convert argus logs to pcap files
Carter Bullard
carter at qosient.com
Fri Oct 8 16:19:57 EDT 2010
Hey Paul,
We have flow record hex dumpers, and content hex dumpers already in the libraries.
Maybe we can already help you out.
What is it you really want to do? Find hex patterns in user data to put into snort?
Carter
On Oct 8, 2010, at 4:01 PM, Paul Schmehl wrote:
> I want to do it so I can see the hex to write snort rules.
>
> --On Friday, October 08, 2010 15:48:50 -0400 Carter Bullard <carter at qosient.com> wrote:
>
>> Hey Guys,
>> Why would you want to do this?
>>
>> Carter
>>
>>
>>
>> On Oct 8, 2010, at 3:15 PM, George Jones wrote:
>>
>> I was wondering that myself.
>>
>> Best answers seem to be text2pcap from wireshark, and possibly some pythonic
>> thing
>> such as http://dirtbags.net/py-pcap.html
>>
>> ---George Jones
>>
>>
>> On Fri, Oct 8, 2010 at 2:54 PM, Paul Schmehl <pschmehl_lists at tx.rr.com> wrote:
>>
>> Is there a way to do this?
>
>
>
> --
> Paul Schmehl, Senior Infosec Analyst
> As if it wasn't already obvious, my opinions
> are my own and not those of my employer.
> *******************************************
> "It is as useless to argue with those who have
> renounced the use of reason as to administer
> medication to the dead." Thomas Jefferson
> "There are some ideas so wrong that only a very
> intelligent person could believe in them." George Orwell
>
>
Carter Bullard
CEO/President
QoSient, LLC
150 E 57th Street Suite 12D
New York, New York 10022
+1 212 588-9133 Phone
+1 212 588-9134 Fax
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3815 bytes
Desc: not available
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20101008/eb46bf2c/attachment.bin>
More information about the argus
mailing list