I've downloaded NetWitness and will give it a look through but I was more after something more like a script that would just run through and pull out incriminating information.
Adrians script looks good but that is parsing ettercap output which I haven't got. I've just had a play with ngrep and got some POP3 details out so I might try scripting that. Robin 2009/9/18 Chris Bentley <[email protected]>: > You could always try splitting the pcap file, only problem being missing > some interaction when analysing the files. > http://www.ethereal.com/lists/ethereal-users/200511/msg00253.html > > > 2009/9/18 Robert Miller <[email protected]> >> >> This will not make the "Wall of Shame" for you but for mining a cap file >> this is useful, however the free version has a 2gb capture limit >> >> http://www.netwitness.com/products/investigator.aspx >> >> This software helped me locate a bot running crazy on a satellite >> network really fast, just wish the company would buy the full version. >> >> Robin Wood wrote: >> > Hi >> > I've got a large pcap from BruCON and would like to run it through >> > some wall of sheep type software to see what was happening. Can anyone >> > recommend anything? >> > >> > I know that I can get it with manual tcpdump/ngrep type hacking but >> > looking for anything that does it automatically. >> > >> > And before people ask, I'm not planning to release either the pcaps or >> > any data I find in them. >> > >> > Robin >> > _______________________________________________ >> > Pauldotcom mailing list >> > [email protected] >> > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> > Main Web Site: http://pauldotcom.com >> > >> > >> >> _______________________________________________ >> Pauldotcom mailing list >> [email protected] >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> Main Web Site: http://pauldotcom.com > > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com > _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
