Penetration Testing mailing list archives

Re: Ethereal Help

From: Don Faulkner <don.faulkner () infosec spectria com>
Date: Fri, 14 Sep 2001 10:59:09 -0700

On Thu, Sep 13, 2001 at 08:39:51AM -0700, Junginger, Jeremy wrote:

I need to write a filter rule for ethereal that tracks all access to
a specific URL (not ip address).  Is this possible, and if so, how?


I would check into ngrep, the 'network grepper':

http://www.packetfactory.net/Projects/ngrep/

A line like this may be what you're looking for:

# ngrep -d lo -A 2 'index\.html' 'dst port 80'

-d lo           'Listen on interface lo'
-A 2            'Dump 2 packets of trailing context'
'index\.html'   'regex of what to grep each matching packet for'
'dst port 80'   'the libpcap packet match filter'

I don't know if ngrep dumps data in the way you're expecting, but it's 
a start. Good luck!

-- 
Don Faulkner, CISSP                 |  
Senior Security Consultant          |  Spectria
<don.faulkner () infosec spectria com> |    --A Rainbow Technologies company
                                    |  1-888-IS-GUARD


----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Current thread:

Ethereal Help Junginger, Jeremy (Sep 13)
- Re: Ethereal Help Dave Aitel (Sep 14)
- Re: Ethereal Help Don Faulkner (Sep 14)
- Re: Ethereal Help Robert van der Meulen (Sep 14)
- Re: Ethereal Help Chris Kuethe (Sep 16)
- <Possible follow-ups>
- RE: Ethereal Help Dell, Jeffrey (Sep 16)