Focus Areas:
Defensive Security
,
Incident Response
,
Network Security
,
Security Information Event Management
This talk covers following tools where the speaker has contributed or authored
PCAP2XML
PCAP2XML
Abstract
802.11 monitoring, attack detection and forensics has always been hard. It’s almost immpossible to get any meaningful inference if one relies only on Wireshark filters. This is why we created Pcap2XML/SQLite, a tool to convert 802.11 trace files into equivalent XML and SQLite formats. Every single packet header field is mapped to a corresponding SQLite column. This allows us to create arbitrary queries on the packet trace file and we will show how this can be used for attack detection and forensics with live examples.