This patch allows assniffer to read pcap files directly instead of listening from a network interface. This has been tested under Linux only.
How-To patch:
First of all, download the attached patch file (
patch_0.1-a.zip) in /tmp for example.
1. wget
http://www.cockos.com/assniffer/assniffer01.zip
2. unzip assniffer01.zip
3. cd source
4. mv wdl WDL
5. cp /tmp/patch_0.1-a.zip .
6. unzip patch_0.1-a.zip
7. patch -p1 < patch_0.1-a
8. cd assniffer
9. make
How-To use:
1. create a pcap file with tcpdump (change filter):
tcpdump -i eth0 -n -s0 -w test.cap "tcp and port 80 and host xx.xx.xx.xx"
2. use this file with assniffer:
./assniffer output_dir -r test.cap
How-To use in real-time:
1. mkfifo tunnel
2. tcpdump -i eth0 -n -s0 -w tunnel "tcp and port 80 and host xx.xx.xx.xx" &
3. ./assniffer output_dir -r tunnel