Login or Register to Ask a Question and Join Our Community


Cybersecurity

Reading and Manipulating captured packets (pflog file)

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums Cybersecurity Reading and Manipulating captured packets (pflog file)
# 1  
Old 12-29-2004
Error Reading and Manipulating captured packets (pflog file)
Hey,
I currently have a set of captured sessions thru ethereal, saved in pflog files, basically its a tcpdump, which i need to go thru and sort the applications/protocols in order of the times they were used. I also need to change the headers of the packets, basically the source and destination address and broadcast those packets back out onto the network.

Thing is that I have never worked with pflog files, so if anyone can give me any suggestions how i can go thru the pflog files and access individual packets, I would be very appreciative.

PS I am using FreeBSD 4.10, Any info about pflog files and how to work with them would be very helpful thank you.Smilie
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

reading from two files and manipulating the data

hi i have a file of the following format FILE1 5 937 8 1860 1850 1 683 2 1 129 2 2 5 938 8 1122 1123 1 20 520 4 1860 1851 1 5 939 8 1122 1124 1 20 521 4i have another file which... (3 Replies)
Discussion started by: vaibhavkorde
3 Replies

2. Shell Programming and Scripting

need help on manipulating a file

Hi, I need a shell/command to achieve this task. I've a delimited unloaded file from oracle in a scrambled format as shown below with many blank lines in it, I'm just trying to tailor it in a format that would be compatible to view and load it to a IDS db. Here is the problem ... (1 Reply)
Discussion started by: divak
1 Replies

3. Shell Programming and Scripting

File name should not be captured if still copying

HI, I am running a shell script on a folder where our sources files will be published for every 5 mins, I am copying all the source files(i.e .csv format) to a .txt as ls *.csv > camp.txt. Now when the above command is executing some files which are not copied completely , their name is also... (6 Replies)
Discussion started by: subhasri_2020
6 Replies

4. Shell Programming and Scripting

Manipulating a file

Hi everybody, I need an urgent help with a BASH script. I have file which contains (besides the other data) the lines with the following structure identified by with keyword PCList: <PARAMETER NAME="PCList" TYPE="LIST_STRUCTURE" MODEL="{,}" ... (1 Reply)
Discussion started by: sameucho
1 Replies

5. IP Networking

Help with capturing/reading total packets on specific port number

Hi guys, I'm using a Linux system(Ubuntu) and I've been trying to find a method to read the total packets received/sent on a specific port (e.g port 80 or port 25) on a local machine. I can read the overall total packets received/sent from the /proc/net/dev file system. But what I can't do is... (2 Replies)
Discussion started by: lildee
2 Replies

6. IP Networking

tcpdump -w file is not capturing all the packets

I am trying to capture tcpdump for traffic to a port in a file but this does not seem to capture all the packets. Command I use is : tcpdump -w tdump.dat port 22 Why is it not capturing all the packets ? Here is my experiment: root@pmode-client6 adc-demo]# tcpdump port 22 tcpdump:... (5 Replies)
Discussion started by: radiatejava
5 Replies

7. UNIX for Dummies Questions & Answers

Help!! manipulating file

Hi all, I need help manipulating the file below. Here is what I needed to do. First, I have to replace INSUPD to DELETE. Then I need to change the content of the file around by flipping the contents in the file from the bottom to the top (start from "CMD") How should I attack this? Here... (2 Replies)
Discussion started by: sirrtuan
2 Replies

8. UNIX for Dummies Questions & Answers

reading ,writing,appending ,manipulating a file.

Hi my prob statement is to create a new file or to append to the 1tst file the followign chages. File 1: txt file. portfolio No a b c d abc 1 Any Any Any charString cds 2 values values values charString efd 3 can can can charString fdg 4 come come come charString... (4 Replies)
Discussion started by: szchmaltz
4 Replies

9. Solaris

Manipulating File

Help...please. I have a log that contains Warning Authentication Failed: User GHDT88998HS doesn't exit: The User GHDT88998HS could not be found Mar 22, 2008 5:22:22AM com.hometel.ttm.auth.userlogin. about maybe a thousand entries failed user acct message How can I grab just the username... (2 Replies)
Discussion started by: rivendell500
2 Replies

10. UNIX for Advanced & Expert Users

Manipulating output file

I have a file containing two fields, Name and Time, with about 57 lines in this file. I am struggling to create a loop that will cut out the first ten lines of this file and echo it to the screen. Can anybody help me please. (1 Reply)
Discussion started by: mariner
1 Replies
Login or Register to Ask a Question

LEARN ABOUT CENTOS

pflog

PFLOG(4)                                                   BSD Kernel Interfaces Manual                                                   PFLOG(4)

NAME

     pflog -- packet filter logging interface

SYNOPSIS

     device pflog

DESCRIPTION

     The pflog interface is a pseudo-device which makes visible all packets logged by the packet filter, pf(4).  Logged packets can easily be mon-
     itored in real time by invoking tcpdump(1) on the pflog interface, or stored to disk using pflogd(8).

     The pflog0 interface is created automatically at boot if both pf(4) and pflogd(8) are enabled; further instances can be created using
     ifconfig(8).

     Each packet retrieved on this interface has a header associated with it of length PFLOG_HDRLEN.  This header documents the address family,
     interface name, rule number, reason, action, and direction of the packet that was logged.  This structure, defined in <net/if_pflog.h> looks
     like

           struct pfloghdr {
                   u_int8_t        length;
                   sa_family_t     af;
                   u_int8_t        action;
                   u_int8_t        reason;
                   char            ifname[IFNAMSIZ];
                   char            ruleset[PF_RULESET_NAME_SIZE];
                   u_int32_t       rulenr;
                   u_int32_t       subrulenr;
                   uid_t           uid;
                   pid_t           pid;
                   uid_t           rule_uid;
                   pid_t           rule_pid;
                   u_int8_t        dir;
                   u_int8_t        pad[3];
           };

EXAMPLES

     Create a pflog interface and monitor all packets logged on it:

           # ifconfig pflog1 up
           # tcpdump -n -e -ttt -i pflog1

SEE ALSO

     tcpdump(1) inet(4), inet6(4), netintro(4), pf(4), ifconfig(8), pflogd(8)

HISTORY

     The pflog device first appeared in OpenBSD 3.0.

BSD                                                              December 10, 2001                                                             BSD