Penetration Testing mailing list archives

Re: Ethereal Help

From: Chris Kuethe <ckuethe () pyxis cns ualberta ca>
Date: Fri, 14 Sep 2001 19:40:10 -0600 (MDT)

On Thu, 13 Sep 2001, Junginger, Jeremy wrote:

I need to write a filter rule for ethereal that tracks all access to
a specific URL (not ip address).  Is this possible, and if so, how?
Thanks!


i use some combination of "urlsnarf" (part of the dsniff package), ngrep,
tcpdump+tcpshow, or snort. actually, i think you'd be best served by snort.
tell it to log the URL in text, and then the triggering packet along with
say the next few packets in tcpdump format. ethereal is not the right tool
for this job...

CK

-- 
Chris Kuethe, GCIA: Secure Systems Specialist - U of A CNS
office: 157 General Services Bldg.       780.492.8135
chris.kuethe@[pyxis.cns.]ualberta.ca

Opinions expressed herein are solely the responsibility of
the author. And the author wouldn't have it any other way.


----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Current thread:

Ethereal Help Junginger, Jeremy (Sep 13)
- Re: Ethereal Help Dave Aitel (Sep 14)
- Re: Ethereal Help Don Faulkner (Sep 14)
- Re: Ethereal Help Robert van der Meulen (Sep 14)
- Re: Ethereal Help Chris Kuethe (Sep 16)
- <Possible follow-ups>
- RE: Ethereal Help Dell, Jeffrey (Sep 16)