Difference between revisions of "Packet Capturing"
From Hack Sphere Labs Wiki
(→Intrusion Analysis) |
|||
| Line 6: | Line 6: | ||
=Intrusion Analysis= | =Intrusion Analysis= | ||
| − | A lot of the analysis tools that are on the wireshark site are not free and | + | A lot of the analysis tools that are on the wireshark site are not free and therefore suck. The wireshark site does have a lot of links to free utils though. Right now I am looking for something to open this file up in windows though... |
A lot of these guys offer VMs. I bet you they can be cracked. Sourcecode? | A lot of these guys offer VMs. I bet you they can be cracked. Sourcecode? | ||
Revision as of 05:34, 2 July 2012
Wireshark
I had a dump file from PFsense I tried to open in Windows and Wireshark ran out of memory. I have opened multi gig capture files in Linux with not problem.
It looks like I will have to find a different solution to analyze these logs
Intrusion Analysis
A lot of the analysis tools that are on the wireshark site are not free and therefore suck. The wireshark site does have a lot of links to free utils though. Right now I am looking for something to open this file up in windows though...
A lot of these guys offer VMs. I bet you they can be cracked. Sourcecode?
- http://wiki.wireshark.org/Tools#Intrusion_Analysis_.2F_SQL_Database_Support
- CloudShark - Not free. Looks good though.
- xtractr - Not free - lite version limited
Command 5 SIGMA
A great command line tool that will parse cap files and throw them into a SQL database.
