Maybe chaosreader will help you:
Chaosreader
extracting data from captures
Hi after capturing my own internet traffic I want to analyse it. Now Iw been using tcpxtract to get images from my capture.
Now Im interested to see all websites I have visitet, urls from my capturefile. Is there some programs for that, Iv heard abaut net witness and cain & abel, but both of those are for windows, and Im using linux (bt4 and ubuntu 10.04)
Im really analysing only my own traffic, nothing illegal REALLY!
Re: extracting data from captures
Maybe chaosreader will help you:
Chaosreader
Re: extracting data from captures
Chaosreader really be ideal for you!
I still prefer the good old Ethereal (Wireshark).
Regards.
(gdb) disass m(y_br)ain
®
Re: extracting data from captures
Wireshark is good and I do most of my captures using it. chaosreader is good, but is it possible to create list of all visited web sites in wireshark, chaosreader or in some other program?
In chaosreader is it possible to get domain names like google.com instead of ip like 74.125.79.147
Last edited by halfdone; 07-26-2010 at 05:13 PM.
Re: extracting data from captures
.....nope.Originally Posted by halfdone
-----------
~peace
MacPhail
Re: extracting data from captures
is there then any programs that can do it?
Re: extracting data from captures
You could probably put something together with tcpreplay and grep... Or the strings command maybe.
You could pipe the output through nslookup or host.In chaosreader is it possible to get domain names like google.com instead of ip like 74.125.79.147
I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.
I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.
Re: extracting data from captures
so there is no program that can do it?
Re: extracting data from captures
<shrug> google is your friend.
I personally don't see any problem doing some script'fu or commandline'fu to get the info/result you need but since you're unwilling or unable to do so then fire up google and find an answer. I doubt you're the first person who ever wanted to do what you're talking about.
How hard is it to use tcpreplay (or similar) on the pcap, apply a http/https filter, grep out the IPs and do a nslookup or host on them?
This article might give you some ideas:
Finding A Needle In A PCAP - Security
I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.
I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.
Re: extracting data from captures
Well Iv done some searching but most apps that I find are windows only apps and iv tried a few apps,
some of those are windows only and no one of those are what Im looking for, well maybe honey snap, but I'm unable to start it. it just gives a bunch of errors.From Hak5 forums
1. Wireshark (Wireshark · Go deep.)
2. Cain & Abel (http://www.oxid.it)
3. Network Miner (NetworkMiner packet analyzer | Download NetworkMiner packet analyzer software for free at SourceForge.net)
4. TCP xract (tcpxtract)
5. IM Sniffer (http://sourceforge.net/projects/iimsniffer/)
6. MSN Shadow (MSN Shadow - An Instant Messaging Forensics Tool (MSN FORENSICS))
7. Honey Snap (https://projects.honeynet.org/honeysnap/)
8. NGrep (ngrep - neitwork grep)
Well Iv been using linux since last autumn Im not that good doing some commandline'fu.
My biggest problem when using google is that I don't know correct term so I cant get that good results.
Well this might be the most stupid question in these forums, but I got to ask. Well what does that 'fu mean, Iv seen it in so many places. I think that I understand the main meaning, but what does that 'fu mean
Last edited by halfdone; 07-26-2010 at 08:09 PM.
Posting Permissions