Wireshark · Wireshark-users: [Wireshark-users] Announcing Cap'r Mak'r...

Wireshark-users: [Wireshark-users] Announcing Cap'r Mak'r...

Date: Mon, 2 Mar 2009 09:59:55 -0800

If you are a DPI/IPS/Firewall/Anti-something-or-the-other geek, here's
what you have to do to go from a piece of content (malware, pdf,
image, exploit, etc) to a packet capture:

- set up a server
- configure it to either post or download the content
- use a client to generate the traffic
- capture the packets
- and then forget to pass "-s 0" to tcpdump *argh*
- now repeat, rinse for IPv6

No more. Point your browser to http://www.pcapr.net/caprmakr (login
required), upload a file and embed it into HTTP or SMTP streams. The
generated pcap? Yours to keep, forever, though sharing with the rest
of us is nice too. The generated pcap is "clean" (nice 3WH, valid
checksums, no dropped packets, etc) and plays nicely with tcpreplay.

Enjoy!

K.

Prev by Date: Re: [Wireshark-users] Can I see all protocol dissection through tshark?
Next by Date: [Wireshark-users] 802.11 malformed packets
Previous by thread: Re: [Wireshark-users] Can I see all protocol dissection through tshark?
Next by thread: [Wireshark-users] 802.11 malformed packets
Index(es):
- Date
- Thread