Dshell - Network Forensic Analysis Framework
Dshell is an extensible network forensic analysis framework.
It enables rapid development of plugins to support the dissection of network packet captures.
Key Features:
- Robust stream reassembly
- IPv4 and IPv6 support
- Custom output handlers
- Chainable decoders
Requirements:
Usage:
- Lists all available decoders alongside basic information about them
decode -l- Shows generic command-line flags available to most decoders
decode -h- Displays information about a decoder, including available command-line flags
decode -d <decoder>- Run the selected decoder on a pcap file
decode -d <decoder> <pcap>Installation
Install all of the necessary Python modules listed above. Many of them are available via pip and/or apt-get. Pygeoip is not yet available as a package and must be installed with pip or manually.
sudo apt-get install python-crypto python-dpkt python-ipy python-pypcapsudo pip install pygeoip Configure pygeoip by moving the MaxMind data files (GeoIP.dat, GeoIPv6.dat, GeoIPASNum.dat, GeoIPASNumv6.dat) to <install-location>/share/GeoIP/
Run make. This will build Dshell.
Run ./dshell. This is Dshell. If you get a Dshell> prompt, you're good to go!
Source: www.effecthacking.com
Dshell - Network Forensic Analysis Framework
Reviewed by Anonymous
on
10:37 PM
Rating:
Reviewed by Anonymous
on
10:37 PM
Rating:
