lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
From: brendan.gregg at tpg.com.au (Brendan Gregg) Subject: PCAP and LP G'Day Ian, ----- Original Message ----- > From: Ian Latter (Ian.Latter_at_mq.edu.au) > Date: Jun 01 2004 > > Hello Ali, > > According to the FAQ, this doesn't look entirely possible; > > [...] > 4.10 Replaying Client Traffic to a Server > > A common question on the tcpreplay-users list is how > [...] > > From; http://tcpreplay.sourceforge.net/FAQ.html > > I've had one other suggestion, and that is contacting the author > of "chaosreader" (with greenback or source); > > http://users.tpg.com.au/bdgcvb/chaosreader.html > > 's'cool ... I'll fish the web a little more and see what comes out ... if > nothing comes out, and I can't make a quick contribution to > chaosreader, then I'll probably change the target host to acquire > the asset via another protocol (http/smtp/etc). > Chaosreader can retrieve print jobs with a little help, # snoop -o /tmp/out1 port 515 Using device /dev/hme (promiscuous mode) 205 ^C # # ../chaosreader -v /tmp/out1 Chaosreader ver 0.94 Opening, /tmp/out1 Reading file contents, 100% (251376/251376) Reassembling packets, 100% (205/205) Creating files... Num Session (host:port <=> host:port) Service 0001 192.168.1.5:1021,192.168.1.1:515 printer index.html created. # # ls -l *.raw* -rw-r--r-- 1 brendan 231678 Jun 3 00:21 session_0001.printer.raw -rw-r--r-- 1 brendan 5 Jun 3 00:21 session_0001.printer.raw1 -rw-r--r-- 1 brendan 231673 Jun 3 00:21 session_0001.printer.raw2 Now if I "vi session_0001.printer.raw2" and remove the top 2 and bottom 9 lines, I have the original PostScript file (cksums ok). (Your capture may vary a little, but it should be obvious where the PostScript begins and ends). Or if I didn't want to use vi, # perl -e 'push(@A,$_) while(<>); print @A[2..($#A-10)]' \ session_0001.printer.raw2 > lp.ps It would be nice if Chaosreader automatically did this - I guess I should add it for the next release. If anyone would like to make a quick contribution you are welcome to send me small sample capture files (snoop or tcpdump). :) PS. the most stable link is, http://www.brendangregg.com/chaosreader.html no worries, Brendan Gregg [Sydney, Australia] > ----- Original Message ----- > >From: "Ali-Reza Anghaie" <ali_at_packetknife.com> > >To: "Ian Latter" <Ian.Latter_at_mq.edu.au> > >Subject: Re: [Full-Disclosure] PCAP and LP > >Date: Tue, 01 Jun 2004 23:12:19 -0400 > > > > On Tue, 2004-06-01 at 23:32, Ian Latter wrote: > > > Quick question, I'm going through the results of an investigation > > > and have a PCAP file that contains Line Printing ... I'd like to > > > reconstruct the postscript files (or just reprint them), is there a > > tool that will allow this? [...]
Powered by blists - more mailing lists