> Well you are dealing with static pages- the pcaps are static. If you > just did a File->Save As for each page, save as a html file and > configure Apache to serve up the pages you'd be cool. No reason your > pages have to be dynamically generated. If all you have is pcap's to > work off of, Wireshark can save off streams to files.
Okay, umm, I'll try clarifying a more complicated example: - Drive-by download malware, loading from a multi-nested IFRAME, which eventually loads a malicious Flash object, that ultimately compromises the system. Saving the flows to straight HTML wouldn't cut it in this example, since may have to deal with the encoding type of the Flash object. Or, how about a malicious .JPG or some other image format (.WMF)? I can think of more, but I think you get the point. > Of course, Apache won't help you much beyond HTTP. > > Anyways, at my day job we have to solve these kinds of problems. To > do so, we tried classifying different protocols based on their > complexity and need for dynamic fields. Long story short, protocols > are becoming more dynamic and are requiring greater inter-dependence. > Crypto which often has protection against replay attacks seems to be > showing up more and more. Hence, like you, we're initially targeting > a smaller subset of use cases: > http://www.mudynamics.com/products/modules/mu-studio.html </shameless > plug> Actually, I don't mind the plug. I'm curious, is Mu Dynamics working on a product to accomplish what I've described at all? The closest thing I could find in commercial space was either IxLoad or IxDefend from Ixia, but I'm not 100% sure they have what I'm looking for. > Anyways, I don't want to dissuade you from working on something like > flowreplay, even if it has limited protocol support. There *is* a > need for this and no doubt you'd make quite a few people happy. Understood. I'll let you all know if I come across similar efforts, also. Regards, -- Darien ------------------------------------------------------------------------------ Crystal Reports - New Free Runtime and 30 Day Trial Check out the new simplified licensing option that enables unlimited royalty-free distribution of the report engine for externally facing server and web deployment. http://p.sf.net/sfu/businessobjects _______________________________________________ Tcpreplay-users mailing list Tcpreplay-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tcpreplay-users Support Information: http://tcpreplay.synfin.net/trac/wiki/Support
