Hi offset,
maybe you can try snort-replay:
Snort-replay is a simple output system for Snort (a patch for
snort-2.0.1) that prints (not sends!) the payloads >using the same delay
between the packets as was seen on the wire.
http://www.algonet.se/~nitzer/snort-replay/
http://www.snort.org/dl/contrib/patches/snort-replay/
http://www.snort.org/dl/old/snort-2.0.1.tar.gz
tcpflow is another tool which will extract and visualize the payload of
tcp-sessions.
http://www.circlemud.org/~jelson/software/tcpflow/
correct ascii/terminal drawings for the menu system that is being used.
this could get problematic with tcpflow.
I think Honeywall/Roo has such capabilities, too.
http://www.honeynet.org/papers/cdrom/roo/index.html
Balabit (zorp, syslog-ng) offers a "Shell Control Box" for auditing -
unfortunately
I haven't tried it yet.
http://www.balabit.com/network-security/scb/
Bye,
Christian
offset wrote:
Does anyone know of software that will allow someone to replay sessions (ie.
captured telnet tcpdump data)
to a screen? (I don't want to replay this back out to the network)
I'd like to be able to replay captured telnet mitm sessions in a terminal
like environment to get all the
correct ascii/terminal drawings for the menu system that is being used.
A long time ago, I thought the 'evidence' section of the www.takedown.com was
cool in that you could
telnet to a port on their server and have the sessions replayed back to you.
I've been using chaosreader ( http://chaosreader.sourceforge.net/ ) to split
the tcpdump data into
sessions, not sure if anyone has other tools that work in similar fashion or
any other suggestions.
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------
