hello there,

i am trying to dump packet data to a file in the style of netcat (eg. when natcat is listening on port 80 and you connect with a browser, that output) but it gets slightly more tricky:

i need to grab sql statements out of packet data destined for another host.
the point of this is to afterwards be able to analyze data.
1. i tried using netcat (nc) but i cannot get packet data which is not destined for my host. setting up iptables and ebtables with '-j REDIRECT' did not help either.
2. using tcpdump to grab a few packets, then reading with flowreplay and sending them to 127.0.0.1 where nc was listening worked, though it looks like the packet data got reassebled incorrectly (on the netcat side of things)

if anybody can point me into a direction that would be grand

it is all legal, as 1. we are running in a test network for this, 2. one of our clients asked for it to monitor their server.

I believe there are many legitimate uses for this, don't worry. In any case, are you just looking for packet payloads without any header? Ethereal can use tcpdump to dissect many protocols, and you hould be able to dump the protocol-level data to a file for further analysis.

let us assume a oracle server, clients sent the sql statments clear text, thou sometimes they are too long to fit inside a single packet...
i just want reassembled sql statements....
i need to monitor for a few weeks before analyzing the statements, so having to post-pocess would not be ideal. better would be the ability to log directly to a file with what i need...

I guess the hard part is figuring out how to reassemble the packets from the tcpdump. You'd have to look at the client and the sequence numbers to figure it out.