Are there any viewers for tcpdump log files ?1)a) On Linux
tcpdump -r /some/file
b) on Windows
tcpdump -r /some/file
c) as an HTML server
Not offhand, but it'd be trivial to write a CGI to do this. An easy cheat would be to write a snort rule to log everything, run the packets through snort with -r, log them to mysql, and use ACID to look at them. This will be one-packet-per-page, though. Probably better to wrap tethereal with a CGI script or some-such though.
2)
a) text dump file
tcpdump -Xr /some/file
b) binary dump file
hexedit /some/fileAs someone already pointed out, if you want a nice GUI to look at them (and do advanced protocol decodes) use Ethereal (or tethereal for text output). Note that the display expressions in [t|e]thereal are different than the BPF expressions used to capture.
Cheers, Michael Holstein CISSP GCIA Cleveland State University _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/