RE: Extracting information about streams from pcap

From: Srinivasan Vairavan-a22691 (vairavan.srinivasan@motorola.com)
Date: Mon Jul 02 2007 - 01:25:55 EDT

• Next message: Abdullah.Mohammed@Rashpetco.com: "MS ISA Server 2004"
• Previous message: Lynx: "Tools or resources for email/MIME fuzzing?"
• In reply to: Jim Clausing: "Re: Extracting information about streams from pcap"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

 
I guess, ethereal too can do that.

Regards,
Vairavan.S

-----Original Message-----
From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com]
On Behalf Of Jim Clausing
Sent: Monday, July 02, 2007 8:22 AM
To: David
Cc: pen-test@securityfocus.com;
pen-test-return-1078484512@securityfocus.com
Subject: Re: Extracting information about streams from pcap

http://ipaudit.sourceforge.net

--
Jim Clausing
On or about Sat, 30 Jun 2007, David pontificated thusly:
> Hi,
> 
> I have a large pcap file that I would like to extract overview 
> stream/packet information from.  I would like data about TCP, UDP and 
> ICMP in the following
> format:
> 
> src_ip, dst_ip, src_port, dst_port, protocol, packets, time (obviously
> some fields aren't relevant for some protocols)
> 
> I have seen a number of tools but many seem to be based around TCP 
> streams only.  I have no problem wrapping awk around a program to 
> generate the right output, but a C/Python library might be more help.
> 
> Any ideas?
> 
> David
> 
> 
> ----------------------------------------------------------------------
> --
> This List Sponsored by: Cenzic
> 
> Swap Out your SPI or Watchfire app sec solution for Cenzic's robust, 
> accurate risk assessment and management solution FREE - limited Time 
> Offer
> 
> http://www.cenzic.com/wf-spi
> ----------------------------------------------------------------------
> --
> 
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Swap Out your SPI or Watchfire app sec solution for Cenzic's robust,
accurate risk assessment and management solution FREE - limited Time
Offer
http://www.cenzic.com/wf-spi
------------------------------------------------------------------------
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Swap Out your SPI or Watchfire app sec solution for
Cenzic's robust, accurate risk assessment and management
solution FREE - limited Time Offer
http://www.cenzic.com/wf-spi
------------------------------------------------------------------------

• Next message: Abdullah.Mohammed@Rashpetco.com: "MS ISA Server 2004"
• Previous message: Lynx: "Tools or resources for email/MIME fuzzing?"
• In reply to: Jim Clausing: "Re: Extracting information about streams from pcap"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:55 EDT