Home » Story links » Param's story links

Honeysnap - Python Based Diagnostic Tool

Link: http://www.honeynet.org/tools/honeysnap/
Points: 669 views User: Param Comments: 0 Comments Tag:

Honeysnap is a modular, python application that can parse raw or gzipped pcap files and perform a number of diagnostics
on the data. It has been designed to be easily extended to perform more diagnostic duties. It has also been designed to
be minimally dependent on third party executables like tcpflow, etc.

The primary value of Honeysnap is to give you an overview of a single or multiple pcap data files that has been captured from
network activity. Its primary design is for analyzing pcap data recovered from a honeypot or compromised system. What makes Honeysnap unique is it does not just focus on transactional data (IP addresses, time/date stamps, etc) but also focuses on the packet payload.

It has the ability to decode and analyze a variety of protocls, such as HTTP, SMTP, and IRC. It can also recover files transfered. In addition it has the ability to analyze honeypot specific data sets such as SEBEK. Because of its
modular nature, it is possible to add other protocols.


Email: Email this Story to a Friend

Post new comment

  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <h1> <quote> <img>
  • Lines and paragraphs break automatically.

More information about formatting options

CAPTCHA
This question is for testing whether you are a human visitor and to prevent automated spam submissions.
Image CAPTCHA
Copy the characters (respecting upper/lower case) from the image.