radump more tshark-like?
Matt Brown
matthewbrown at gmail.com
Thu Jul 4 11:48:36 EDT 2013
Thanks Dave.
I was targeting a tcp flow with:
perl radecode.pl -r fastflush.argus - -N o3 tcp and host 192.168.100.23
I only spent maybe 45 or so minutes messing with it the other day. So
I can't be of much help yet. Any input you have is appreciated.
Enjoy the holiday,
Matt
On Jul 3, 2013, at 7:30 PM, David Edelman <dedelman at iname.com> wrote:
> Matt,
> I'm glad that you like it and hope that it's useful. The underlying text2pcap utility knows about TCP and UDP.
>
> The only two alternatives are to build the pcap file with something else or update text2pcap. I'll look into which makes more sense.
>
> --Dave
>
> Dave Edelman
>
>
> On Jul 3, 2013, at 12:16, Matt Brown <matthewbrown at gmail.com> wrote:
>
>> Dave,
>>
>> Very cool! Thanks for sharing this script.
>>
>> I am having a problem when the SESAME doesn't contain tcp or udp (or
>> matches what appears to be the regex for hex).
>>
>> I modified the script to print some more stuff:
>> http://etherpad.mozilla.org/RDSg72wbmy
>>
>> And this is the output:
>> http://etherpad.mozilla.org/k8gXPyHZdR
>>
>> Most notably is the system call to echo the $contents to $cmd, where $cmd==''
>>
>>
>> Any ideas?
>>
>>
>> Thanks,
>>
>> Matt
>>
>>
>> On Jul 2, 2013, at 8:08 PM, David Edelman <dedelman at iname.com> wrote:
>>
>>> This is what it does with NetBIOS:
>>>
>>> radecode -r * - -N o3 udp and port 137
>>> Input from: Standard input
>>> Output to: /tmp/filexnXS7o
>>> Generate dummy Ethernet header: Protocol: 0x800
>>> Generate dummy IP header: Protocol: 17
>>> Generate dummy UDP header: Source port: 137. Dest port: 137
>>> Wrote packet of 50 bytes at 0
>>> Wrote packet of 62 bytes at 50
>>> Wrote packet of 408 bytes at 112
>>> Read 3 potential packets, wrote 3 packets
>>> Running as user "root" and group "root". This could be dangerous.
>>> Frame 1: 92 bytes on wire (736 bits), 92 bytes captured (736 bits)
More information about the argus
mailing list