This program was NOT WRITTEN BY ME. Just so we're all clear on that.
Brian Caswell wrote this program and posted it on his blog. However, I find it very useful.
Sometimes when people have problems with their pcap's when they are trying to run them through Snort, I would say 90% of the time, it's because of bad chksums. Now, that's not a bad thing, it's just that people forget to check them.
So this little proggie takes a pcap, rewrites the checksum so its correct, and spits it back out. THEN you can run it through Snort. (Or whatever)
Here is the program that I did not write.
It requires Net::Pcap and Net::Ethereal. Install these through cpan. If you don't know how to do that, well, May God have mercy on your soul. (see link for a judge actually using that quote in a filing. That's awesome. /me claps for that judge.
Credit goes to Brian Caswell. He wrote it. and it rox.
Subscribe to:
Post Comments (Atom)
Evernote, Omnifocus, and my productivity
Over the past several years my job here at Cisco Talos has changed drastically. I took on new roles, which is awesome and exciting, but in ...
-
Without going off the deep-end here and discussing every single Snort rule keyword, I just wanted to touch on a few modifiers that people so... -
Let me start off by saying I'm not bashing the writer of this article, and I'm trying not to be super critical. I don't want to...
-
1. I don't feel like I have much to say. I do a tremendous amount of writing and blogging on the Snort, ClamAV, and Talos blogs. So...
No comments:
Post a Comment