LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (http://www.linuxquestions.org/questions/linux-networking-3/)
-   -   Using Tcpdump and Tethereal to capture packets (http://www.linuxquestions.org/questions/linux-networking-3/using-tcpdump-and-tethereal-to-capture-packets-454423/)

shanu_technical 06-13-2006 01:22 PM

Using Tcpdump and Tethereal to capture packets
 
Hi,

I am trying to capture Network packets using tcpdump and tethereal.

I want to make an application that records the packets to detect attack signatures.

Can anyone tell me how to do it in a simple way.... Like how to detect a Neptune (Syn Flood ) attack....

I really need help for my work here....

~Shanu

macemoneta 06-13-2006 04:44 PM

Why recreate the wheel, when there's Snort?

shanu_technical 06-14-2006 08:49 AM

hi
 
Hi,

I need this for my research.... trying to incorporate a few more features.....

Can you tell me how to compare the captured packets from Ethereal or TCPDUMP to detect signatures....

Regards,
~Shanu

fedora4002 06-14-2006 08:54 AM

If you want to implemented it in your research, you need to program using PCAP library. Just google PCAP and you will find tons of tutorial to do it. PCAP will give you opportunity to access every packet passing through the interface and you need to extract interesting features you wanted. It is easy to do. There are also wrapper for Python, Perl available if you want to start quickly.


All times are GMT -5. The time now is 10:23 AM.