I didn't know it could run in Linux and I'll send the pcap into it and see what it extracts.
Thanks. Robin On 28 November 2013 20:00, Erik Hjelmvik <[email protected]> wrote: > Hi Robin, > > NetworkMiner parses MS-SQL from PCAP files and extracts all SQL > queries etc to the "Parameters" tab. > Login credentials are also extracted and displayed on the Credentials tab. > > Btw. you do know that NetworkMiner runs fine in Linux as well, right? > http://www.netresec.com/?page=Blog&month=2011-12&post=No-more-Wine---NetworkMiner-in-Linux-with-Mono > > /erik > > 2013/11/26 Robin Wood <[email protected]>: >> >> On 26 Nov 2013 18:58, "c1b3rh4ck" <[email protected]> wrote: >>> >>> -----BEGIN PGP SIGNED MESSAGE----- >>> Hash: SHA1 >>> >>> El 25/11/2013 06:09 p.m., Robin Wood escribió: >>> > I've got a pcap which contains unencrypted MSSQL traffic, can >>> > anyone recommend an app which will extract all the SQL? >>> > >>> > I can see it in Wireshark but it isn't decoding it for some reason, >>> > if I save the packets as text I can manipulate it into mostly >>> > readable form by some simple replaces but would rather a nice clean >>> > extraction, especially as I know this has usernames and passwords >>> > in. >>> > >>> > Robin _______________________________________________ Pauldotcom >>> > mailing list [email protected] >>> > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main >>> > Web Site: http://pauldotcom.com >>> > >>> >>> Hi, >>> You can use python libraries to parse the content,take a look at scapy :) >>> Best regards . >> >> Does Scapy have a dissector for MSSQL/TDS? >> >> Robin >> >>> >>> - ------------------------------ >>> Debian User >>> Penetration Testing >>> Colombian Security Enthusiast >>> Paranoid Security Addict >>> LinuxUser #506301 >>> - ------------------------------------ >>> Quien se infiltra en la oscuridad,es Quien encuentra la verdad .Lao Tse >>> -----BEGIN PGP SIGNATURE----- >>> Version: GnuPG v2.0.22 (MingW32) >>> >>> iQEcBAEBAgAGBQJSlOVJAAoJEH744K9jmDitVSEH+weDHbDNoNoJ3hgLrFPYvVuV >>> ZLymjMxLVaJH5OJRlQi+wIBhnJ1s5pmWXPAva57nGspO36rROIEylUCmYL/GAFvO >>> rj8QL/EvsWJaAMyo+kLeTwvVQ6l6q0GjStluaicOMT7SwOc8lRyjJ+LByUaCSM5I >>> nOXlKffvwOj3Y1WzA8Qviy3RAHCmWGDN7vI8mrTvb1tdXjt4ui+aDpcRwuysbLR2 >>> BAoCMPtQMzr0Dq+Scw/suIfTVnP1JkHjL9XZlwuZLQHL5pRZ7bNu9jT1v2M9/zBH >>> vxgddslFYYsaXvht1C9AhaJNZMk4TcCOQY/57HfC+0VPi5UbFqwYRLzObZ3IbUU= >>> =OW3f >>> -----END PGP SIGNATURE----- >>> _______________________________________________ >>> Pauldotcom mailing list >>> [email protected] >>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >>> Main Web Site: http://pauldotcom.com >> >> >> _______________________________________________ >> Pauldotcom mailing list >> [email protected] >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> Main Web Site: http://pauldotcom.com > > > > -- > blog: http://www.netresec.com/?page=Blog > twitter: http://twitter.com/netresec _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
