Projects tagged ‘wireshark’

Packet Dump Decode (pdd) is a simple convenient GUI wrapper around the Wireshark/Ethereal tools to convert packet hexdumps into well formatted xml containing the decoded protocols and protocol ... [More] contents Using pdd, you just need to copy-paste the hexdump into pdd and hit the "Decode" button. NOTE: pdd is only a wrapper around the Wireshark/Ethereal tools and hence needs either (but at least one) to be already installed. [Less]

PacketFu is a mid-level, cross-platform packet manipulation library for Ruby, allowing for easy Layer 4 and below packet creation and parsing. It requires: Ruby (1.8.6 or later) PcapRub ... [More] (0.8-dev or later) BinData (0.9.3 or later) Both PcapRub and BinData are distributed as part of PacketFu distro. PacketFu is also itself packaged with Metasploit for packet crafting goodness. [Less]

IntroductionThis project is to host open source tools that will help security researcher and network administrator to understand botnet network traffics. Toolsmariposa botnet decryption plugin for ... [More] Wireshark by Yamata Li. Who are weWe are a group of people in Palo Alto Networks Application and Threat Research team, which is a proven supplier of cutting edge research on emerging threats and the rapidly evolving application landscape. Our research brings immediate benefits to both our customers and the industry as a whole. LinksBlog : http://www.paloaltonetworks.com/researchcenter/ WWW : http:/www.paloaltonetworks.com [Less]

B.A.T.M.A.N. (Layer 3|Advanced) Dissector for Wireshark 1.0

This tool aims at spotting differences in several network traces. It merely relies on tshark/wirshark dissection to provide interesting differences instead of raw differences.

The dplay protocol is used by a number of popular win32 games. In order to help building the dplay dlls for the Wine project, contorted aims to figure out and document the dplay protocol, both by ... [More] providing text documentation of the PacketTypes and a wireshark dissector. In addition, I am building a contorted chat client/server application that will interact with a corresponding dplay based client/server application. [Less]

Purpose of this project is to generate mscgen-compatible (http://www.mcternan.me.uk/mscgen/) files based on pcap files. It depends on tshark (http://www.wireshark.org/) and mscgen if you want to ... [More] draw the message sequence chart. How does it work? tshark output is read line by line. A simple regex is applied on every line. Tshark gives a good one-line summary of packet, hence pcap2msc uses it to be written on the arrow standing for an IP packet. Why Python? No real rationale, but a clean and easy to learn language. How do I use it? Got avses-tosip.cap from pcapr (http://pcapr.net/home). $ pcap2msc ./avses-tosip.cap | mscgen -T png -o avses-tosip.png This generates PNG sequence chart from cap file. pcap2msc uses tshark behind the scenes. What mscgen format looks like? msc { u0[label="148.147.33.67"],u1[label="148.147.33.5"],u2[label="148.147.33.65"]; u0=>u1 [ label = "SIP Request: SUBSCRIBE sip:3521@mtcsv.avaya.com" ] ; u0<=u1 [ label = "SIP Status: 202 Accepted" ] ; u0<=u1 [ label = "SIP Request: NOTIFY sip:3521@148.147.33.67;transport=tcp" ] ; u0<=u1 [ label = "SIP Request: NOTIFY sip:3521@148.147.33.67;transport=tcp" ] ; u0=>u1 [ label = "SIP Status: 200 OK" ] ; u0=>u1 [ label = "SIP Status: 200 OK" ] ; u0=>u1 [ label = "SIP Request: SUBSCRIBE sip:3521@mtcsv.avaya.com" ] ; u0<=u1 [ label = "SIP Status: 202 Accepted" ] ; u0<=u1 [ label = "SIP Request: NOTIFY sip:3521@148.147.33.67;transport=tcp" ] ; u0<=u1 [ label = "SIP Request: NOTIFY sip:3521@148.147.33.67;transport=tcp" ] ; u0=>u1 [ label = "SIP Status: 200 OK" ] ; u0=>u1 [ label = "SIP Status: 200 OK" ] ; }Is final output pretty? [Less]

SNIPER (Snort NTOP IPaudit P0f Etc RapidInstall) is single CD install media aimed at bridging the gap between liveCDs and package by package production installs. SNIPER installs in minutes with zero ... [More] or minimal user interaction, depending on the version selected. In its base form, SNIPER will turn any system into a production ready security monitoring host. [Less]

What is this?packet-bnetp is a Wireshark plugin written in Lua for dissecting the Battle.net® protocol. How to install?Install Wireshark. If during setup Lua appears as a plugin, enable it. ... [More] Download packet-bnetp and unpack it to wireshark installation directory. If you want, you may place it anywhere else provided you give the full path to dofile in the next step. Open init.lua located at Wireshark installation directory and replace -- Lua is disabled by default, comment out the following line to enable Lua support. disable_lua = true; do return end;with -- Lua is disabled by default, comment out the following line to enable Lua support. -- disable_lua = true; do return end;Then insert dofile("packet-bnetp.lua")at the end of the file. [Less]