Full Disclosure mailing list archives
Chaosreader: Trace TCP/UDP from snoop/tcpdump logs
From: Brendan Gregg <brendan.gregg () tpg com au>
Date: Thu, 9 Oct 2003 22:18:11 +1000 (EST)
Vunerability Analysis Tool Chaosreader is a freeware tool that can trace HTTP sessions from a packet log, displaying which bits are plaintext. It could be used to help verify that some websites really do utilise encryption, which may interest readers of Full-Disclosure. It has been written on Solaris using perl. The above description is one use of Chaosreader, it has many features. It takes a snoop (or tcpdump) log and parses every protocol it can. This includes, Any TCP Session Any UDP Stream HTTP transfers (HTML, JPG, GIF, zip, ...) FTP files (active transfers) telnet sessions (also generates realtime playback scripts) SMTP emails ... Quick Usage: snoop -o /tmp/out1 chaosreader /tmp/out1 netscape index.html http://users.tpg.com.au/bdgcvb/chaosreader Chaosreader http://users.tpg.com.au/bdgcvb/Chaos01 Example Output An example of telnet realtime replay is, http://users.tpg.com.au/bdgcvb/Chaos01/session_0020.telnet.replay This feature may assist with forensics if intruders are snooped. There are many existing (and more developed) tools that provide similar features, such as Ethereal and dsniff; and some of the ideas are similar to tools like lazarus and ttywatcher. More features (and bug fixes) will be added in future versions, this is the first public release of the tool. Enjoy! Brendan Gregg _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Chaosreader: Trace TCP/UDP from snoop/tcpdump logs Brendan Gregg (Oct 09)