erik4711
erik4711
Sending decrypted SSL traffic to an IDS sounds like the standard use case for SSLsplit's "-I" feature, so I'm sure it should be doable. However, if it cannot be solved...
@victorjulien Is there an advantage to using a `veth` type interface rather than a `dummy`?
CapLoader extracts 612 packets from that memdump (565 IPv4, 47 IPv6). BE extracts 564 packets (all IPv4). Below is the output from tshark's Protocol Hierarchy Statistics for the packets carved...
@simsong Please see the attached zip file with packets carved from the memdump with CapLoader. [packets-extracted-with-CapLoader.zip](https://github.com/simsong/bulk_extractor/files/8409901/packets-extracted-with-CapLoader.zip) For reference, these packets were carved with the default carving settings in CapLoader, as...
The checksum validator I've written for the packet carvers in CapLoader and NetworkMiner Professional is proprietary. If you don't want to write your own, then maybe you can re-use the...
Sorry, I don't know where the checksum code is in Wireshark. But @guyharris probably does. I can run some memdumps through CapLoader's packet carver and provide you with the resulting...
@simsong The fact that you only see the first 8 packets in the pcapng file appears to be because tcpdump exits before having processed all the packets. I noticed this...
> Hm... Which version of tcpdump should I be using? Dunno, I can't get tcpdump to parse the pcapng file either. Use tshark if you wanna use a command line...
The supported file transfer protocols in Wireshark’s “File, Export Objects” menu are HTTP, IMF, SMB and TFTP. NetworkMiner automatically extracts files from FTP, TFTP, HTTP, HTTP/2, SMB, SMB2, SMTP, POP3...
> @erik4711 it sounds like you have an example of such a TLS proxy setup — could you share more details? You mean this? https://netresec.com/?b=228fddf > > (Also, technically this'd...