Tuesday, December 05, 2006

Honeysnap

I think there are lots of people doing the same thing apparently, I just came across this new tool that released by honeynet community - honeysnap. It is very neat as it automated the process of pcap analysis and generating the analysis report which ease the job of analyst.

To avoid doing the same thing over and over again, I have my own shell script that doing similar stuffs which used to analyse pcap files but more of following NSM model. I make use of tools like capinfos, tcpdstat, argus clients, and some other tools to generate analysis report when I have to perform generic analysis on pcap files. Don't expect me to release that as I have to keep something on my own since I guess I have already shared so much of my stuffs indeed.

Anyway honeysnap should be good learning tool for network security analyst, you can check out the report output of honeysnap here. I have seen more and more applications looking at statistical and session data analysis now, is this the hype of NSM?

I would expect this in future - hire NSM analyst instead of IDS analyst

Cheers :]

4 comments:

ayoi said...

Thanks for the info on those tools. It really helps a lot. Cheers

Anonymous said...

What does your code do that Honeysnap doesn't? How about merging in some of your stuff with honeysnap?

Arthur

adli said...

yo geekster, honeysnap is nice. Been running it on my pcap collection. Thanks for writing it arthur :-)

- adli

geek00L said...

Arthur,

I'm usually using my own shell script to combine all the NSM related tools to produce fruitful informations when comes to analyse pcap files, however I think honeysnap is more of producing 'first-cut' analysis report which is stated in the website. I think they are using different approach but it is very helpful to see another useful tool that I can use to perform traffic analysis.

I will see what is lack in honeysnap and feedback when I use more of it. Thanks.