Difference between revisions of "Packet Capturing"
From Hack Sphere Labs Wiki
(Created page with "=Wireshark I had a dump file from PFsense I tried to open in Windows and Wireshark ran out of memory. I have opened multi gig capture files in Linux with not problem. It lo...") |
|||
| Line 1: | Line 1: | ||
| − | =Wireshark | + | =Wireshark= |
I had a dump file from PFsense I tried to open in Windows and Wireshark ran out of memory. I have opened multi gig capture files in Linux with not problem. | I had a dump file from PFsense I tried to open in Windows and Wireshark ran out of memory. I have opened multi gig capture files in Linux with not problem. | ||
| − | It looks like I will have to find a different solution to analyze these logs. | + | It looks like I will have to find a different solution to analyze these logs |
| + | |||
| + | =Intrusion Analysis= | ||
| + | A lot of the analysis tools that are on the wireshark site are not free and therefor suck. The wireshark site does have a lot of links to free utils though. Right now I am looking for something to open this file up in windows though... | ||
| + | |||
| + | A lot of these guys offer VMs. I bet you they can be cracked. Sourcecode? | ||
| − | |||
* http://wiki.wireshark.org/Tools#Intrusion_Analysis_.2F_SQL_Database_Support | * http://wiki.wireshark.org/Tools#Intrusion_Analysis_.2F_SQL_Database_Support | ||
| + | **CloudShark - Not free. Looks good though. | ||
| + | **xtractr - Not free - lite version limited | ||
| + | ***http://www.spirent.com/Solutions-Directory/Studio_Performance | ||
| + | |||
| + | ==Command 5 SIGMA== | ||
| + | A great command line tool that will parse cap files and throw them into a SQL database. | ||
* http://www.commandfive.com/research.html | * http://www.commandfive.com/research.html | ||
* http://www.commandfive.com/downloads/c5sigma.html | * http://www.commandfive.com/downloads/c5sigma.html | ||
Revision as of 05:34, 2 July 2012
Wireshark
I had a dump file from PFsense I tried to open in Windows and Wireshark ran out of memory. I have opened multi gig capture files in Linux with not problem.
It looks like I will have to find a different solution to analyze these logs
Intrusion Analysis
A lot of the analysis tools that are on the wireshark site are not free and therefor suck. The wireshark site does have a lot of links to free utils though. Right now I am looking for something to open this file up in windows though...
A lot of these guys offer VMs. I bet you they can be cracked. Sourcecode?
- http://wiki.wireshark.org/Tools#Intrusion_Analysis_.2F_SQL_Database_Support
- CloudShark - Not free. Looks good though.
- xtractr - Not free - lite version limited
Command 5 SIGMA
A great command line tool that will parse cap files and throw them into a SQL database.
