-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathreadme.txt
72 lines (48 loc) · 2.16 KB
/
readme.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
Secvis is the tool used for the research described in the following paper:
http://juliangrizzard.com/pubs/2005_krasser_iaw.pdf
The code was initially released with Greg Conti's Black Hat USA 2005
presentation. Note that this is a rough prototype. The code is not tidy,
secure, or efficient. It was meant to support the outlined research and not
to produce a standalone tool.
******* Greg's README from the 2005 Black Hat presentation *******
secvis was written by Sven Krasser in Spring 2005
and has been released under the GPL. http://www.gnu.org/licenses/gpl.html
It is a quick prototype, but we believed that the
value of releasing it outweighed the, possibly infinite,
delay required for us to clean up the code.
We would like to thank Robby Simpson of the NETI@Home project
for his help. We also want to mention that some of the
code has been derived from both the NETI@Home project
and from Snort. Our thanks go out to both projects.
Some usage notes follow.
Thanks,
Greg Conti and Sven Krasser
******** secvis usage notes ****************
A makefile is included
Run the program as root for pcap, for example with 'sudo.'
Real-time mode: For example:
sudo ./secvis -i eth0
Forensic mode:
./secvis -r pcap-file
Filter in both modes:
Add option -f, e.g.: -f "not host 192.168.100.100"
Filter strings are described in "man tcpdump."
Running:
Mouse: left button: zoom (2D: move left/right, 3D: move up/down),
middle button: panning, right button: show more information
Keyboard:
Speed control for playback: '[' and ']'
Time window: n and m
Grid: g
Throbber: t
Change 2D/3D: p
Revert to standard view: o
1, 2, and 3 emulate the mouse buttons. Press 1, 2 or 3 Then click
with any button into the window. It will then pick up the new mouse coordinates.
Pressing the numbers only toggles the mouse button state, so that you
still need to click to make the program fetch coordinates.
Pressing q should end the program, buy the cleanup code is messy.
This here should always do the job: sudo killall -9 secvis.
The right button should mark the nearest packet, the middle one is for
panning. If you don't have a middle button, you can use the Emulate 3
Button Mouse option in X11.