COCKOS
CONFEDERATED FORUMS
Cockos : REAPER : NINJAM : Forums
Forum Home : Register : FAQ : Members List : Search :
Old 01-29-2007, 06:20 PM   #1
rharris
Human being with feelings
 
Join Date: Jan 2007
Posts: 2
Default Any way to disable decoding?

What I am trying to do is to log POST traffic out of tcpdump captures.

All I am looking for is something that I can feed a tcpdump file to and it will stream out the text of actual HTTP requests that are being sent to the server. Is there an easy way to do this with assniff (or another program)?
rharris is offline   Reply With Quote
Old 02-16-2007, 04:16 AM   #2
julien
Human being with feelings
 
Join Date: Jul 2006
Posts: 16
Default

Quote:
Originally Posted by rharris View Post
What I am trying to do is to log POST traffic out of tcpdump captures.

All I am looking for is something that I can feed a tcpdump file to and it will stream out the text of actual HTTP requests that are being sent to the server. Is there an easy way to do this with assniff (or another program)?
Which OS are you using?
You could use ngrep and/or a custom perl script... it depends on what you want to do.
julien is offline   Reply With Quote
Old 02-22-2007, 04:35 PM   #3
rharris
Human being with feelings
 
Join Date: Jan 2007
Posts: 2
Default

I have both windows and linux available.

The problem I have had with ngrep and perl is that it is easy to match the first TCP packet of the POST, however, to continue grabbing the remainder of the TCP packets (and data) associated with that POST request, I need something that is "aware" of the TCP session.

I was trying to avoid having to write session handling routines, etc.

Obviously if assniff is able to reconstruct files, it is able to reconstruct the TCP session. I was hoping to be lazy and just be able to stream the data right out of that without having to reinvent the wheel.
rharris is offline   Reply With Quote
Old 03-30-2007, 04:05 PM   #4
julien
Human being with feelings
 
Join Date: Jul 2006
Posts: 16
Default TCPICK

Quote:
Originally Posted by rharris View Post
I have both windows and linux available.
The problem I have had with ngrep and perl is that it is easy to match the first TCP packet of the POST, however, to continue grabbing the remainder of the TCP packets (and data) associated with that POST request, I need something that is "aware" of the TCP session.
Sorry for the late reply...
Maybe you could use tcpick (http://www.die.net/doc/linux/man/man8/tcpick.8.html), it works great.
julien is offline   Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -7. The time now is 07:25 PM.


Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2024, vBulletin Solutions Inc.