Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: replay captured tcpdump sessions to the screen?

from [offset] Network Security [Permanent Link]
Subject: Re: replay captured tcpdump sessions to the screen?
Date: Tue, 27 Nov 2007 20:27:11 -0600 
Found the paper below that lists some tools

On the Reliability of Current Generation Network Eavesdropping Tools
http://repository.upenn.edu/cgi/viewcontent.cgi?article=1324&context=cis_papers

Someone else also suggested the commercial tool IRIS by eEye

Any others?
--
offset

On Tue, Nov 27, 2007 at 10:30:43PM +0100, Christian Ehlen wrote:

Hi offset,

maybe you can try snort-replay:


Snort-replay is a simple output system for Snort (a patch for

snort-2.0.1) that prints (not sends!) the payloads >using the same delay
between the packets as was seen on the wire.

http://www.algonet.se/~nitzer/snort-replay/
http://www.snort.org/dl/contrib/patches/snort-replay/
http://www.snort.org/dl/old/snort-2.0.1.tar.gz

tcpflow is another tool which will extract and visualize the payload of
tcp-sessions.

http://www.circlemud.org/~jelson/software/tcpflow/


correct ascii/terminal drawings for the menu system that is being used.


this could get problematic with tcpflow.

I think Honeywall/Roo has such capabilities, too.

http://www.honeynet.org/papers/cdrom/roo/index.html

Balabit (zorp, syslog-ng) offers a "Shell Control Box" for auditing -
unfortunately
I haven't tried it yet.

http://www.balabit.com/network-security/scb/

Bye,
Christian


offset wrote:

Does anyone know of software that will allow someone to replay sessions 
(ie. captured telnet tcpdump data)
to a screen? (I don't want to replay this back out to the network)

I'd like to be able to replay captured telnet mitm sessions in a terminal 
like environment to get all the
correct ascii/terminal drawings for the menu system that is being used.

A long time ago, I thought the 'evidence' section of the www.takedown.com 
was cool in that you could
telnet to a port on their server and have the sessions replayed back to you.

I've been using chaosreader ( http://chaosreader.sourceforge.net/ )  to 
split the tcpdump data into
sessions, not sure if anyone has other tools that work in similar fashion 
or any other suggestions.

  


------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Announce] New Fusil fuzzer, Victor Stinner
Next by Date:  john logs, sean . hope
Previous by Thread:  Re: replay captured tcpdump sessions to the screen?, Christian Ehlen
Next by Thread:  Re: VOIP Pen TEST, eladexposed
Indexes:  [Date] [Thread] [Top] [All Lists]