Honeypots
Announce: Honeysnap v1.0 Nov 30 2006 05:21PM
Arthur Clune (arthur honeynet org uk)


The Honeynet Project and Honeynet Research Alliance are happy to
announce the release of Honeysnap 1.0.

Honeysnap is a command line tool for parsing single or multiple
packet capture data files and producing a first-cut analysis report
that identifies significant events within the data captured in the
network attack. Honeysnap provides security analysts with a prepared
menu of high value network activity, enabling manual forensic
analysis and saving significant incident investigation time.
Honeysnap is highly suitable for batch mode operation and automation.

Functionality includes:

* Packet and connection overview.
* Flow extraction of common ASCII based communications.
* Protocol decode of the most common Internet communication
protocols
* File transfer extraction.
* Flow summary of inbound and outbound connections.
* Extraction of ver2 and ver 3 Sebek data.
* Extensive support for identification, extraction and analyses
of IRC traffic, including keyword matching.
* Highly modular python-based design making it easy to add in
extra functionality.

This is the first public release and all code is under the GNU GPL.
More releases are planned to extend Honeysnap's functionality over
the next few months. Honeysnap is fully tested under OS X and Linux,
and should work on any Unix-like system. Windows support is currently
considered 'beta' and is not fully documented. This will be fixed in
a future release.

For more information, sample output etc. see:

http://www.honeynet.org/tools/honeysnap

or contact honeysnap (at) honeynet (dot) org. [email concealed]

Arthur

--
Arthur Clune arthur (at) honeynet.org (dot) uk [email concealed]

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus