Since the launch of pcapr.net a few years ago, the packet-geek community has completely embraced it, extended it and now we are at over 60+ million packets on the cloud, serving enterprise IT folks, operators, government agencies and security/packet geeks. To those that seek specific packet samples, pcapr.net serves as a major reference with samples of over 420+ protocols, full-text search and the automatic indexing and organization of pcaps. But…
Archive for xtractr
Visualizing Application Flows with xtractr
If you haven’t checked out xtractr already, you should! It’s a RESTful server that indexes large packet captures for the purposes of forensics, data extraction, reporting, etc. While xtractr can generate all sorts of cool reports and charts, they don’t quite capture the dynamic essence of the network. Users come and go, they tweet, machines send queued emails, phone calls fly around, files get transferred. Static reports and visualizations (Top Talkers anyone?) just don’t do justice to this flurry of activity that happens on a network.
Solving Ann’s Aurora Forensics Contest with xtractr
Had a little time to look into Ann’s Aurora, a forensic contest posted by SANS Digital Forensics. First of all, I got to say, these contests are totally awesome as it gives the opportunity for forensics investigators to try out new ideas and build new tools to solve very real problems. The solution to this has already been published by @McGrewSecurity where he posted a new tool called pcapline.py. It’s a tool that carves out embedded content in pcaps amongst other things. Very slick.
