Re: Network Sniffer
- To: Sthu Deus <sthu.deus@gmail.com>
- Cc: debian <debian-user@lists.debian.org>
- Subject: Re: Network Sniffer
- From: Meike Stone <meike.stone@googlemail.com>
- Date: Sat, 2 Feb 2013 19:42:13 +0100
- Message-id: <[🔎] CAFNHiA_uDjQ1erKwoXmqJi9qVer92+V6U=TWeDry0k8+D5oW7w@mail.gmail.com>
- In-reply-to: <510d00a7.e819700a.4e57.ffffdef3@mx.google.com>
- References: <CAJbW+rmyTiptQJGtaYGGDyN-0ivpz-X9GEAc1pGp8BJAYAk2+A@mail.gmail.com> <5107F64F.6010200@gmail.com> <CAJbW+rkXosW4kGsnRc+=F--s7KVNDktLqU+U2Co89yLGef+F-Q@mail.gmail.com> <CAApYZY8M5mSf1JDu2O8NHJ08of+e0HgjJ9Qvd8Z3G7Kccyx7wA@mail.gmail.com> <5108cefd.286f980a.732b.21a5@mx.google.com> <CAFNHiA82iOVUvy0QqYJFBMGEN1fcsoLJQ3tYqiZaPBgYCy9Dzw@mail.gmail.com> <510d00a7.e819700a.4e57.ffffdef3@mx.google.com>
2013/2/2 Sthu Deus <sthu.deus@gmail.com>:
> Good time of the day, Meike.
>
>
> Thank You, Meike, for Your time and answer. You wrote:
>
>> What u mean is a "Network Forensic Analysis Tool" (NFAT).
>> You can capture with tcpdump or other similar tool (tshark, ...) in a
>> file and analyze this file later.
>
> So, besides now and latter - tcpdump has no such a feature as to show
> traffic content? - I do not say sorting / grep-ing /whatever it - that
> can analysis do - I simply want to view the captured content - can
> tcpdump show that?
The Question is, what you mean with "view the captured content".
* So if there are e.g. images in the captured http or ftp, or ...
stream and you like to see them, then NetworkMiner
"http://www.netresec.com/?page=NetworkMiner" is doing this job without
any knowledge about the protocols ..
* Content can also be crypted username/password ... e.g. in radius or
https/ssl. Then is "Wireshark" your friend.
Wireshark is able to decrypt this, if you have the private key or
shared secret ...
Content is all the payload on a network. But there are so many
different kinds, there is no single tool to "display the content"
So explain what you want to do exactly, but don't let us guess ;-)
kindly regards
Meike
Reply to: