Re: tcptrace-maintainers website bug & tcptrace question

From: Manikantan Ramadas (mramadas@masaka.cs.ohiou.edu)
Date: 11/28/05

• Next message: security@paypal.com: "Update your account information within 24 hours to avoid suspension !"
• Previous message: eBay: "NOTICE: eBay Verifying - Update User Information"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Message-Id: <2CE9F036-65FB-4701-9EAE-936022A16318@irg.cs.ohiou.edu>
From: Manikantan Ramadas <mramadas@masaka.cs.ohiou.edu>
Subject: Re: tcptrace-maintainers website bug & tcptrace question
Date: Mon, 28 Nov 2005 02:05:35 -0500

Hi there,

On Nov 25, 2005, at 2:22 PM, Michael Shannon wrote:

> The sign up feature appears to be erroring out when I try and sign up
> for the mailing lists.
>
   Yep, I just tested it out and found some problems myself. You keep
getting those confirmation-reply requested mails with the
authentication data from majordomo, don't you? Thats what I am
getting. Something's broken with our majordomo here, but not obvious
enough for me to fix in the 10 minutes I looked at the config file
for the list. Shall check with the man who configured majordomo in
our lab-server, and get back to you.

> And, is it possible to output pcaps from tcptrace? I love the
> ability to
> follow tcp sessions and identify if they are complete. I've got
> several
> GB's of pcap's that I need to clean so that only complete tcp sessions
> are left ( for use with Tomahawk ).

    Yep, it is possible. Check out the usage of the -O option in the
"Basic Filtering" chapter of the user's manual. Connection filtering
is a two-step process : First you pick the connection numbers of
interest and store them in a comma-separated list (it can be put in a
file and passed as the filename in the following step too); In the
second step pass these connection numbers you want pulled out with
the -o option and give the pcap-file-name to store just these
connection data in the -O option. The manual explains it better, I
think.

- Mani.

>
> Any info or pointers would be great.
>
> Cheers,
>
> --
> Michael Shannon
> IDS Analyst
> Fortinet Technologies (Canada), Inc.
> 4710 Kingsway, Suite 400
> Burnaby, B.C. V5H 4M2
> Tel: (778) 898-0118
> Skype: shami_fort
>
> -----BEGIN PGP PUBLIC KEY BLOCK-----
> Version: GnuPG v1.2.5 (GNU/Linux)
>
> mQGhBENDA6cRBADKmZ1aNC1jFj00oVHjOs+tA4Z22lB4IVcVtw8u16G0aZ1mm5Ni
> Is9R5/5gKlgYVob5WUYCO0FYq1QzcVKUGf0sd1/XXLJEIP/SO5PjWSMR/y0xtW77
> 49j9lakFYWkgL3IrKvTqyHoyz7xfq30Vi7VOGABYW3qvK2QaV3p3NA25hwCg1poZ
> kRAT211hk7ubmSMVIEJeHhkD/3HrdQtEou4qZLOyO4VQaaC8XAd/sIUsiurJybq4
> wYUNACxQdREV1ZFsctPjPpcoy9z8czH8UR5W3Hlxzpq2lcPWiiBgEDlxxaXcC0mG
> WyUytCD7qRAtIPlneMIkVE/zMllDKU5bPkxPMbPhCG+QgZUOUmHOULWZj7FZL0Ur
> L8r1A/i/hQ+r24Quz29wnCDki5WT1DUyYPWL6RUIwG/TwRKpmNH4udXefpnip3P8
> WBtbbsU/zVm7pTGpZYcrFr5K2l3bOE7oUElNCTMstkG02xtRk9pbBT+PP9mxMVHx
> pPpFWGS453IVclS1WCNCSMUz9OdoslEsmAlRM3SsojUbFY4RtEBNaWNoYWVsIFNo
> YW5ub24gKHdlYWsgZ2VuZXJhbCBlbWFpbCBrZXkpIDxtc2hhbm5vbkBmb3J0aW5l
> dC5jb20+iFsEExECABsFAkNDA6cGCwkIBwMCAxUCAwMWAgECHgECF4AACgkQXbIp
> P6qCcLZe8gCfcKgH6prG19qCuNWbABBy7/wTyVEAn0s0wLszZ/nkG9kWuxEC94ve
> 7bhguQENBENDA6kQBACk4CuynuRWDnW4GTqWBNCsnr+B9epmwhCyLTscE5o82/ZR
> mpQYdDG3kCDSHkY29w2ERidQGF47wAw6u+mOqtlc6lBK8WPeMXVoSab7Vxq0Bz8S
> oXkQtP3hkkWKwzpj1r1nsLd6wHEOTwUs73JyH+PlEwH7xR5lXssQId1/0WAd/wAD
> BQP/fmWsYma3NnfmrK5c50NumNafO9vq9Q551qw1WR0iJY1t/PtC6YSFaiOv0X10
> xxKX385YgQ2BhkwQX11K2pPkHFnPfkOR/vchokPJF6j65NgpwQAcjgFe4MeMVRMa
> buyRx6lDQvHoVt568nuOyTa2I7LlgJhC3NpsZ/ReblwitvOIRgQYEQIABgUCQ0MD
> qQAKCRBdsik/qoJwtiUuAKCGJuFAfFOErO8N6D/tiQLNkF3XNQCfZ9UrNiTFxQiA
> nQtqH/1WPFxVtBw=
> =6Qu9
> -----END PGP PUBLIC KEY BLOCK-----
>
>
>
>
> ### Disclaimer: This message may contain privileged and/or
> confidential information. If you have received this e-mail in
> error or are not the intended recipient, you may not use, copy,
> disseminate or distribute it; do not open any attachments, delete
> it immediately from your system and notify the sender promptly by e-
> mail that you have done so. Thank you. ###

--
"The quieter you become, the more you can hear." - Baba Ram Dass.
____________________________________________________________________
* Manikantan Ramadas * IRG, OU * http://irg.cs.ohiou.edu/~mramadas *
____________________________________________________________________

----------------------------------------------------------------------------
To unsubscribe, send a message with body containing "unsubscribe tcptrace" to
majordomo@tcptrace.org.

• application/pgp-signature attachment: This is a digitally signed message part

• Next message: security@paypal.com: "Update your account information within 24 hours to avoid suspension !"
• Previous message: eBay: "NOTICE: eBay Verifying - Update User Information"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : 11/28/05 EST