Since the launch of pcapr.net a few years ago, the packet-geek community has completely embraced it, extended it and now we are at over 60+ million packets on the cloud, serving enterprise IT folks, operators, government agencies and security/packet geeks. To those that seek specific packet samples, pcapr.net serves as a major reference with samples of over 420+ protocols, full-text search and the automatic indexing and organization of pcaps. But…
Archive for Forensics
iPhone, meet Wireshark – Capturing Traffic from Mobile Devices
I wanted to see what the apps on my iPhone do and as I searched around, most of the current methods seem to involve jail-breaking, setting up hubs and access points and other such cumbersome nastiness. Gotta be simpler than that. So we are releasing a simple libpcap tool that you can run on your Mac to intercept packets from any app on any mobile device. iPad, iPhone, Android are all fair game. Once you can capture, you can very easily fuzz and scale test with Mu Studio. More on that in a different blog.
Visualizing Application Flows with xtractr
If you haven’t checked out xtractr already, you should! It’s a RESTful server that indexes large packet captures for the purposes of forensics, data extraction, reporting, etc. While xtractr can generate all sorts of cool reports and charts, they don’t quite capture the dynamic essence of the network. Users come and go, they tweet, machines send queued emails, phone calls fly around, files get transferred. Static reports and visualizations (Top Talkers anyone?) just don’t do justice to this flurry of activity that happens on a network.
Solving Ann’s Aurora Forensics Contest with xtractr
Had a little time to look into Ann’s Aurora, a forensic contest posted by SANS Digital Forensics. First of all, I got to say, these contests are totally awesome as it gives the opportunity for forensics investigators to try out new ideas and build new tools to solve very real problems. The solution to this has already been published by @McGrewSecurity where he posted a new tool called pcapline.py. It’s a tool that carves out embedded content in pcaps amongst other things. Very slick.
