Honeypots
Use of pcap_api.pl Sep 13 2006 01:05PM
Leonard Kwan (electron-asx optusnet com au)
Hi,

I was wondering whether someone could let me know how to use the
pcap_api.pl?

Basically I am trying to get the packet captures that the honeywall records.
I would then like to load these into a database for the purposes of data
mining.

From what I've been able to gather from the Flow.pl I need to specify
several parameters, but unfortunately have not had any luck getting it to
work.

I've tried ./pcap_api.pl -M sensor=2170483942;con_id=541689 > pcap_temp.txt
to no avail. I get those two parameters from the walleye interface
(/walleye.pl?act=snortdecode;sensor=2170483942;con_id=541689)

Any help would be much appreciated!

Cheers
Leonard

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus