[3174] in bugtraq
Tracking tools?
daemon@ATHENA.MIT.EDU (David Miller)
Thu Aug 15 00:55:54 1996
Date: Wed, 14 Aug 1996 23:56:41 -0400
Reply-To: Bugtraq List <BUGTRAQ@netspace.org>
From: David Miller <isdmill@gatekeeper.ddp.state.me.us>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@netspace.org>
Please forgive me if this message is a bit off subject, as it doesn't
expose any holes....
I've got a tcpdump of the network while a hacker broke into a machine. I
created it on a FreeBSD system with tcpdump -w .... (filters omitted).
I can read the file back just fine with a tcpdump -r, and dump the raw
data with a -x, but that's less than real useful.
Can anyone point out some tools I might apply to this dump file in order
to track the session which actually hacked root? I'd most like to see
one of the monitoring programs which can be fed from the dump file, but
I'd be happy with something which would give me an ascii dump of the
data portions of selected packets.
Thanks in advance:)
--- David Miller
----------------------------------------------------------------------------
It's *amazing* what one can accomplish when
one doesn't know what one can't do!
