Metasploit mailing list archives
pcaprub module
From: egypt at metasploit.com (egypt at metasploit.com)
Date: Tue, 7 Apr 2009 00:11:05 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Jeffs, The pcap_log plugin might be what you're looking for. It lets you save traffic to a pcap file using BPF syntax for filtering. The filter option must be enclosed in quotes if it contains a space. Here's a simple example: msf > load pcap_log [-] No interface given usage: load pcap_log iface=<iface> [path=<logpath>] [prefix=<logprefix>] [filter="<filter>"] [-] Failed to load plugin from /home/egypt/svn/framework3/trunk/plugins/pcap_log: No interface specified msf > load pcap_log iface=eth1 filter="host 192.168.1.1" [*] Logs in /tmp/msf3-session_2009-04-07_00-14-03.pcap [*] Starting capture thread on interface eth1 [*] Successfully loaded plugin: pcap_log Hope this helped, egypt -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.7 (GNU/Linux) Comment: Use GnuPG with Firefox : http://getfiregpg.org (Version: 0.7.5) iD8DBQFJ2vCQABHabZqEWJ0RAmJsAJ9dk/vz9uWf1VkttyAXf7O94kMwrgCdE4NS ugcGk3Ki6XVF2lAr/rPa97A= =bpNw -----END PGP SIGNATURE----- On Mon, Apr 6, 2009 at 9:27 PM, jeffs <jeffs at speakeasy.net> wrote:
Got it. I see now that the filter uses Berkeley packet filtering syntax.? Good.? Is the screen output saved anywhere for later use or is it just existing for the session on the screen.? Can it be dumped do you think? Thanks. hdm wrote: On Mon, 2009-04-06 at 23:15 -0400, jeffs wrote: It seems to sniff http by default and I'm having difficulty killing it. Keeps saying type exit to exit but there is no prompt and I have to either ctr-c kill it with many attempts or kill -9 it. What is the syntax for filtering? Anything I put in there just seems to default to sniffing http traffic... The kill bug is something we should look into; there are a few other cases where that happens and its really annoying. The test/capture module just sniffs http, thats it, its meant be an example you can customize and not necessarily a useful module on its own. -HD _______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework _______________________________________________ https://mail.metasploit.com/mailman/listinfo/framework
Current thread:
- improving meterpreter for a better exe ? Amin Powers (Apr 05)
- keylogger.rb and task list metasploit error jeffs (Apr 05)
- pcaprub module jeffs (Apr 06)
- pcaprub module hdm (Apr 06)
- pcaprub module jeffs (Apr 06)
- pcaprub module hdm (Apr 06)
- pcaprub module jeffs (Apr 06)
- pcaprub module hdm (Apr 06)
- pcaprub module jeffs (Apr 06)
- pcaprub module hdm (Apr 06)
- pcaprub module egypt at metasploit.com (Apr 06)
- pcaprub module hdm (Apr 06)