dionaea icon indicating copy to clipboard operation
dionaea copied to clipboard
verified publisher icon DinoTools

make pcap file form dionaea

Open jjjan opened this issue 8 years ago • 6 comments

Hello, does dionaea save pcap file for all packet ? if yes how can i enable it?

if there isn't any related modules could you add it?

jjjan avatar Nov 06 '17 08:11 jjjan

I'm asking the same question.

jhill-cmd avatar Feb 18 '18 21:02 jhill-cmd

@3skr0 OK. where is it? and any answer for result?

jjjan avatar Feb 19 '18 07:02 jjjan

Capturing raw connections as pcap file is currently not possible. But can you explain the details behind your idea. What information would you like to extract from the pcap file?

phibos avatar Jun 22 '18 07:06 phibos

pcap files are very useful to transfer as forensic evidence to police/government.

zenire avatar Jun 22 '18 07:06 zenire

What about encryption? Dionaea uses bistreams to dump the decrypted content of a connection to disk. Is this an option or do you need both?

phibos avatar Jun 22 '18 07:06 phibos

@phibos 1- what type of encrypt connection decrypted by Dionaea? how can we analysis that? 2- pcap usefull for finding more evidence in analysis 3- could you add x64 shell code decoders. now we have just x86? 4- is there a way to disable wannacry malware captures it's annoying and lot's of duplicate Data?

jjjan avatar Jun 23 '18 09:06 jjjan

@phibos any answer for those question

jjjan avatar Aug 08 '18 10:08 jjjan