Sunday, November 24, 2013

Moloch Packet Capture

If you're looking for free, open source packet capture software that indexes metadata for full packet searching, you might want to look at Moloch. https://github.com/aol/moloch Moloch uses Elastic Search on the back end for indexing, allows searching on a host of fields, will reconstruct files and images on the fly and will transfer the full pcap to the viewer on the sensor you're working on from the sensor it was captured on. Designed for multi-gigabyte networks, its very fast if given beefy enough hardware and the required tuning. 

Tuesday, November 5, 2013

Tools on Wireshark's Wiki page

Wireshark has a great list of packet capture related tools on their Wiki page, found here. Great resource..

Blog Archive