Re: Use of pcap_api.pl

[Camilo Viecco <cviecco () indiana edu>]

Hi Leonard...

do:

"./pcap_api.pl -M 1 'sensor=2170483942;con_id=541689' > pcap_temp.pcap"

Two things to notice: 
1. the -M option,for command line, needs  a 1 in oder to be correctly accepted
(there was a problem with detecting flags appropiately, so -M 1 became an option)
2. The cgi parameters must be specified as one parameter, (look at the quotes)

Hope this helps

Camilo  



Leonard Kwan wrote:
> Hi,
>
> I was wondering whether someone could let me know how to use the
> pcap_api.pl?
>
> Basically I am trying to get the packet captures that the honeywall records.
> I would then like to load these into a database for the purposes of data
> mining. 
>
> From what I've been able to gather from the Flow.pl I need to specify
> several parameters, but unfortunately have not had any luck getting it to
> work.
>
> I've tried ./pcap_api.pl -M sensor=2170483942;con_id=541689 > pcap_temp.txt
> to no avail. I get those two parameters from the walleye interface
> (/walleye.pl?act=snortdecode;sensor=2170483942;con_id=541689)
>
> Any help would be much appreciated!
>
> Cheers
> Leonard
>
>