Etterlog
Etterlog Description
Etterlog is the log analyzer for logfiles created by ettercap. It can handle both compressed (created with -Lc) or uncompressed logfiles. With this tool you can manipulate binary files as you like and you can print data in different ways all the times you want (in contrast with the previous logging system which was used to dump in a single static manner). You will be able to dump traffic from only one connection of your choice, from only one or more hosts, print data in hex, ascii, binary etc…
TIP: All non-useful messages are printed to stderr, so you can save the output from etterlog with the following command:
etterlog [options] logfile > outfile
Thus you can dump for example a binary file from an ftp connection if you print the data in binary mode, without headers and selecting only the ftp server as the source of the communication.
Homepage: http://ettercap.github.io/ettercap/
Authors: Alberto Ornaghi (ALoR), Marco Valleri (NaGA), Emilio Escobar (exfil), Eric Milam (J0hnnyBrav0), Gianfranco Costamagna (LocutusOfBorg)
License: GPLv2
Etterlog Help
Usage: etterlog [OPTIONS] logfile
General Options: -a, --analyze analyze a log file and return useful infos -c, --connections display the table of connections -f, --filter <TARGET> print packets only from this target -t, --proto <proto> display only this proto (default is all) -F, --filcon <CONN> print packets only from this connection -s, --only-source print packets only from the source -d, --only-dest print packets only from the destination -r, --reverse reverse the target/connection matching -n, --no-headers skip header information between packets -m, --show-mac show mac addresses in the headers -k, --color colorize the output -l, --only-local show only local hosts parsing info files -L, --only-remote show only remote hosts parsing info files Search Options: -e, --regex <regex> display only packets that match the regex -u, --user <user> search for info about the user <user> -p, --passwords print only accounts information -i, --show-client show client address in the password profiles -I, --client <ip> search for pass from a specific client Editing Options: -C, --concat concatenate more files into one single file -o, --outfile <file> the file used as output for concatenation -D, --decode used to extract files from connections Visualization Method: -B, --binary print packets as they are -X, --hex print packets in hex mode -A, --ascii print packets in ascii mode (default) -T, --text print packets in text mode -E, --ebcdic print packets in ebcdic mode -H, --html print packets in html mode -U, --utf8 <encoding> print packets in uft-8 using the <encoding> -Z, --zero do not print packets, only headers -x, --xml print host infos in xml format Standard Options: -v, --version prints the version and exit -h, --help this help screen
Etterlog Usage Example
etterlog -k -l dump.eci
Displays information about local hosts in different colors.
etterlog -X dump.ecp
Prints packets in HEX mode with full headers.
etterlog -c dump.ecp
Displays the list of connections logged in the file.
etterlog -Akn -F TCP:10.0.0.1:13423:213.203.143.52:6666 dump.ecp
Displays the IRC traffic made by 10.0.0.1 in ASCII mode, without headers information and in colored mode.
etterlog -H -t tcp -f //80 dump.ecp
Dumps all HTTP traffic and strips html tags.
etterlog -Z -r -f /10.0.0.2/22 dump.ecp
Displays only the headers of all connections except ssh on host 10.0.0.2
etterlog -A -e 'user' -f //110 dump.ecp
Displays only POP packets containing the 'user' regexp (case insensitive).
etterlog -u root dump.eci
Displays information about all the accounts of the user 'root'.
etterlog -e Apache dump.eci
Displays information about all the hosts running 'Apache'.
etterlog -e Linux dump.eci
Displays information about all the hosts with the 'Linux' operating system.
etterlog -t tcp -f //110 dump.eci
Displays information about all the hosts with the tcp port 110 open.
etterlog -t udp dump.eci
Displays information about all the hosts with at least one UDP port open.
etterlog -B -s -n -F TCP:10.0.0.1:20:10.0.0.2:35426 logfile.ecp > example.tar.gz
Dumps in binary form the data sent by 10.0.0.1 over the data port of FTP. Since the headers are omitted, you will get the file as it was.
How to install Etterlog
The program is pre-installed on Kali Linux.
Installation on Linux (Debian, Mint, Ubuntu)
http://en.kali.tools/?p=107#install_ettercap
Etterlog Screenshots
The program is a command-line utility.
Etterlog Tutorials
Coming soon…
Related tools
- Ettercap (100%)
- ettercap-plugins (100%)
- etter.conf (100%)
- MITMf (100%)
- Bettercap (100%)
- LANs.py (RANDOM - 50%)
Comments are Closed