This Tool Demo covers following tools where the speaker has contributed or authored
PCAPXRAY
PCAPXRAY
Abstract
PcapXray is a Network Forensics tool that performs pcap visualization to help/speed up traffic investigation offline. [ in n00b terms, Draws a Network Map and Highlights what needs to be looked for in a packet capture. ]
- Creates visual drawing (map) of a pcap file and highlights/extracts details for faster/robust traffic forensics/analysis
- Reverse Engineer a Pcap [Packet Capture] File ( Wireshark always is the best goto ), PcapXray plays as a sidecar to speed things up with the investigation ( where/what to look at/for? )
- Promote navigation of a packet capture
- Accomplish Simple goal In the best way ( I could not easily find an offline tool to draw/map/highlight a pcap file ) –> [ Just for Security Fun! ]
Capabilities include
- Converting a packet capture into a diagram/graph/visual representation
- Segregating and filtering with respect to traffic type, the current list includes HTTP, HTTPS, Tor, Possible Malicious, ICMP, DNS
- Extracting payload and present traffic on a session/flow basis
- Enriching the traffic data with host scans to generate Reports
- Identifying covert communication and possibility to extract files included in the traffic