Re: replay captured tcpdump sessions to the screen?

From: Christian Ehlen (christian.ehlen@gmx.de)
Date: Tue Nov 27 2007 - 16:30:43 EST

• Next message: Victor Stinner: "[Announce] New Fusil fuzzer"
• Previous message: eladexposed@gmail.com: "Re: VOIP Pen TEST"
• In reply to: offset: "replay captured tcpdump sessions to the screen?"
• Next in thread: offset: "Re: replay captured tcpdump sessions to the screen?"
• Reply: offset: "Re: replay captured tcpdump sessions to the screen?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi offset,

maybe you can try snort-replay:

>Snort-replay is a simple output system for Snort (a patch for
snort-2.0.1) that prints (not sends!) the payloads >using the same delay
between the packets as was seen on the wire.

http://www.algonet.se/~nitzer/snort-replay/
http://www.snort.org/dl/contrib/patches/snort-replay/
http://www.snort.org/dl/old/snort-2.0.1.tar.gz

tcpflow is another tool which will extract and visualize the payload of
tcp-sessions.

http://www.circlemud.org/~jelson/software/tcpflow/

>correct ascii/terminal drawings for the menu system that is being used.

this could get problematic with tcpflow.

I think Honeywall/Roo has such capabilities, too.

http://www.honeynet.org/papers/cdrom/roo/index.html

Balabit (zorp, syslog-ng) offers a "Shell Control Box" for auditing -
unfortunately
I haven't tried it yet.

http://www.balabit.com/network-security/scb/

Bye,
Christian

offset wrote:
> Does anyone know of software that will allow someone to replay sessions (ie. captured telnet tcpdump data)
> to a screen? (I don't want to replay this back out to the network)
>
> I'd like to be able to replay captured telnet mitm sessions in a terminal like environment to get all the
> correct ascii/terminal drawings for the menu system that is being used.
>
> A long time ago, I thought the 'evidence' section of the www.takedown.com was cool in that you could
> telnet to a port on their server and have the sessions replayed back to you.
>
> I've been using chaosreader ( http://chaosreader.sourceforge.net/ ) to split the tcpdump data into
> sessions, not sure if anyone has other tools that work in similar fashion or any other suggestions.
>
>

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------

• Next message: Victor Stinner: "[Announce] New Fusil fuzzer"
• Previous message: eladexposed@gmail.com: "Re: VOIP Pen TEST"
• In reply to: offset: "replay captured tcpdump sessions to the screen?"
• Next in thread: offset: "Re: replay captured tcpdump sessions to the screen?"
• Reply: offset: "Re: replay captured tcpdump sessions to the screen?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:14 EDT