|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [Full-Disclosure] PCAP and LP
From: Ian Latter (Ian.Latter
mq.edu.au)
Date: Wed Jun 02 2004 - 01:04:30 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hello Ali,
According to the FAQ, this doesn't look entirely possible;
[...]
4.10 Replaying Client Traffic to a Server
A common question on the tcpreplay-users list is how
does one replay the client side of a connection back to
a server. Unfortunately, tcpreplay doesn't support this
right now. The major problem concerns syncing up TCP
Seq/Ack numbers which will be different. ICMP also
often contains IP header information which would need
to be adjusted. About the only thing that could be easy
to do is UDP, which isn't usually requested.
[...]
From; http://tcpreplay.sourceforge.net/FAQ.html
I've had one other suggestion, and that is contacting the author
of "chaosreader" (with greenback or source);
http://users.tpg.com.au/bdgcvb/chaosreader.html
's'cool ... I'll fish the web a little more and see what comes out ... if
nothing comes out, and I can't make a quick contribution to
chaosreader, then I'll probably change the target host to acquire
the asset via another protocol (http/smtp/etc).
Thanks all.
----- Original Message -----
>From: "Ali-Reza Anghaie" <alipacketknife.com>
>To: "Ian Latter" <Ian.Lattermq.edu.au>
>Subject: Re: [Full-Disclosure] PCAP and LP
>Date: Tue, 01 Jun 2004 23:12:19 -0400
>
> On Tue, 2004-06-01 at 23:32, Ian Latter wrote:
> > Quick question, I'm going through the results of an investigation
> > and have a PCAP file that contains Line Printing ... I'd like to
> > reconstruct the postscript files (or just reprint them), is there a
> > tool that will allow this?
>
> I'm not sure about reconstructing the PS file in a reasonable fashion
> (there is a good spec, it's a grokkable format, but it's not easily
> regexed in comparison to any other text)...
>
> Perhaps using tcpreplay to push it to a printer would do?
>
> -Ali
>
> --
> OpenPGP Key: 030E44E6
> --
> Was I helpful?: http://svcs.affero.net/rm.php?r=packetknife
> --
> I wouldn't get out of an electric chair to get in one of these
> things. -- Rusty Wallace (on IRL)
>
--
Ian Latter
Internet and Networking Security Officer
Macquarie University
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]