radump more tshark-like?
David Edelman
dedelman at iname.com
Wed Jul 3 19:30:20 EDT 2013
Matt,
I'm glad that you like it and hope that it's useful. The underlying text2pcap utility knows about TCP and UDP.
The only two alternatives are to build the pcap file with something else or update text2pcap. I'll look into which makes more sense.
--Dave
Dave Edelman
On Jul 3, 2013, at 12:16, Matt Brown <matthewbrown at gmail.com> wrote:
> Dave,
>
> Very cool! Thanks for sharing this script.
>
> I am having a problem when the SESAME doesn't contain tcp or udp (or
> matches what appears to be the regex for hex).
>
> I modified the script to print some more stuff:
> http://etherpad.mozilla.org/RDSg72wbmy
>
> And this is the output:
> http://etherpad.mozilla.org/k8gXPyHZdR
>
> Most notably is the system call to echo the $contents to $cmd, where $cmd==''
>
>
> Any ideas?
>
>
> Thanks,
>
> Matt
>
>
> On Jul 2, 2013, at 8:08 PM, David Edelman <dedelman at iname.com> wrote:
>
>> This is what it does with NetBIOS:
>>
>> radecode -r * - -N o3 udp and port 137
>> Input from: Standard input
>> Output to: /tmp/filexnXS7o
>> Generate dummy Ethernet header: Protocol: 0x800
>> Generate dummy IP header: Protocol: 17
>> Generate dummy UDP header: Source port: 137. Dest port: 137
>> Wrote packet of 50 bytes at 0
>> Wrote packet of 62 bytes at 50
>> Wrote packet of 408 bytes at 112
>> Read 3 potential packets, wrote 3 packets
>> Running as user "root" and group "root". This could be dangerous.
>> Frame 1: 92 bytes on wire (736 bits), 92 bytes captured (736 bits)
More information about the argus
mailing list