Page 1 of 2 12 LastLast
Results 1 to 10 of 15

Thread: extracting data from captures

  1. #1
    Member
    Join Date
    Jan 2010
    Location
    Helsinki, Finland
    Posts
    235

    Default extracting data from captures

    Hi after capturing my own internet traffic I want to analyse it. Now Iw been using tcpxtract to get images from my capture.

    Now Im interested to see all websites I have visitet, urls from my capturefile. Is there some programs for that, Iv heard abaut net witness and cain & abel, but both of those are for windows, and Im using linux (bt4 and ubuntu 10.04)

    Im really analysing only my own traffic, nothing illegal REALLY!

  2. #2
    Moderator fancy's Avatar
    Join Date
    Jan 2010
    Posts
    204

    Default Re: extracting data from captures

    Maybe chaosreader will help you:

    Chaosreader

  3. #3
    Good friend of the forums espreto's Avatar
    Join Date
    Mar 2010
    Location
    Brazil
    Posts
    303

    Default Re: extracting data from captures

    Chaosreader really be ideal for you!
    I still prefer the good old Ethereal (Wireshark).

    Regards.
    (gdb) disass m(y_br)ain

    ®

  4. #4
    Member
    Join Date
    Jan 2010
    Location
    Helsinki, Finland
    Posts
    235

    Default Re: extracting data from captures

    Wireshark is good and I do most of my captures using it. chaosreader is good, but is it possible to create list of all visited web sites in wireshark, chaosreader or in some other program?

    In chaosreader is it possible to get domain names like google.com instead of ip like 74.125.79.147
    Last edited by halfdone; 07-26-2010 at 05:13 PM.

  5. #5
    Member macphail's Avatar
    Join Date
    Jun 2010
    Location
    East Coast, USA
    Posts
    164

    Default Re: extracting data from captures

    Quote Originally Posted by halfdone View Post
    In chaosreader is it possible to get domain names like google.com instead of ip like 74.125.79.147
    .....nope.
    -----------
    ~peace
    MacPhail

  6. #6
    Member
    Join Date
    Jan 2010
    Location
    Helsinki, Finland
    Posts
    235

    Default Re: extracting data from captures

    is there then any programs that can do it?

  7. #7
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default Re: extracting data from captures

    You could probably put something together with tcpreplay and grep... Or the strings command maybe.

    In chaosreader is it possible to get domain names like google.com instead of ip like 74.125.79.147
    You could pipe the output through nslookup or host.
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

  8. #8
    Member
    Join Date
    Jan 2010
    Location
    Helsinki, Finland
    Posts
    235

    Default Re: extracting data from captures

    so there is no program that can do it?

  9. #9
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default Re: extracting data from captures

    <shrug> google is your friend.

    I personally don't see any problem doing some script'fu or commandline'fu to get the info/result you need but since you're unwilling or unable to do so then fire up google and find an answer. I doubt you're the first person who ever wanted to do what you're talking about.

    How hard is it to use tcpreplay (or similar) on the pcap, apply a http/https filter, grep out the IPs and do a nslookup or host on them?

    This article might give you some ideas:
    Finding A Needle In A PCAP - Security
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

  10. #10
    Member
    Join Date
    Jan 2010
    Location
    Helsinki, Finland
    Posts
    235

    Default Re: extracting data from captures

    Well Iv done some searching but most apps that I find are windows only apps and iv tried a few apps,
    some of those are windows only and no one of those are what Im looking for, well maybe honey snap, but I'm unable to start it. it just gives a bunch of errors.

    Well Iv been using linux since last autumn Im not that good doing some commandline'fu.

    My biggest problem when using google is that I don't know correct term so I cant get that good results.

    Well this might be the most stupid question in these forums, but I got to ask. Well what does that 'fu mean, Iv seen it in so many places. I think that I understand the main meaning, but what does that 'fu mean
    Last edited by halfdone; 07-26-2010 at 08:09 PM.

Page 1 of 2 12 LastLast

Similar Threads

  1. Extracting files & Info from network captures
    By TAPE in forum BackTrack Videos
    Replies: 4
    Last Post: 03-17-2010, 08:11 AM
  2. extracting rar files in backtrack
    By coubury in forum OLD BackTrack 4 General Support
    Replies: 8
    Last Post: 03-03-2010, 07:53 PM
  3. Help with extracting tcpdump data...?
    By ajf3ajf3 in forum OLD BackTrack 4 General Support
    Replies: 8
    Last Post: 09-16-2009, 01:50 AM
  4. Kismet Captures Packets but Not Airodump-NG
    By lcaseyva in forum OLD Newbie Area
    Replies: 3
    Last Post: 06-07-2009, 07:15 AM
  5. I need some basic wpa/wpa2 captures please
    By -=Xploitz=- in forum OLD Pentesting
    Replies: 15
    Last Post: 12-05-2007, 11:32 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •