Displaying 1 to 8 from 8 results

skydive - An open source real-time network topology and protocols analyzer

  •    Go

Skydive is an open source real-time network topology and protocols analyzer. It aims to provide a comprehensive way of understanding what is happening in the network infrastructure. Skydive agents collect topology informations and flows and forward them to a central agent for further analysis. All the informations are stored in an Elasticsearch database.

scapy - Scapy: the Python-based interactive packet manipulation program & library

  •    Python

Scapy is a powerful Python-based interactive packet manipulation program and library. It is able to forge or decode packets of a wide number of protocols, send them on the wire, capture them, store or read them using pcap files, match requests and replies, and much more. It is designed to allow fast packet prototyping by using default values that work.

multidiff - Binary data diffing for multiple objects or streams of data

  •    Python

It's purpose is to make machine friendly data easier to understand by humans that are looking at it. Specifically multidiff helps in viewing the differences within a large set of objects by doing diffs between relevant objects and displaying them in a sensible manner. This kind of visualization is handy when looking for patterns and structure in proprietary protocols or weird file formats. The obvious use-cases are reverse engineering and binary data analysis. At the core of multidiff is the python difflib library and multidiff wraps it in data providing mechanisms and visualization code. The visualization is the most important part of the project and everything else is just utilities to make it easier to feed data for the visualizer. At this time the tool can do basic format parsing such as hex decoding, hexdumping, and handling data as utf8 strings, as well as read from files, stdin, and sockets. Any preprocessing such as cropping, indenting, decompression, etc. will have be done by the user before the objects are provided to multidiff.




webshark - 🦈 Tool for visualizing packet captures.

  •    Javascript

Webshark is a tool for visualizing pcap (e.g. Wireshark) network captures on a timeline. It was written as part of reverse-engineering efforts because the tabular view in Wireshark didn't visualize the timing aspects of the packets very well. Webshark displays every pair of two IPs as a separate row; for this reason you'll only want to load relatively small/well-filered packet captures into Webshark. I recommend setting up a network where only the devices you are interested in are connected, and capturing that.

passer - Passive service locator, a python sniffer that identifies servers, clients, names and much more

  •    Python

Quick notes for getting going with passer, the passive service sniffer. You're responsible for getting permission to sniff. If you're using windows or your paths to the support files don't match mine for some other reason, let me know where they are and I'll be glad to update the script.

packetmachine - Fast network packet decoding library in C++

  •    C++

A high-performance and simplified network traffic decoding library in C++. PacketMachine is ...