Penetration Testing mailing list archives
RE: Converting tcpdump traffic to more user friendly output
From: "Shenk, Jerry A" <jshenk () decommunications com>
Date: Sat, 10 Feb 2007 08:49:01 -0500
For that particular task, strings works pretty well. It's not a 100% match but if you have a tcpdump file with just the AOL traffic, you should be able to run "strings capturefile.dump" and pretty much see your conversation. If the tcpdump file includes more data than just the AOL info, you'd want to extract the AOL traffic, send it to standard I/O (STDIO) and then run strings on that...something like: Tcpdump -r capturefile.dump port 5190 -s 4000 -w - | strings The -r switch says to read a file. Port 5190 might be your aol port. You may need a more complicated filter here. The -s 4000 switch says to grab the first 4000 bytes instead of just the default of 56. Some tcpdump versions will also allow -s 0 to display it all but I prefer -s 4000 'cuz they all support that. The -w switch tells tcpdump to write the output to....normally a file, in this case, - means STDIO. Then of course, strings processes your "readable" info and that's what actually hits the screen. -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of techlists () comcast net Sent: Thursday, February 08, 2007 4:23 PM To: pen-test () securityfocus com Subject: Converting tcpdump traffic to more user friendly output Can anyone recommend some software that can take AOL instant messenging traffic sniffed with tcpdump, and convert it into a more easily readable format? Thanks Paul Greene ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=7016 00000008bOW ------------------------------------------------------------------------ **DISCLAIMER This e-mail message and any files transmitted with it are intended for the use of the individual or entity to which they are addressed and may contain information that is privileged, proprietary and confidential. If you are not the intended recipient, you may not use, copy or disclose to anyone the message or any information contained in the message. If you have received this communication in error, please notify the sender and delete this e-mail message. The contents do not represent the opinion of D&E except to the extent that it relates to their official business. ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW ------------------------------------------------------------------------
Current thread:
- Converting tcpdump traffic to more user friendly output techlists (Feb 10)
- RE: Converting tcpdump traffic to more user friendly output Marc Doudiet (Feb 12)
- Re: Converting tcpdump traffic to more user friendly output crazy frog crazy frog (Feb 12)
- RE: Converting tcpdump traffic to more user friendly output Shenk, Jerry A (Feb 12)
- Re: Converting tcpdump traffic to more user friendly output Isaac Perez Moncho (Feb 12)
- Re: Converting tcpdump traffic to more user friendly output Francois Yang (Feb 12)
- RE: Converting tcpdump traffic to more user friendly output Norbert Murzsa (Feb 12)
- Re: Converting tcpdump traffic to more user friendly output Tobias Glemser (Feb 12)