15 June 2009 | 16,844 views

Honeysnap – Pcap Packet Capture File Parsing Tool

Check Your Web Security with Acunetix

Honeysnap is designed to be a command-line tool for parsing single or multiple pcap data files and producing a ‘first-cut’ analysis report that identifies significant events within the processed data. This presents security analysts with a pre-prepared menu of high value network activity, aimed at focusing manual forensic analysis and saving significant incident investigation time. Once you have identified data that interests you, you can then employ other tools for more in depth analysis, such as the Walleye user interface to the Honeywall. Honeysnap is also suitable for manual operation or automation via cron.

Example Functions

  • Packet and connection overview.
  • Flow extraction of ASCII based communications.
  • Protocol decode of the more common Internet communication protocols.
  • Binary file transfer extraction.
  • Flow summary of inbound and outbound connections.
  • Keystroke extraction of ver2 and ver 3 Sebek data.
  • Identification and analysis of IRC traffic, including keyword matching.

Version 1.0.6 now decodes the following protocols.

  • DNS
  • FTP
  • HTTP
  • IRC
  • Socks
  • Sebek

In addtion, the new 1.0.6 version includes

  • Socks proxy traffic stats
  • User definable filters for the counts
  • Improved DNS output
  • Fixed bug in file extraction
  • A big speed increase in gzip decoding
  • Print querying IP for DNS decodes
  • Auto-spotting of IRC traffic on any port
  • SOCKS decoding
  • Fix to the truncation of extracted files
  • Includes magicpy in the distribution to solve the problems caused by the original website going away.

You can download Honeysnap here:

honeysnap-1.0.6.14.tar.gz

Or read more here.



Recent in Hacking Tools:
- masscan – The Fastest TCP Port Scanner
- drozer – The Leading Security Testing Framework For Android
- tinfoleak – Get Detailed Info About Any Twitter User

Related Posts:
- Using the capture command in a Cisco Systems PIX firewall.
- chapcrack – A tool for parsing and decrypting MS-CHAPv2 network handshakes.
- Tshark – Network Protocol Analyzer & Traffic Dumper

Most Read in Hacking Tools:
- Top 15 Security/Hacking Tools & Utilities - 1,869,670 views
- Brutus Password Cracker – Download brutus-aet2.zip AET2 - 1,060,139 views
- wwwhack 1.9 – Download wwwhack19.zip Web Hacking Tool - 624,895 views

Low-cost VPS Hosting

Comments are closed.