Along those same lines I wrote a pcap parsing tool with a web interface that should be fairly easy to extend to add whatever tools you want. It supports bpfs multiple pcaps etc...
Regards, Will http://doc.emergingthreats.net/bin/view/Main/PcapParser On Mon, Sep 21, 2009 at 9:29 AM, Ben Greenfield <[email protected]> wrote: > I can confirm how awesome xplico is. I've been using it for about 2 > months now, and while it's still in beta (and the only good > documentation is in french), it's really a nice tool. > > On Fri, Sep 18, 2009 at 8:58 PM, James Mattson <[email protected]> > wrote: >> Im a big fan of using tcpreplay, then using the usual tools like ettercap, >> driftnet, urlsnarf, etc... If its a wireless pcap, use airdecap-ng first... >> >> Has anyone given TCPextract a shot? It too looks like a good way to carve >> goodies from pcaps... >> >> -B0z0dcl0wn >> >> -----Original Message----- >> From: Robin Wood <[email protected]> >> Sent: Friday, September 18, 2009 3:41 PM >> To: PaulDotCom Security Weekly Mailing List <[email protected]> >> Subject: Re: [Pauldotcom] wall of sheep software >> >> I've downloaded NetWitness and will give it a look through but I was >> more after something more like a script that would just run through >> and pull out incriminating information. >> >> Adrians script looks good but that is parsing ettercap output which I >> haven't got. >> >> I've just had a play with ngrep and got some POP3 details out so I >> might try scripting that. >> >> Robin >> >> 2009/9/18 Chris Bentley <[email protected]>: >>> You could always try splitting the pcap file, only problem being missing >>> some interaction when analysing the files. >>> http://www.ethereal.com/lists/ethereal-users/200511/msg00253.html >>> >>> >>> 2009/9/18 Robert Miller <[email protected]> >>>> >>>> This will not make the "Wall of Shame" for you but for mining a cap file >>>> this is useful, however the free version has a 2gb capture limit >>>> >>>> http://www.netwitness.com/products/investigator.aspx >>>> >>>> This software helped me locate a bot running crazy on a satellite >>>> network really fast, just wish the company would buy the full version >> _______________________________________________ >> Pauldotcom mailing list >> [email protected] >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> Main Web Site: http://pauldotcom.com >> > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com > _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
