[zeromq-dev] Sniffing connections

Jose Pedro Oliveira jpo at di.uminho.pt
Fri Apr 12 23:43:51 CEST 2013


Matthew,

Is Ettercap able to dissect ZMQ frames?

Can't find references to one in the history

    http://ettercap.github.io/ettercap/downloads.html

or in the dissectors source directory

    https://github.com/Ettercap/ettercap/tree/master/src/dissectors

Regards,
jpo

On 2013-04-12 22:05, Matthew Kaufman wrote:
> Please use http://ettercap.github.io/ettercap/ to understand everything
> in life.
> 
> 
> On Fri, Apr 12, 2013 at 4:58 PM, Jose Pedro Oliveira <jpo at di.uminho.pt
> <mailto:jpo at di.uminho.pt>> wrote:
> 
>     On 2013-04-10 18:12, Garrett Smith wrote:
>     > It's come to the point that I want to become very intimate with
>     0MQ connections.
>     >
>     > I'd usually use tcpdump and watch port traffic but at the TCP level,
>     > I'm guessing I won't learn much. Does anyone have some helpful tips to
>     > start this process?
> 
>     Garrett,
> 
>     Tcpdump 4.4 will be released with ZMTP/1.0 support (13/ZMTP
>     specification): just clone the tcpdump git repo and check
>     the file print-zeromq.c (or download the tcpdump 4.4 RC3
>     source tarball).
> 
>     Git:
>         git clone git://bpf.tcpdump.org/tcpdump
>     <http://bpf.tcpdump.org/tcpdump>
> 
>     Tarballs:
>        http://www.ca.tcpdump.org/beta/
> 
>     Additional info:
>      * [zeromq-dev] testing of tcpdump decoder of ZeroMQ wire protocol
>         http://lists.zeromq.org/pipermail/zeromq-dev/2013-March/020824.html
> 
>     Regards,
>     jpo
>     --
>     José Pedro Oliveira
>     * mailto:jpo at di.uminho.pt <mailto:jpo at di.uminho.pt> *
>     _______________________________________________
>     zeromq-dev mailing list
>     zeromq-dev at lists.zeromq.org <mailto:zeromq-dev at lists.zeromq.org>
>     http://lists.zeromq.org/mailman/listinfo/zeromq-dev
> 
> 
> 
> 
> _______________________________________________
> zeromq-dev mailing list
> zeromq-dev at lists.zeromq.org
> http://lists.zeromq.org/mailman/listinfo/zeromq-dev
> 


-- 
José Pedro Oliveira
* mailto:jpo at di.uminho.pt *



More information about the zeromq-dev mailing list