Penetration Testing mailing list archives
Re: Ethereal Help
From: Chris Kuethe <ckuethe () pyxis cns ualberta ca>
Date: Fri, 14 Sep 2001 19:40:10 -0600 (MDT)
On Thu, 13 Sep 2001, Junginger, Jeremy wrote:
I need to write a filter rule for ethereal that tracks all access to a specific URL (not ip address). Is this possible, and if so, how? Thanks!
i use some combination of "urlsnarf" (part of the dsniff package), ngrep, tcpdump+tcpshow, or snort. actually, i think you'd be best served by snort. tell it to log the URL in text, and then the triggering packet along with say the next few packets in tcpdump format. ethereal is not the right tool for this job... CK -- Chris Kuethe, GCIA: Secure Systems Specialist - U of A CNS office: 157 General Services Bldg. 780.492.8135 chris.kuethe@[pyxis.cns.]ualberta.ca Opinions expressed herein are solely the responsibility of the author. And the author wouldn't have it any other way. ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- Ethereal Help Junginger, Jeremy (Sep 13)
- Re: Ethereal Help Dave Aitel (Sep 14)
- Re: Ethereal Help Don Faulkner (Sep 14)
- Re: Ethereal Help Robert van der Meulen (Sep 14)
- Re: Ethereal Help Chris Kuethe (Sep 16)
- <Possible follow-ups>
- RE: Ethereal Help Dell, Jeffrey (Sep 16)