Snort mailing list archives
Re: how to convert payload data from MySQL data table to tcpdump formated data?
From: Martin Olsson <elof () sentor se>
Date: Thu, 23 Oct 2003 10:55:22 +0200 (CEST)
On Wed, 22 Oct 2003, samwun wrote:
I got the following snort data install in the Data table in MySQL: | 1 | 2082 | 485454502F312E312034303320466F7262696464656E0D0A446174653A205765642C2032 32204F637420323030332031333A35363A333420474D540D0A5365727665723A20417061 6368652F322E302E3430202852656420486174204C696E7578290D0A4163636570742D52 616E6765733A2062797465730D0A436F6E74656E742D4C656E6774683A20323839380D0A 436F6E6E656374696F6E3A20636C6F73650D0A436F6E74656E742D547970653A20746578 742F68746D6C3B20636861727365743D49534F2D383835392D310D0A0D0A | How can I convert the above data_payload to a tcpdump formatted file?
I too am very interested in this! I want to add a button at the bottom of the ACID-page with packet payload. When clicking on this button, the payload from the database is converted into a tcpdump (pcap) file and then fed into tethereal. The output from tethereal, a nice decode of the packet, is then presented in my browser. This would be great for (at least) four reasons: * Now you can see the decoded content of a DNS request/response, you can see what network an "ICMP redirect net"-packet contain and so on. * You can see the MAC addresses. ACID don't display them. * You can send the pcap-file to others, parse it with your favourite tool, etc. * A report to the customer looks better with a decoded packet than just the Hex/ASCII-dump from ACID. So, could anyone please help me and Samwun? /Martin ------------------------------------------------------- This SF.net email is sponsored by: The SF.net Donation Program. Do you like what SourceForge.net is doing for the Open Source Community? Make a contribution, and help us add new features and functionality. Click here: http://sourceforge.net/donate/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- script to extract payload info from mysql snort table, (continued)
- script to extract payload info from mysql snort table samwun (Oct 19)
- error in running SnortSnarf samwun (Oct 19)
- Re: [Snort-Users] Patching Snort with SnortSAM Frank Knobbe (Oct 19)
- how to populate snort payload data to MySQL? samwun (Oct 22)
- RE: how to populate snort payload data to MySQL? Jeff Dell (Oct 22)
- RE: how to populate snort payload data to MySQL? samwun (Oct 22)
- how to convert payload data from MySQL data table to tcpdump formated data? samwun (Oct 22)
- Re: how to convert payload data from MySQL data table to tcpdump formated data? Erek Adams (Oct 22)
- Re: how to convert payload data from MySQL data table to tcpdump formated data? Sam Wun (Oct 23)
- Distributed tcpdump output log file from snort. sam (Oct 23)
- Re: how to convert payload data from MySQL data table to tcpdump formated data? Martin Olsson (Oct 24)
- Re: how to convert payload data from MySQL data table to tcpdump formated data? Martin Olsson (Oct 23)
- RE: how to convert payload data from MySQL data table to tcpdump formated data? samwun (Oct 23)
- RE: how to convert payload data from MySQL data table to tcpdump formated data? Jeff Dell (Oct 23)
- RE: how to convert payload data from MySQL data table to tcpdump formated data? samwun (Oct 23)
- RE: how to convert payload data from MySQL data table to tcpdump formated data? samwun (Oct 23)
- Re: how to populate snort payload data to MySQL? Kenneth G. Arnold (Oct 23)
- RE: how to populate snort payload data to MySQL? samwun (Oct 22)
- RE: how to populate snort payload data to MySQL? Kenneth G. Arnold (Oct 23)
- snort tcpdump binary file mirroing over network. samwun (Oct 24)
- Re: snort tcpdump binary file mirroing over network. Erek Adams (Oct 24)