From: sfml@gomor.org
Date: Mon Jun 27 2005 - 08:34:41 EDT
On Tue, Jun 21, 2005 at 04:32:27PM +0200, Nicolas Gregoire wrote:
> Le lundi 20 juin 2005 à 19:14 +0300, Mohamed Abdel Kader a écrit :
>
> > I was on a assessment and decided to get some of the traffic moving
> > along the network. i got it using ethereal. now i want a program
> > (other than ettercap) that can take this dump and extract the
> > passwords.
>
> Hey, I just had a quasi identical situation last week. I captured 2 Gb
> of trafic while arp-spoofing some hosts (during an internal pentest) and
> I had to extract as much information as possible from my pcap files.
Maybe the following script could be of use also. Not sure
if it will work on a 2Gb file, but this could be a good
test ;)
--8<--
#!/usr/bin/perl
use strict;
use warnings;
use Net::Pkt;
my $dump = Net::Packet::Dump->new(
file => $ARGV[0],
filter => $ARGV[1] ? $ARGV[0] : '',
overwrite => 1,
unlinkOnDestroy => 0,
noStore => 1,
callStart => 1,
);
while (my $f = $dump->next) {
if ($f->l7) {
my $binData = $f->l7->data;
print unpack('H*', $binData), "\n";
# Do whatever you want with this $binData here
}
}
--8<--
-- ^ ___ ___ FreeBSD Network - http://www.GomoR.org/ <-+ | / __ |__/ Systems & Security Engineer | | \__/ | \ ---[ zsh$ alias psed='perl -pe ' ]--- | +--> Net::Packet <=> http://search.cpan.org/~gomor/ <--+
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:30 EDT