Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 25

Thread: Coding using libnids library

  1. #11
    Senior Member
    Join Date
    Apr 2008
    Posts
    2,008

    Default

    But could try with a pcap file you have taken on an other PC, if it is possible for you.
    Well a short update to this old thread. You might want to read up on big- vs little-endians as this might be the reason for why your pcap file captured on another computer does not work on your own. This thread might be helpful http://forum.remote-exploit.org/showthread.php?t=14426
    -Monkeys are like nature's humans.

  2. #12
    Member
    Join Date
    Mar 2008
    Posts
    114

    Default

    That might be true!!!!!!

    If it is...You just saved my butt
    I'll have a look to that doc.

  3. #13
    Member
    Join Date
    Mar 2008
    Posts
    114

    Default

    HEy buddies!!!

    DO not know if I might create a ne thread but....

    Do you know if it is possible to make a pcap filter with mac address??? I have searched, but, I only found IP address filters. So if you have heard anytihng on it, please share with me. Thanks!!

  4. #14
    Member
    Join Date
    Mar 2008
    Posts
    114

    Default

    the filter type to use seems to be :
    ether host xx:xx:xx:xx:xx:xx
    and for the p address :

    ip host xxx.xxx.xxx.xxx

  5. #15
    Member
    Join Date
    Mar 2008
    Posts
    114

    Default

    Okay, I have tried a msgsnarf with a filter, but it doesn't work as well as I hoped.*
    I have this error :
    glibc double free or corruption (out): 0xb7ebc878

    I have made some printf in the code, and problem seems to come from the nids run and some things after that.
    Do you have any idea?

  6. #16
    Senior Member
    Join Date
    Apr 2008
    Posts
    2,008

    Default

    Okay, I have tried a msgsnarf with a filter, but it doesn't work as well as I hoped.
    Does msgsnarf output any information regarding the ip and/or mac addresses? I can’t really remember but if it does you could simply filter out the hosts you want to using the grep command. Personally I use this information to filter the output from urlsnarf as it otherwise can be quite overwhelming.
    -Monkeys are like nature's humans.

  7. #17
    Member
    Join Date
    Mar 2008
    Posts
    114

    Default

    a grep?

    Really can't see how you do that.
    Sure it is simple, but my brain doesn't like simple things lol.

    Could you put an example please?

  8. #18
    Senior Member
    Join Date
    Apr 2008
    Posts
    2,008

    Default

    Lets say that you want urlsnarf to output the URLs for a specific ip, 192.168.1.2
    Code:
    urlsnarf -i wlan0 | grep 192.168.1.2
    If you on the other hand want every address visited except for a pairtcular host you would only need to add a -v switch to the grep command.
    -Monkeys are like nature's humans.

  9. #19
    Member
    Join Date
    Mar 2008
    Posts
    114

    Default

    Oko
    i gonna try that, but not sure that it work with the -p option

    Seems it doesn't work

    Thanks for help. I will see if I can perform a filter before using the soft...

  10. #20
    Senior Member
    Join Date
    Apr 2008
    Posts
    2,008

    Default

    I haven't ever used the -p option, but isn't it for reading from a pre-captured .cap file? If so you can always try to get around the problem by using tcpreplay to replay the .cap file on your lo interface instead.

    But as I said earlier I am not sure that you can use the grep command to filter out a specific host for msgsnarf. It will depend on if msgsnarf normally outputs which host the messages are originationg from.
    -Monkeys are like nature's humans.

Page 2 of 3 FirstFirst 123 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •