Packet Capturing
From Hack Sphere Labs Wiki
Wireshark
I had a dump file from PFsense I tried to open in Windows and Wireshark ran out of memory. I have opened multi gig capture files in Linux with not problem.
It looks like I will have to find a different solution to analyze these logs
Intrusion Analysis
A lot of the analysis tools that are on the wireshark site are not free and therefore suck. The wireshark site does have a lot of links to free utils though. Right now I am looking for something to open this file up in windows though...
A lot of these guys offer VMs. I bet you they can be cracked. Sourcecode?
- http://wiki.wireshark.org/Tools#Intrusion_Analysis_.2F_SQL_Database_Support
- CloudShark - Not free. Looks good though.
- xtractr - Not free - lite version limited
Command 5 SIGMA
A great command line tool that will parse cap files and throw them into a SQL database.