tag:blogger.com,1999:blog-12783726.post1237365608815401038..comments2024-02-19T16:39:32.319+08:00Comments on When {Puffy} Meets ^RedDevil^: Sguil: Minor DB IssueC.S.Leehttp://www.blogger.com/profile/10778262436985693992noreply@blogger.comBlogger5125tag:blogger.com,1999:blog-12783726.post-27040309025719563932007-10-07T07:11:00.000+08:002007-10-07T07:11:00.000+08:00Sounds cool, thanks geek00l!Sounds cool, thanks geek00l!Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-12783726.post-58917364543981099602007-10-07T00:06:00.000+08:002007-10-07T00:06:00.000+08:00Hi anonymous,Bro-nids is actually what you want, b...Hi anonymous,<BR/><BR/>Bro-nids is actually what you want, by default it doesn't save full content data unless you configure it to do so but you have accessed to the application data which similar to transcript as long as you call its protocol analysis scripts when running bro.C.S.Leehttps://www.blogger.com/profile/10778262436985693992noreply@blogger.comtag:blogger.com,1999:blog-12783726.post-46293758540413520122007-10-06T23:57:00.000+08:002007-10-06T23:57:00.000+08:00Hopefully someday someone will write a program tha...Hopefully someday someone will write a program that can save just transcripts for offline analysis. In the mean time, I'll check out bro-nids. Thanks for pointing me in the right direction!Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-12783726.post-91190844709828144122007-10-06T09:33:00.000+08:002007-10-06T09:33:00.000+08:00hi,If you want to do it in real time, just to reve...hi,<BR/><BR/>If you want to do it in real time, just to reveal the clear text sessions even if they weren't on standard ports without collecting full content data, you can use bro-nids.<BR/><BR/>http://bro-ids.org<BR/><BR/>But for offline analysis, without full content data you can't produce that. If you check out the HeX liveCD, there's section called NBF-Toolkit(Network Based Forensics Toolkit) where it contains all the tools that allowing you to generate transcript like data.<BR/><BR/>Cheers ;]C.S.Leehttps://www.blogger.com/profile/10778262436985693992noreply@blogger.comtag:blogger.com,1999:blog-12783726.post-74375769152761960042007-10-05T23:47:00.000+08:002007-10-05T23:47:00.000+08:00Speaking of Sguil, I find the transcripts created ...Speaking of Sguil, I find the transcripts created with tcpflow very helpful. However in some cases collecting full content isn't practical, but collecting transcripts would be. Is there software similar to tcpflow that would be able to log just transcripts from clear text sessions even if they weren't on standard ports?Anonymousnoreply@blogger.com