strange ethereal question
Frank Wiles
frank at wiles.org
Tue Jun 10 14:54:51 CDT 2003
Hi Everyone,
I have a bit of a strange situation. I have a Cisco router that is
sending me a complete copy of a certain MAC addresses' IP traffic.
The traffic is encapsulated in a UDP packet and sent to a specific
port on one of my servers.
My ultimate goal is to be able to isolate the HTTP traffic and pull
out all sites and URLs visited by this host. I was told that
ethereal was probably my best bet at not having to write code to
decode the HTTP packets.
The problem is, ethereal only sees it as a bunch of UDP packets. I
tried redirecting the raw stream to ethereal's STDIN, but it only
wants libpcap formatted files via pipes or files.
I keep running into the fact that my little Perl UDP server running
on port 3000 isn't a real network device.
Any ideas on how I can fake ethereal into taking the raw stream,
fake the stream into a device, or output the stream in libpcap
format?
Any help would be appreciated.
P.S. In case you are wondering, this is not a malicious exercise.
I'm sniffing my own server's traffic, not someone else's.
---------------------------------
Frank Wiles <frank at wiles.org>
http://frank.wiles.org
---------------------------------
More information about the Kclug
mailing list