Are there any viewers for tcpdump log files ?
1)
a) On Linux
tcpdump -r /some/file
b) on Windows
tcpdump -r /some/file
c) as an HTML server
Not offhand, but it'd be trivial to write a CGI to do this. An easy
cheat would be to write a snort rule to log everything, run the packets
through snort with -r, log them to mysql, and use ACID to look at them.
This will be one-packet-per-page, though. Probably better to wrap
tethereal with a CGI script or some-such though.
2)
a) text dump file
tcpdump -Xr /some/file
b) binary dump file
hexedit /some/file
As someone already pointed out, if you want a nice GUI to look at them
(and do advanced protocol decodes) use Ethereal (or tethereal for text
output). Note that the display expressions in [t|e]thereal are different
than the BPF expressions used to capture.
Cheers,
Michael Holstein CISSP GCIA
Cleveland State University
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
