Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Distribution: debian, gentoo, os x (darwin), ubuntu
Posts: 940
Rep:
dump packet data to file, but no packet header
hello there,
i am trying to dump packet data to a file in the style of netcat (eg. when natcat is listening on port 80 and you connect with a browser, that output) but it gets slightly more tricky:
i need to grab sql statements out of packet data destined for another host.
the point of this is to afterwards be able to analyze data.
1. i tried using netcat (nc) but i cannot get packet data which is not destined for my host. setting up iptables and ebtables with '-j REDIRECT' did not help either.
2. using tcpdump to grab a few packets, then reading with flowreplay and sending them to 127.0.0.1 where nc was listening worked, though it looks like the packet data got reassebled incorrectly (on the netcat side of things)
if anybody can point me into a direction that would be grand
it is all legal, as 1. we are running in a test network for this, 2. one of our clients asked for it to monitor their server.
I believe there are many legitimate uses for this, don't worry. In any case, are you just looking for packet payloads without any header? Ethereal can use tcpdump to dissect many protocols, and you hould be able to dump the protocol-level data to a file for further analysis.
Distribution: debian, gentoo, os x (darwin), ubuntu
Posts: 940
Original Poster
Rep:
let us assume a oracle server, clients sent the sql statments clear text, thou sometimes they are too long to fit inside a single packet...
i just want reassembled sql statements....
i need to monitor for a few weeks before analyzing the statements, so having to post-pocess would not be ideal. better would be the ability to log directly to a file with what i need...
I guess the hard part is figuring out how to reassemble the packets from the tcpdump. You'd have to look at the client and the sequence numbers to figure it out.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.