LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
LinkBack Search this Thread
Old 06-13-2006, 01:22 PM   #1
shanu_technical
LQ Newbie
 
Registered: Mar 2006
Posts: 9

Rep: Reputation: 0
Using Tcpdump and Tethereal to capture packets


Hi,

I am trying to capture Network packets using tcpdump and tethereal.

I want to make an application that records the packets to detect attack signatures.

Can anyone tell me how to do it in a simple way.... Like how to detect a Neptune (Syn Flood ) attack....

I really need help for my work here....

~Shanu
 
Old 06-13-2006, 04:44 PM   #2
macemoneta
Senior Member
 
Registered: Jan 2005
Location: Manalapan, NJ
Distribution: Fedora x86 and x86_64, Debian PPC and ARM, Android
Posts: 4,593
Blog Entries: 2

Rep: Reputation: 326Reputation: 326Reputation: 326Reputation: 326
Why recreate the wheel, when there's Snort?
 
Old 06-14-2006, 08:49 AM   #3
shanu_technical
LQ Newbie
 
Registered: Mar 2006
Posts: 9

Original Poster
Rep: Reputation: 0
Cool hi

Hi,

I need this for my research.... trying to incorporate a few more features.....

Can you tell me how to compare the captured packets from Ethereal or TCPDUMP to detect signatures....

Regards,
~Shanu
 
Old 06-14-2006, 08:54 AM   #4
fedora4002
Member
 
Registered: Mar 2004
Posts: 135

Rep: Reputation: 15
If you want to implemented it in your research, you need to program using PCAP library. Just google PCAP and you will find tons of tutorial to do it. PCAP will give you opportunity to access every packet passing through the interface and you need to extract interesting features you wanted. It is easy to do. There are also wrapper for Python, Perl available if you want to start quickly.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
not capture payload with tcpdump? hedpe Linux - Networking 6 02-07-2006 02:23 PM
tethereal capture filter?? rgarner Linux - Software 5 10-22-2004 03:23 PM
tethereal and tcpdump: -y invalid data link type 1 murugesan Linux - Wireless Networking 0 05-30-2004 11:28 PM
Sniffing: tcpdump gets some initial packets merlin-themage Linux - Networking 0 05-28-2004 07:07 AM
tcpdump and dropped packets Blindsight Linux - Networking 5 07-14-2003 10:41 PM


All times are GMT -5. The time now is 02:32 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration