no avail. I get those two parameters from the walleye interface (/walleye.pl?act=snortdecode;sensor=2170483942;con_id=541689) Any help would be much appreciated! Cheers Leonard
Current thread:
- Use of pcap_api.pl Leonard Kwan (Sep 14)
- Re: Use of pcap_api.pl Camilo Viecco (Sep 17)