|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Isaac Perez (suscripcions
tsolucio.com)
Date: Thu Aug 09 2007 - 11:26:37 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi,
you can try ngrep. You can make a rule for only extract packets that
contain one ip in the ascii payload.
Maybe is wat you need.
El mié, 08-08-2007 a las 16:42 +0000, hsalleehhotmail.com escribió:
> Hello,
>
> Some of the HTTP packets contains IP Addresses inside the payload
> so, I want to get it ? how and using what?
> I know I can do it by decoding the HTTP payload using the RFCs as I did in other protocols BUT I couldn't find any RFC that describe the format and the structure of the payload. if you know these RFCs ( explains these info. ) please refer me to it.
>
> if there is any solution , using snort or any thing please help me
> I am using snort with MySQL
> Thanks in advance
>
> ------------------------------------------------------------------------
> Test Your IDS
>
> Is your IDS deployed correctly?
> Find out quickly and easily by testing it
> with real-world attacks from CORE IMPACT.
> Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
> to learn more.
> ------------------------------------------------------------------------
>
>
------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it
with real-world attacks from CORE IMPACT.
Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw
to learn more.
------------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]