Hi, you can try ngrep. You can make a rule for only extract packets that contain one ip in the ascii payload. Maybe is wat you need.
El mié, 08-08-2007 a las 16:42 +0000, [EMAIL PROTECTED] escribió: > Hello, > > Some of the HTTP packets contains IP Addresses inside the payload > so, I want to get it ? how and using what? > I know I can do it by decoding the HTTP payload using the RFCs as I did in > other protocols BUT I couldn't find any RFC that describe the format and the > structure of the payload. if you know these RFCs ( explains these info. ) > please refer me to it. > > if there is any solution , using snort or any thing please help me > I am using snort with MySQL > Thanks in advance > > ------------------------------------------------------------------------ > Test Your IDS > > Is your IDS deployed correctly? > Find out quickly and easily by testing it > with real-world attacks from CORE IMPACT. > Go to > http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw > > to learn more. > ------------------------------------------------------------------------ > > ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more. ------------------------------------------------------------------------
