Packet Capturing

From Hack Sphere Labs Wiki
Jump to: navigation, search

Analysis


Wireshark

I had a dump file from PFsense I tried to open in Windows and Wireshark ran out of memory. I have opened multi gig capture files in Linux with not problem.

Wireshark has this: http://wiki.wireshark.org/KnownBugs/OutOfMemory but it is useless. I even increased the Windows swap file to 8GB. The site says something about 10 times more memory or something then what your capture is. So your saying for 500 mb I need 5GB of memory. Wtf?

Something is wrong. It should be able to open this file. It could be that the Binary version for Windows was compiled weak.

It looks like I will have to find a different solution to analyze these logs.

Intrusion Analysis

A lot of the analysis tools that are on the wireshark site are not free and therefore suck. The wireshark site does have a lot of links to free utils though. Right now I am looking for something to open this file up in windows though...

A lot of these guys offer VMs. I bet you they can be cracked. Sourcecode?

Command 5 SIGMA

A great command line tool that will parse cap files and throw them into a SQL database.