Penetration Testing mailing list archives
Re: Ethereal Help
From: Don Faulkner <don.faulkner () infosec spectria com>
Date: Fri, 14 Sep 2001 10:59:09 -0700
On Thu, Sep 13, 2001 at 08:39:51AM -0700, Junginger, Jeremy wrote:
I need to write a filter rule for ethereal that tracks all access to a specific URL (not ip address). Is this possible, and if so, how?
I would check into ngrep, the 'network grepper': http://www.packetfactory.net/Projects/ngrep/ A line like this may be what you're looking for: # ngrep -d lo -A 2 'index\.html' 'dst port 80' -d lo 'Listen on interface lo' -A 2 'Dump 2 packets of trailing context' 'index\.html' 'regex of what to grep each matching packet for' 'dst port 80' 'the libpcap packet match filter' I don't know if ngrep dumps data in the way you're expecting, but it's a start. Good luck! -- Don Faulkner, CISSP | Senior Security Consultant | Spectria <don.faulkner () infosec spectria com> | --A Rainbow Technologies company | 1-888-IS-GUARD ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- Ethereal Help Junginger, Jeremy (Sep 13)
- Re: Ethereal Help Dave Aitel (Sep 14)
- Re: Ethereal Help Don Faulkner (Sep 14)
- Re: Ethereal Help Robert van der Meulen (Sep 14)
- Re: Ethereal Help Chris Kuethe (Sep 16)
- <Possible follow-ups>
- RE: Ethereal Help Dell, Jeffrey (Sep 16)