This program was NOT WRITTEN BY ME. Just so we're all clear on that.
Brian Caswell wrote this program and posted it on his blog. However, I find it very useful.
Sometimes when people have problems with their pcap's when they are trying to run them through Snort, I would say 90% of the time, it's because of bad chksums. Now, that's not a bad thing, it's just that people forget to check them.
So this little proggie takes a pcap, rewrites the checksum so its correct, and spits it back out. THEN you can run it through Snort. (Or whatever)
Here is the program that I did not write.
It requires Net::Pcap and Net::Ethereal. Install these through cpan. If you don't know how to do that, well, May God have mercy on your soul. (see link for a judge actually using that quote in a filing. That's awesome. /me claps for that judge.
Credit goes to Brian Caswell. He wrote it. and it rox.
Joel Esler, Sourcefire, Snort, Immunet, ClamAV, Apple, and Network Security. This is my blog.
Subscribe to:
Post Comments (Atom)
Call of Duty Error 6034 for the Xbox
Several friends and I play Call of Duty nearly every night. However, Activision’s most recent multiplayer update broke the heck out of Call...

-
Without going off the deep-end here and discussing every single Snort rule keyword, I just wanted to touch on a few modifiers that people so...
-
Let me start off by saying I'm not bashing the writer of this article, and I'm trying not to be super critical. I don't want to...
-
Over the past several years my job here at Cisco Talos has changed drastically. I took on new roles, which is awesome and exciting, but in ...

No comments:
Post a Comment