Information, tools and how-to's for the new intrusion analyst. Mentoring by blogging.
Sunday, November 24, 2013
Moloch Packet Capture
If you're looking for
free, open source packet capture software that indexes metadata for full packet
searching, you might want to look at Moloch. https://github.com/aol/moloch Moloch
uses Elastic Search on the back end for indexing, allows searching on a host of
fields, will reconstruct files and images on the fly and will transfer the full
pcap to the viewer on the sensor you're working on from the sensor it was
captured on. Designed for multi-gigabyte networks, its very fast if given beefy enough hardware and the required tuning.
Labels:
elastic search,
moloch packet capture,
packet data,
pcaps
Tuesday, November 5, 2013
Tools on Wireshark's Wiki page
Wireshark has a great list of packet capture related tools on their Wiki page, found here. Great resource..
Subscribe to:
Posts (Atom)