On 28 November 2013 23:07, Robin Wood <[email protected]> wrote: > I didn't know it could run in Linux and I'll send the pcap into it and > see what it extracts.
I've loaded the pcap into NetworkMiner and it has found some TDS traffic and is showing it in the sessions tab but I can't get it to display the SQL. I've tried double clicking, right clicking. What do I need to do to see it? Robin > Thanks. > > Robin > > On 28 November 2013 20:00, Erik Hjelmvik <[email protected]> wrote: >> Hi Robin, >> >> NetworkMiner parses MS-SQL from PCAP files and extracts all SQL >> queries etc to the "Parameters" tab. >> Login credentials are also extracted and displayed on the Credentials tab. >> >> Btw. you do know that NetworkMiner runs fine in Linux as well, right? >> http://www.netresec.com/?page=Blog&month=2011-12&post=No-more-Wine---NetworkMiner-in-Linux-with-Mono >> >> /erik >> >> 2013/11/26 Robin Wood <[email protected]>: >>> >>> On 26 Nov 2013 18:58, "c1b3rh4ck" <[email protected]> wrote: >>>> >>>> -----BEGIN PGP SIGNED MESSAGE----- >>>> Hash: SHA1 >>>> >>>> El 25/11/2013 06:09 p.m., Robin Wood escribió: >>>> > I've got a pcap which contains unencrypted MSSQL traffic, can >>>> > anyone recommend an app which will extract all the SQL? >>>> > >>>> > I can see it in Wireshark but it isn't decoding it for some reason, >>>> > if I save the packets as text I can manipulate it into mostly >>>> > readable form by some simple replaces but would rather a nice clean >>>> > extraction, especially as I know this has usernames and passwords >>>> > in. >>>> > >>>> > Robin _______________________________________________ Pauldotcom >>>> > mailing list [email protected] >>>> > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main >>>> > Web Site: http://pauldotcom.com >>>> > >>>> >>>> Hi, >>>> You can use python libraries to parse the content,take a look at scapy :) >>>> Best regards . >>> >>> Does Scapy have a dissector for MSSQL/TDS? >>> >>> Robin >>> >>>> >>>> - ------------------------------ >>>> Debian User >>>> Penetration Testing >>>> Colombian Security Enthusiast >>>> Paranoid Security Addict >>>> LinuxUser #506301 >>>> - ------------------------------------ >>>> Quien se infiltra en la oscuridad,es Quien encuentra la verdad .Lao Tse >>>> -----BEGIN PGP SIGNATURE----- >>>> Version: GnuPG v2.0.22 (MingW32) >>>> >>>> iQEcBAEBAgAGBQJSlOVJAAoJEH744K9jmDitVSEH+weDHbDNoNoJ3hgLrFPYvVuV >>>> ZLymjMxLVaJH5OJRlQi+wIBhnJ1s5pmWXPAva57nGspO36rROIEylUCmYL/GAFvO >>>> rj8QL/EvsWJaAMyo+kLeTwvVQ6l6q0GjStluaicOMT7SwOc8lRyjJ+LByUaCSM5I >>>> nOXlKffvwOj3Y1WzA8Qviy3RAHCmWGDN7vI8mrTvb1tdXjt4ui+aDpcRwuysbLR2 >>>> BAoCMPtQMzr0Dq+Scw/suIfTVnP1JkHjL9XZlwuZLQHL5pRZ7bNu9jT1v2M9/zBH >>>> vxgddslFYYsaXvht1C9AhaJNZMk4TcCOQY/57HfC+0VPi5UbFqwYRLzObZ3IbUU= >>>> =OW3f >>>> -----END PGP SIGNATURE----- >>>> _______________________________________________ >>>> Pauldotcom mailing list >>>> [email protected] >>>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >>>> Main Web Site: http://pauldotcom.com >>> >>> >>> _______________________________________________ >>> Pauldotcom mailing list >>> [email protected] >>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >>> Main Web Site: http://pauldotcom.com >> >> >> >> -- >> blog: http://www.netresec.com/?page=Blog >> twitter: http://twitter.com/netresec _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
