Comments on: Pcapline.py and the Ann's Aurora network forensics challenge http://www.mcgrewsecurity.com/2010/07/09/pcapline-py-and-the-anns-aurora-network-forensics-challenge/ Thu, 05 Jan 2012 11:44:23 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: Wesley McGrew http://www.mcgrewsecurity.com/2010/07/09/pcapline-py-and-the-anns-aurora-network-forensics-challenge/#comment-952 Wesley McGrew Tue, 28 Jun 2011 14:52:39 +0000 http://www.mcgrewsecurity.com/?p=768#comment-952 Haven't tried it out in Ubuntu 11.04, but I will soon to see if I can figure out what's going on with that. Haven’t tried it out in Ubuntu 11.04, but I will soon to see if I can figure out what’s going on with that.

]]> By: Cameron http://www.mcgrewsecurity.com/2010/07/09/pcapline-py-and-the-anns-aurora-network-forensics-challenge/#comment-951 Cameron Fri, 17 Jun 2011 14:25:33 +0000 http://www.mcgrewsecurity.com/?p=768#comment-951 Love the tool however when running it on my Ubuntu 11.04 box I'm having an issue where the html doc inside the seperate packet folders show up blank.. I'm using it to parse though the evidence file from that forensic challenge to ensure that it was working correctly. Love the tool however when running it on my Ubuntu 11.04 box I’m having an issue where the html doc inside the seperate packet folders show up blank.. I’m using it to parse though the evidence file from that forensic challenge to ensure that it was working correctly.

]]> By: » Thoughts and Comments http://www.mcgrewsecurity.com/2010/07/09/pcapline-py-and-the-anns-aurora-network-forensics-challenge/#comment-950 » Thoughts and Comments Sat, 25 Sep 2010 23:06:57 +0000 http://www.mcgrewsecurity.com/?p=768#comment-950 [...] part of a recent forensic challenge, Wesley McGrew created pcapline.py to help answer the questions of the challenge. Rather than focusing on the tool itself, what I [...] [...] part of a recent forensic challenge, Wesley McGrew created pcapline.py to help answer the questions of the challenge. Rather than focusing on the tool itself, what I [...]

]]> By: Jim http://www.mcgrewsecurity.com/2010/07/09/pcapline-py-and-the-anns-aurora-network-forensics-challenge/#comment-949 Jim Thu, 29 Jul 2010 18:59:52 +0000 http://www.mcgrewsecurity.com/?p=768#comment-949 Very interesting talk today. Thanks for coming by. Very interesting talk today. Thanks for coming by.

]]> By: Wesley McGrew http://www.mcgrewsecurity.com/2010/07/09/pcapline-py-and-the-anns-aurora-network-forensics-challenge/#comment-948 Wesley McGrew Mon, 19 Jul 2010 12:43:51 +0000 http://www.mcgrewsecurity.com/?p=768#comment-948 Thanks for the patch. The lack of testing of pcapline shows ;) As for terms-of-use and licensing, let's call it BSD. Essentially: do as you please with it, all I want is attribution. Thanks for the patch. The lack of testing of pcapline shows ;)

As for terms-of-use and licensing, let’s call it BSD. Essentially: do as you please with it, all I want is attribution.

]]> By: Marty Sells http://www.mcgrewsecurity.com/2010/07/09/pcapline-py-and-the-anns-aurora-network-forensics-challenge/#comment-947 Marty Sells Mon, 19 Jul 2010 03:10:21 +0000 http://www.mcgrewsecurity.com/?p=768#comment-947 Very nice tool. I did notice that some HTTP responses cause crashes due to missing Content-type headers. Fixed with a simple "if m:" around line 160. I also made mods to add some additional fields: # added by marty m = re.search(r'^HTTP/1.1 (.+)\n',data) if m: s += ' HTTP result: %s\n' % m.group(1) What's the terms of use for pcapline? Very nice tool. I did notice that some HTTP responses cause crashes due to missing Content-type headers. Fixed with a simple “if m:” around line 160.

I also made mods to add some additional fields:

# added by marty
m = re.search(r’^HTTP/1.1 (.+)\n’,data)
if m:
s += ‘ HTTP result: %s\n’ % m.group(1)

What’s the terms of use for pcapline?

]]> By: M450K1S http://www.mcgrewsecurity.com/2010/07/09/pcapline-py-and-the-anns-aurora-network-forensics-challenge/#comment-946 M450K1S Thu, 15 Jul 2010 10:18:33 +0000 http://www.mcgrewsecurity.com/?p=768#comment-946 That was nice. Congratulations! because you win the 1st price. That was nice. Congratulations! because you win the 1st price.

]]> By: Wesley McGrew http://www.mcgrewsecurity.com/2010/07/09/pcapline-py-and-the-anns-aurora-network-forensics-challenge/#comment-945 Wesley McGrew Sun, 11 Jul 2010 19:16:13 +0000 http://www.mcgrewsecurity.com/?p=768#comment-945 Thanks Sherri! Glad to see that the judges like the tool. I'm putting together some network forensics course material together for law enforcement training here at the NFTC, so I may be adding features to pcapline as I go to make it something the students in the class can use. Thanks Sherri! Glad to see that the judges like the tool. I’m putting together some network forensics course material together for law enforcement training here at the NFTC, so I may be adding features to pcapline as I go to make it something the students in the class can use.

]]> By: Sherri http://www.mcgrewsecurity.com/2010/07/09/pcapline-py-and-the-anns-aurora-network-forensics-challenge/#comment-944 Sherri Sun, 11 Jul 2010 19:07:02 +0000 http://www.mcgrewsecurity.com/?p=768#comment-944 Hi Wesley! Awesome tool. I updated forensicscontest.com so that it has the latest version of pcapline.py now. We'll just put a link to your site in our "Tools" section, so that it's always be the most up to date. Congratulations! Sherri Hi Wesley! Awesome tool. I updated forensicscontest.com so that it has the latest version of pcapline.py now. We’ll just put a link to your site in our “Tools” section, so that it’s always be the most up to date.

Congratulations!

Sherri

]]>