'pcap' Category

• Yahsnarf – Sniff Yahoo IM conversations

  April 3, 2008

  Remember way back, when I released Aimsnarf? Well, it turns out that people were interested in one for Yahoo IM, so I’m happy to present Yahsnarf, the Yahoo messenger sniffing script. You can download the script on the yahsnarf project page. Yahsnarf requires Ruby, ruby-pcap and bit-struct (Thanks Matasano for introducing me to bit-struct, made […]

  posted in im, network, pcap, ruby, script, sniff, yahoo, yahsnarf by Lee

• NSM-Console version 0.6 release

  March 14, 2008

  I’m happy to announce the release of the next version of NSM-Console. Version 0.6. If you are unfamiliar with NSM-Console, here’s the synopsis from the project page: NSM-Console (Network Security Monitoring Console) is a framework for performing analysis on packet capture files. It implements a modular structure to allow for an analyst to quickly write […]

  posted in bro-ids, clamscan, dump, foremost, gzip, harimau, monitoring, network, nsm, nsm console, packet, pcap, security, snort, trace-summary, whitepaper by Lee

• Collaborative analysis efforts with simple to use interfaces

  February 12, 2008

  You know what would be really helpful? I mean, actually helpful to people in the security industry as a whole? We need some kind of collaboration tool that allows many different users to view, download, analyze, tag, describe and ask questions about any and all kinds of malware, network captures and security logs. I’ve been […]

  posted in binary, collaboration, malware, pcap, research by Lee

• Flowtime – Create a timeline for packet flow

  January 24, 2008

  You can never have too many tools for pcap visualization Flowtime is a script written in Ruby that produces a timeline of the network flows in a pcap file. Everything is better with a picture, so here’s a picture: (warning, this picture is 3000×2000 pixels, kind of large) Each bar on the left is a […]

  posted in argus, easytimeline, flow, flowtime, packet, pcap, plot, ploticus, ruby, script, timeline, visualization by Lee

• NSM-console version 0.2 release

  December 21, 2007

  I found out there is internet here, so I’m finally able to post some code changes I was working on while on the airplane. Firstly, download the files here. The static page for nsm-console is here. I finally got around to releasing the next version of the nsm-console. This version incorporates a large amount of […]

  posted in automation, framework, freebsd, hacking, hex, network, networking, nsm, nsm console, pcap, ruby, script, security by Lee

• Network traffic IP Location aggregator (iploc)

  December 14, 2007

  Have you ever been looking through your pcap files (or live captures) and wondered where all the traffic was coming from (or going to)? I have! Well, I’ve written a small (< 150 lines) script to aggregate all of the packet source addresses into a neatly separated CSV (comma-separated values) file. It includes <ip address>,<country>,<city […]

  posted in csv, ip, iploc, location, locator, network, pcap, ruby, script, traffic, visualization by Lee

• Compiling tcpdstat on Mac OSX (quick fix)

  November 29, 2007

  Quick fix for compiling tcpdstat on Mac OSX (Leopard, although probably works for Tiger too). If you get this error: cc -I. -I../libpcap-0.7.1 -DLINUX -D__FAVOR_BSD -D_LARGEFILE_SOURCE=1 -D_FILE_OFFSET_BITS=64 -L../libpcap-0.7.1 -c stat.c cc -I. -I../libpcap-0.7.1 -DLINUX -D__FAVOR_BSD -D_LARGEFILE_SOURCE=1 -D_FILE_OFFSET_BITS=64 -L../libpcap-0.7.1 -c net_read.c net_read.c:74:1: warning: “__FAVOR_BSD” redefined <command line>:1:1: warning: this is the location of the previous definition […]

  posted in compile, compiling, leopard, mac, osx, pcap, tcpdstat by Lee

• NSM Console – A framework for running things

  November 27, 2007

  Well, I’ve been hard at work for the last couple of days working on a (hopefully) useful tool for aiding in NSM file analysis (for pcap files, live analysis doesn’t work). Behold! I present NSM-Console! (read more about it here, watch a screencast here) Download the framework here. Keep in mind this framework only includes […]

  posted in aimsnarf, console, framework, hex, module, nsm, pcap, plugin, ruby, script, security by Lee

• aimsnarf version 0.11 released

  November 12, 2007

  Yea yea, I know, it’s only been a few hours since the first release. Well, here’s the new release with a couple of major todos taken care of: Download the script here. Read about aimsnarf in the previous post about it. Changes in this version: Trillian is now supported, as well as AOL’s AIM client. […]

  posted in dsniff, hacking, linux, mac, monitoring, pcap, programming, ruby, script, security, sniffing, tcpdump, wireshark by Lee

• Introducing ‘aimsnarf.rb’ => A simple AIM sniffing tool written in Ruby

  November 12, 2007

  [UPDATE 11/13/07] : version 0.11 released Firstly, download the script here. aimsnarf.rb is a small (~200 lines) Ruby script that I’ve written to sniff and dump AOL IM messages to STDOUT. I wrote this an as alternative to aimsniff, because I really dislike having to install aimsniff and all of it’s dependancies when all I […]

  posted in bsd, dsniff, linux, monitoring, pcap, ruby, script, security, sniffing, tcpdump, unix by Lee