Chaosreader
Jump to navigation
Jump to search
DRAFT
This page is still a draft. Thank you for your understanding.
Description
INCOMPLETE SECTION OR ARTICLE
This section/article is being written and is therefore not complete.
Thank you for your comprehension.
Thank you for your comprehension.
Installation
$ cd ~/src/ $ wget http://downloads.sourceforge.net/project/chaosreader/chaosreader/0.94/chaosreader0.94 $ chmod +x chaosreader0.94
Usage
Syntax
./chaosreader [-aehikqrvxAHIRTUXY] [-D dir]
[-b port[,...]] [-B port[,...]]
[-j IPaddr[,...]] [-J IPaddr[,...]]
[-l port[,...]] [-L port[,...]] [-m bytes[k]]
[-M bytes[k]] [-o "time"|"size"|"type"|"ip"]
[-p port[,...]] [-P port[,...]]
infile [infile2 ...]
./chaosreader -s [mins] | -S [mins[,count]]
[-z] [-f 'filter']
Options
- -a, --application
- Create application session files (default)
- -e, --everything
- Create HTML 2-way & hex files for everything
- -h
- Print a brief help
- --help
- Print verbose help (this) and version
- --help2
- Print massive help
- -i, --info
- Create info file
- -q, --quiet
- Quiet, no output to screen
- -r, --raw
- Create raw files
- -v, --verbose
- Verbose - Create ALL files .. (except -e)
- -x, --index
- Create index files (default)
- -A, --noapplication
- Exclude application session files
- -H, --hex
- Include hex dumps (slow)
- -I, --noinfo
- Exclude info files
- -R, --noraw
- Exclude raw files
- -T, --notcp
- Exclude TCP traffic
- -U, --noudp
- Exclude UDP traffic
- -Y, --noicmp
- Exclude ICMP traffic
- -X, --noindex
- Exclude index files
- -k, --keydata
- Create extra files for keystroke analysis
- -D dir, --dir dir
- Output all files to this directory
- -b 25,79, --playtcp 25,79
- replay these TCP ports as well (playback)
- -B 36,42, --playudp 36,42
- replay these UDP ports as well (playback)
- -l 7,79, --htmltcp 7,79
- Create HTML for these TCP ports as well
- -L 7,123, --htmludp 7,123
- Create HTML for these UDP ports as well
- -m 1k, --min 1k
- Min size of connection to save ("k" for Kb)
- -M 1024k, --max 1k
- Max size of connection to save ("k" for Kb)
- -o size, --sort size
- sort Order: time/size/type/ip (Default time)
- -p 21,23, --port 21,23
- Only examine these ports (TCP & UDP)
- -P 80,81, --noport 80,81
- Exclude these ports (TCP & UDP)
- -s 5, --runonce 5
- Standalone. Run tcpdump/snoop for 5 mins.
- -S 5,10, --runmany 5,10
- Standalone, many. 10 samples of 5 mins each.
- -S 5, --runmany 5
- Standalone, endless. 5 min samples forever.
- -z, --runredo
- Standalone, redo. Rereads last run's logs.
- -j 10.1.2.1, --ipaddr 10.1.2.1
- Only examine these IPs
- -J 10.1.2.1, --noipaddr 10.1.2.1
- Exclude these IPs
- -f 'port 7', --filter 'port 7'
- With standalone, use this dump filter.
Example
INCOMPLETE SECTION OR ARTICLE
This section/article is being written and is therefore not complete.
Thank you for your comprehension.
Thank you for your comprehension.