If you are a frequent packet sniffer like I am, you are usually always looking for better ways to filter through all the crap. Recently I needed to save packet information to files for processing. Using something like wireshark or tcpdump is the norm. Then when you want to reassemble a transaction you have to follow the flow in Wireshark.
The linux command line tool tcpflow does this for you though. When it is initialized with something like this "tcpflow -i eth2 -s host 192.168.1.3", it will look at all transactions involving 192.168.1.3. When a transaction is completed, it will write the full transaction details to a single file. In the case of monitoring an infected machine or looking at file transfers, tcpflow would save the entire file transferred in to a single file. Yay convenience.
Here's a man page for it. Check it out.
No comments:
Post a Comment