Page 3 of 3 FirstFirst 123
Results 21 to 25 of 25

Thread: Coding using libnids library

  1. #21
    Member
    Join Date
    Mar 2008
    Posts
    114

    Default

    Yep, the grep option doesn't work with pcap files!
    But their always an other way :
    juste make a new filtered pcap, wich will be used by the softs

    The -p option isn't install by default, you have to download the sources, patch them, and reinstall the soft.

    It is faster to extract datas from big pcap files.

  2. #22
    Senior Member
    Join Date
    Apr 2008
    Posts
    2,008

    Default

    The -p option isn't install by default, you have to download the sources, patch them, and reinstall the soft.
    I see, however I am quite happy with using tcpreplay instead as you easily can run all the dsniff/msgsnarf/urlsnarf/mailsnarf/etc tools at once on -i lo while broadcasting the pcap file.
    -Monkeys are like nature's humans.

  3. #23
    Member
    Join Date
    Mar 2008
    Posts
    114

    Default

    Yes; some tools need to be used combiend with tcpreplay like Drifnet and dsniff, and I will be force to do so.
    But in order to be the most efficient and fast as possible I prefere to use the -p option.
    For example, I can filter a 120mo and extract *snarf information in 15 seconds.

    The major problem with tcpreplay is that you can't run all you pcap to the top speed beacause some times the *snrf tools dn't follow the speed and you loose some information.

  4. #24
    Senior Member
    Join Date
    Apr 2008
    Posts
    2,008

    Default

    The major problem with tcpreplay is that you can't run all you pcap to the top speed beacause some times the *snrf tools dn't follow the speed and you loose some information.
    That is true, it takes some trial and error to lock down the maximal feasible speed.
    -Monkeys are like nature's humans.

  5. #25
    Member
    Join Date
    Mar 2008
    Posts
    114

    Default

    Even if it is not related to linbnids developpement, I will ask my question in here.
    I am writting a little scipt in order to find the name of the file created by airdecap for my main program.

    So here where I am :
    Code:
    file_1="/root/file/pcap_capture.pcap"
    path_file= pwd $file_1
    decap_file= basename $file_1 .pcap
    extension="-dec.pcap"
    
    decap_file= "$path/$decap_file$extension"
    
    echo $decap_file
    problem is tjat the resault is :

    /root/file/
    pcap_capture
    -dec.pcap

    instead of /root/file/pcap_capture-dec.pcap

    Do you have any idea? I have tried using echo -n but it doesnt initialise my vars.. so???

Page 3 of 3 FirstFirst 123

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •