[3183] in bugtraq
Re: Tracking tools?
daemon@ATHENA.MIT.EDU (Greg Miller)
Sat Aug 17 18:55:35 1996
Date: Thu, 15 Aug 1996 22:53:43 GMT
Reply-To: gmiller@dey-systems.com
From: Greg Miller <gmiller@dey-systems.com>
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@NETSPACE.ORG>
In-Reply-To: <Pine.BSI.3.93.960814235116.19049B-100000@gatekeeper.ddp.state.me.us>
On Wed, 14 Aug 1996 23:56:41 -0400, you wrote:
>Can anyone point out some tools I might apply to this dump file in ord=
er
>to track the session which actually hacked root? I'd most like to see
>one of the monitoring programs which can be fed from the dump file, bu=
t
>I'd be happy with something which would give me an ascii dump of the
>data portions of selected packets.
I've written a program just for this. It's in perl, and isn't =
the
prettiest or fastest code in the world, but it works (for the most part=
). It
will retrieve the IP, TCP, UDP, and ICMP headers from the dump and prin=
t the
headers (labeled). It then prints any remaining data in both hex and a=
scii.
The program is on my web page in the "misc" section. You can d=
ownload
it directly at http://grendel.ius.indiana.edu/~gmiller/network/tcpforma=
t.pl.
.=B7=B4=AF=B4=B7._.=B7=B4=AF=B4=B7._.=B7=B4=AF=B4=B7._.=B7=B4=AF=B4=B7.=
_.=B7=B4=AF=B4=B7._.=B7=B4=AF=B4=B7._.=B7=B4=AF=B4=B7._.=B7=B4=AF=B4=B7=
._.=B7=B4=AF=B4=B7._.=B7=B4=AF
enum MicrosoftBoolean {TRUE, FALSE, MAYBE};
Greg Miller: Programmer/Analyst (gmiller@dey-systems.com)
http://grendel.ius.indiana.edu/~gmiller/
=B4=B7._.=B7=B4=AF=B4=B7._.=B7=B4=AF=B4=B7._.=B7=B4=AF=B4=B7._.=B7=B4=AF=
=B4=B7._.=B7=B4=AF=B4=B7._.=B7=B4=AF=B4=B7._.=B7=B4=AF=B4=B7._.=B7=B4=AF=
=B4=B7._.=B7=B4=AF=B4=B7._
