recentpopularlog in

whip_lash : pcap   15

GitHub - pentesteracademy/patoolkit: PA Toolkit is a collection of traffic analysis plugins focused on security
PA Toolkit contains plugins (both dissectors and taps) covering various scenarios for multiple protocols, including:

WiFi (WiFi network summary, Detecting beacon, deauth floods etc.)
HTTP (Listing all visited websites, downloaded files)
HTTPS (Listing all websites opened on HTTPS)
ARP (MAC-IP table, Detect MAC spoofing and ARP poisoning)
DNS (Listing DNS servers used and DNS resolution, Detecting DNS Tunnels)
The project is under active development and more plugins will be added in near future.
analysis  http  network  pentesting  https  wireshark  pcap  security 
december 2018 by whip_lash
Finding a Needle in a PCAP
It can be difficult to find what you are looking for in a large PCAP repository, even when you know what to look for and where to look. When traffic captures start to enter multi-gigabyte sizes, the number of tools that can even begin processing these files is limited. SiLK and other flow analysis tools provide the tools for quickly narrowing down the search area. However, when ground truth is required, you are often back to square one when searching for a particular packet or flow in large traffic captures.

In this presentation, Emily describes the available features in Yet Another Flowmeter (YAF) for indexing large PCAP files with flow. She provides relevant examples of common analysis techniques with various tools from the CERT NetSA Security Suite and describes how to perform complementary PCAP analysis with YAF. In this presentation, Emily also touches on deploying a tiered approach to network monitoring storage and ways to maximize storage without compromising network analysis.
pcap  netflow  tools 
september 2018 by whip_lash
Truncating Payloads and Anonymizing PCAP files - SANS Internet Storm Center
Sometimes, you may need to provide PCAP files to third-party organizations like a vendor support team to investigate a problem with your network. I was looking for a small tool to anonymize network traffic but also to restrict data to packet headers (and drop the payload). Google pointed me to a tool called ‘TCPurify’. 
pcap  tcpdump 
august 2018 by whip_lash
Analyzing Large Capture Files Part 2 – Protocol Hierarchy – Chris Sanders
My favorite method for understanding what protocols may be present in a capture is to generate a protocol hierarchy chart.

You can generate a protocol hierarchy chart in Wireshark by selecting the Protocol Hierarchy option from the Statistics drop-down menu.
wireshark  pcap 
june 2018 by whip_lash
10.6. Configuration Profiles
Configuration Profiles can be used to configure and use more than one set of preferences and configurations. Select the Edit → Configuration Profiles…​ menu item or press Shift+Ctrl+A or Shift+⌘+A (macOS) and Wireshark will pop up the Configuration Profiles dialog box as shown in Figure 10.9, “The configuration profiles dialog box”. It is also possible to click in the “Profile” part of the statusbar to popup a menu with available Configuration Profiles (Figure 3.22, “The Statusbar with a configuration profile menu”).
wireshark  pcap 
june 2018 by whip_lash
caesar0301/awesome-pcaptools: A collection of tools developed by other researchers in the Computer Science area to process network traces. All the right reserved for the original authors.
This project does not contain any source code or files. I just want to make a list of tools to process pcap files in research of network traffic. For more awesome lists, see
network  pcap  security  tools 
february 2018 by whip_lash
Srinivas11789/PcapXray: PcapXray - A Network Forensics Tool - To visualize a Packet Capture offline as a Network Diagram including device identification, highlight important communication and file extraction
Given a Pcap File, plot a network diagram displaying hosts in the network, network traffic, highlight important traffic and Tor traffic as well as potential malicious traffic including data involved in the communication.
networking  pcap  github  python 
february 2018 by whip_lash
net-creds - Sniff Passwords From Interface or PCAP File
net-creds is a Python-based tool for sniffing plaintext passwords and hashes from a network interface or PCAP file – it doesn’t rely on port numbers for service identification and can concatenate fragmented packets.
pcap  pentest 
december 2017 by whip_lash
PacketBomb – Packet Analysis Explosion
Real people with real network and application performance problems. PacketBomb helped them understand the issues and in some cases completely resolve the issue.
networkengineering  networking  analysis  troubleshooting  pcap  class 
december 2015 by whip_lash

Copy this bookmark:

to read