Honeypots
Use of pcap_api.pl Sep 13 2006 01:05PM
Leonard Kwan (electron-asx optusnet com au) (1 replies)
Re: Use of pcap_api.pl Sep 15 2006 12:55PM
Camilo Viecco (cviecco indiana edu)
Hi Leonard...

do:

"./pcap_api.pl -M 1 'sensor=2170483942;con_id=541689' > pcap_temp.pcap"

Two things to notice:
1. the -M option,for command line, needs a 1 in oder to be correctly accepted
(there was a problem with detecting flags appropiately, so -M 1 became an option)
2. The cgi parameters must be specified as one parameter, (look at the quotes)

Hope this helps

Camilo

Leonard Kwan wrote:
> Hi,
>
> I was wondering whether someone could let me know how to use the
> pcap_api.pl?
>
> Basically I am trying to get the packet captures that the honeywall records.
> I would then like to load these into a database for the purposes of data
> mining.
>
> From what I've been able to gather from the Flow.pl I need to specify
> several parameters, but unfortunately have not had any luck getting it to
> work.
>
> I've tried ./pcap_api.pl -M sensor=2170483942;con_id=541689 > pcap_temp.txt
> to no avail. I get those two parameters from the walleye interface
> (/walleye.pl?act=snortdecode;sensor=2170483942;con_id=541689)
>
> Any help would be much appreciated!
>
> Cheers
> Leonard
>
>

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus