Wireshark

I had a dump file from PFsense I tried to open in Windows and Wireshark ran out of memory. I have opened multi gig capture files in Linux with not problem.

It looks like I will have to find a different solution to analyze these logs

Intrusion Analysis

A lot of the analysis tools that are on the wireshark site are not free and therefor suck. The wireshark site does have a lot of links to free utils though. Right now I am looking for something to open this file up in windows though...

A lot of these guys offer VMs. I bet you they can be cracked. Sourcecode?

• http://wiki.wireshark.org/Tools#Intrusion_Analysis_.2F_SQL_Database_Support
  • CloudShark - Not free. Looks good though.
  • xtractr - Not free - lite version limited
    • http://www.spirent.com/Solutions-Directory/Studio_Performance

Command 5 SIGMA

A great command line tool that will parse cap files and throw them into a SQL database.

• http://www.commandfive.com/research.html
• http://www.commandfive.com/downloads/c5sigma.html