PaulDotCom mailing list archives

wall of sheep software

From: dninja at gmail.com (Robin Wood)
Date: Fri, 18 Sep 2009 23:41:55 +0100

I've downloaded NetWitness and will give it a look through but I was
more after something more like a script that would just run through
and pull out incriminating information.

Adrians script looks good but that is parsing ettercap output which I
haven't got.

I've just had a play with ngrep and got some POP3 details out so I
might try scripting that.

Robin

2009/9/18 Chris Bentley <chris.bentley at sky.com>:

You could always try splitting the pcap file, only problem being missing
some interaction when analysing the files.
http://www.ethereal.com/lists/ethereal-users/200511/msg00253.html


2009/9/18 Robert Miller <arch3angel at gmail.com>


This will not make the "Wall of Shame" for you but for mining a cap file
this is useful, however the free version has a 2gb capture limit

http://www.netwitness.com/products/investigator.aspx

This software helped me locate a bot running crazy on a satellite
network really fast, just wish the company would buy ?the full version.

Robin Wood wrote:

Hi
I've got a large pcap from BruCON and would like to run it through
some wall of sheep type software to see what was happening. Can anyone
recommend anything?

I know that I can get it with manual tcpdump/ngrep type hacking but
looking for anything that does it automatically.

And before people ask, I'm not planning to release either the pcaps or
any data I find in them.

Robin
_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com


_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com



_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

Current thread:

wall of sheep software Robin Wood (Sep 18)
- wall of sheep software Adrian Crenshaw (Sep 18)
  - wall of sheep software Tim Mugherini (Sep 18)
  - wall of sheep software Albert R. Campa (Sep 18)
  - wall of sheep software Chris Bentley (Sep 18)
    - wall of sheep software Chris Bentley (Sep 18)
  - wall of sheep software Nick Baronian (Sep 18)
  - wall of sheep software Adrian Crenshaw (Sep 18)
- wall of sheep software Robert Miller (Sep 18)
  - wall of sheep software Chris Bentley (Sep 18)
    - wall of sheep software Robin Wood (Sep 18)
- wall of sheep software PJ McGarvey (Sep 18)
  - wall of sheep software John Strand (Sep 18)
- <Possible follow-ups>
- wall of sheep software infolookup at gmail.com (Sep 18)
- wall of sheep software James Mattson (Sep 18)
  - wall of sheep software Ben Greenfield (Sep 21)
    - wall of sheep software Will Metcalf (Sep 21)