etterlog - ETTERLOG(8) ETTERLOG(8) NAME etterlog NG-0.7.3 -...

Info iconThis preview shows pages 1–2. Sign up to view the full content.

View Full Document Right Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: ETTERLOG(8) ETTERLOG(8) NAME etterlog NG-0.7.3 - Log analyzer for ettercap log files SYNOPSIS etterlog [ OPTIONS ] FILE DESCRIPTION Etterlog is the log analyzer for logfiles created by ettercap. It can handle both compressed (created with-Lc) or uncompressed logfiles. With this tool you can manipulate binary files as you like and you can print data in different ways all the times you want (in contrast with the previous logging system which was used to dump in a single static manner). You will be able to dump traffic from only one connection of your choice, from only one or more hosts, print data in hex, ascii, binary etc... TIP: All unuseful messages are printed to stderr, so you can save the output from etterlog with the follow- ing command: etterlog [options] logfile > outfile Thus you can dump for example a binary file from an ftp connection if you print the data in binary mode, without headers and selecting only the ftp server as the source of the communication. GENERAL OPTIONS-a ,--analyze Analyze a log file and display some interesting statistics.-c ,--connections Parse the log file and print a table of unique connections (port to port). This option can be used only on LOG_PACKET logfiles. On LOG_INFO logfiles it is useless. TIP: you can search for a particular host by using the following command: etterlog -c logfile.ecp | grep ,--filter <TARGET> Print only packets coming from or going to TARGET. The TARGET specification is the same as in ettercap. TARGET is in the form MAC/IPs/PORTs . Omitting one or more of its parts will be equivalent to set them to ANY. If the log type is LOG_INFO the target is used to display hosts matching the mac, ip and having the specified port(s) open. For example the target //80 will display only information about hosts with a running web server.-r ,--rev erse Reverse the matching in the TARGET selection. It means not(TARGET). All but the selected TARGET....
View Full Document

Page1 / 5

etterlog - ETTERLOG(8) ETTERLOG(8) NAME etterlog NG-0.7.3 -...

This preview shows document pages 1 - 2. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online