Re: replay captured tcpdump sessions to the screen?

Found the paper below that lists some tools

On the Reliability of Current Generation Network Eavesdropping Tools
http://repository.upenn.edu/cgi/viewcontent.cgi?article=1324&context=cis_papers

Someone else also suggested the commercial tool IRIS by eEye

Any others?
--
offset

On Tue, Nov 27, 2007 at 10:30:43PM +0100, Christian Ehlen wrote:
Hi offset,

maybe you can try snort-replay:

Snort-replay is a simple output system for Snort (a patch for
snort-2.0.1) that prints (not sends!) the payloads >using the same delay
between the packets as was seen on the wire.

http://www.algonet.se/~nitzer/snort-replay/
http://www.snort.org/dl/contrib/patches/snort-replay/
http://www.snort.org/dl/old/snort-2.0.1.tar.gz

tcpflow is another tool which will extract and visualize the payload of
tcp-sessions.

http://www.circlemud.org/~jelson/software/tcpflow/

correct ascii/terminal drawings for the menu system that is being used.

this could get problematic with tcpflow.

I think Honeywall/Roo has such capabilities, too.

http://www.honeynet.org/papers/cdrom/roo/index.html

Balabit (zorp, syslog-ng) offers a "Shell Control Box" for auditing -
unfortunately
I haven't tried it yet.

http://www.balabit.com/network-security/scb/

Bye,
Christian


offset wrote:
Does anyone know of software that will allow someone to replay sessions (ie. captured telnet tcpdump data)
to a screen? (I don't want to replay this back out to the network)

I'd like to be able to replay captured telnet mitm sessions in a terminal like environment to get all the
correct ascii/terminal drawings for the menu system that is being used.

A long time ago, I thought the 'evidence' section of the www.takedown.com was cool in that you could
telnet to a port on their server and have the sessions replayed back to you.

I've been using chaosreader ( http://chaosreader.sourceforge.net/ ) to split the tcpdump data into
sessions, not sure if anyone has other tools that work in similar fashion or any other suggestions.



------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------

Relevant Pages

  • Re: third patch
    ... The fix series is now merged into cifs-2.6.git ... some oopses that can occur with simultaneous cifs mounts/umounts ... We do this by abandoning the global list of SMB sessions and instead ... lists. ...
    (Linux-Kernel)
  • Re: DVD writer and IDE support...
    ... > authors of the programs used for writing discs are on thoses lists too, ... Number of Sessions: 1 ... 4.7GB DVD-RW media in Sequential mode detected. ... Apr 14 18:12:54 tippex hdc: timeout waiting for DMA ...
    (Linux-Kernel)
  • Re: Pub Sessions
    ... sites doing the same thing already, why should organizers have to ... sessions are inherently local affairs – ... assumption that any sessioner knows about these online lists that need ... I`m always amazedthat venues can't be bothered to send in the details of their gigs, I don't have the inclination to trawl around the local pubs asking for info, some pubs even suggest that I phone them once a week- Ha! ...
    (uk.music.folk)
  • Re: Pub Sessions
    ... sites doing the same thing already, why should organizers have to ... sessions are inherently local affairs – ... assumption that any sessioner knows about these online lists that need ... Maybe the most useful compilation would be a list of these local websites, which those on holiday or on the move could check to find local sessions in a new area. ...
    (uk.music.folk)
Loading