Results 1 to 10 of 10

Thread: Command Line Packet Analyzer

  1. #1
    Junior Member
    Join Date
    Apr 2008
    Posts
    27

    Wink Command Line Packet Analyzer

    So anyone whos followed my story from a while ago knows i have no gui just a command line to run backtrack with.

    I use airodump for packet capturing but for actual analyzing im forced to boot back to vista to use wireshark to analyze traffic, which makes on the go reaction and injection...for what im doing anyways, impossible! I know there must be some way to to sift through in some command line interface or just of one protocol particularly. Im pretty bitchin' at python so i could write some script to do it myself, I just dont know how to work my through a cap file so if anyone could point me in the direction of a program or script already made or some instruction on the contents of a cap file.

    thanks

  2. #2
    Jenkem Addict imported_wyze's Avatar
    Join Date
    Jul 2007
    Posts
    1,543

    Default

    Quote Originally Posted by abseeley View Post
    So anyone whos followed my story from a while ago knows i have no gui just a command line to run backtrack with.

    I use airodump for packet capturing but for actual analyzing im forced to boot back to vista to use wireshark to analyze traffic, which makes on the go reaction and injection...for what im doing anyways, impossible! I know there must be some way to to sift through in some command line interface or just of one protocol particularly. Im pretty bitchin' at python so i could write some script to do it myself, I just dont know how to work my through a cap file so if anyone could point me in the direction of a program or script already made or some instruction on the contents of a cap file.

    thanks
    Tshark...
    dd if=/dev/swc666 of=/dev/wyze

  3. #3
    Junior Member
    Join Date
    Apr 2008
    Posts
    27

    Default

    just went and checked it out, but it seems that tshark is just a capture interface not for viewing packets, well as far as i can tell from its fairly cryptic documentation.. im looking for something to display in text format information about individual packets, possibly even filter them for certain protocols, as i feel there is a great deal of applications for something like this... is there any application or script? and again any documentation on capture files? the latter would probably be most benificial to me.

  4. #4
    Senior Member
    Join Date
    Apr 2008
    Posts
    2,008

    Default

    man tshark:
    Code:
    TShark is a network protocol analyzer.  It lets you capture packet data
    from a live network, or read packets from a previously saved capture
    file, either printing a decoded form of those packets to the standard
    output or writing the packets to a file.  TShark's native capture file
    format is libpcap format, which is also the format used by tcpdump and
    various other tools.
    
    Without any options set, TShark will work much like tcpdump. It will
    use the pcap library to capture traffic from the first available net-
    work interface and displays a summary line on stdout for each received
    packet.
    
    TShark is able to detect, read and write the same capture files that 
    are supported by Wireshark.
    
    Read filters in TShark, which allow you to select which packets are to
    be decoded or written to a file, are very powerful; more fields are
    filterable in TShark than in other protocol analyzers, and the syntax
    you can use to create your filters is richer.  As TShark progresses,
    expect more and more protocol fields to be allowed in read filters.
    It does seem to me like Tshark is a rather powerful packet analyzer and pretty much as close to WireShark you can get using only the command line.

  5. #5
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default

    Im pretty bitchin' at python so i could write some script to do it myself, I just dont know how to work my through a cap file so if anyone could point me in the direction of a program or script already made or some instruction on the contents of a cap file.
    Just google something like "python pcap parse" or similar.
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

  6. #6
    Junior Member
    Join Date
    Apr 2008
    Posts
    27

    Default

    great, thanks thorin i know what to search for just couldnt find the words for it.

    and tron im sorry about that, i guess whatever page i came to wasnt that one because it was a strictly capture no analysis, but thanks for pointing it out ill try both options.

    i would like to apoligize for that though im just having terrible luck this week with searches.... is tshark included in BT

  7. #7
    Jenkem Addict imported_wyze's Avatar
    Join Date
    Jul 2007
    Posts
    1,543

    Default

    Quote Originally Posted by abseeley View Post
    is tshark included in BT
    http://backtrack.offensive-security....hp?title=Tools
    dd if=/dev/swc666 of=/dev/wyze

  8. #8
    Member hawaii67's Avatar
    Join Date
    Feb 2006
    Posts
    318
    Don't eat yellow snow :rolleyes:

  9. #9
    Junior Member
    Join Date
    Apr 2008
    Posts
    27

    Default

    Good stuff, tried it out and its just not cutting it for me, I think im going to have to parse my capture files myself with a script... Does anyone know how to go about reading and parsing? Documentation on this is very very limited and vague at that, but most of it seems to point to using libpcap to do the parsing for you then using another language as a wrapper to interpret. So um.. how? Anyone?

  10. #10
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default

    Quote Originally Posted by abseeley View Post
    great, thanks thorin i know what to search for just couldnt find the words for it.
    http://www.google.ca/search?q=python+pcap+parse

    4th results is:
    http://download.opensuse.org/reposit...hon.group.html

    Which links to:
    python-pcapy

    etc
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •