On Thu, Sep 13, 2001 at 08:39:51AM -0700, Junginger, Jeremy wrote: > I need to write a filter rule for ethereal that tracks all access to > a specific URL (not ip address). Is this possible, and if so, how? I would check into ngrep, the 'network grepper': http://www.packetfactory.net/Projects/ngrep/ A line like this may be what you're looking for: # ngrep -d lo -A 2 'index\.html' 'dst port 80' -d lo 'Listen on interface lo' -A 2 'Dump 2 packets of trailing context' 'index\.html' 'regex of what to grep each matching packet for' 'dst port 80' 'the libpcap packet match filter' I don't know if ngrep dumps data in the way you're expecting, but it's a start. Good luck! -- Don Faulkner, CISSP | Senior Security Consultant | Spectria <don.faulknerat_private> | --A Rainbow Technologies company | 1-888-IS-GUARD ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Fri Sep 14 2001 - 12:24:08 PDT