Friday, January 27, 2012


It was posted to the fingerbank discussion list in the past week on the Alpha version of NetSlueth. I'd tagged it to go back and look at, and unlike most of the time I tag things for follow up I did it in less than 6 months!

I guess it was just 2 days ago, wow, not sure I've ever gotten back that quick.

Anyway, partial info from the list:
"I basically used tshark for low level processing, allowing me to focus on the logic of the analysis. It needs ALOT more work, including improving my sloppy coding skills. It requires a full installation of Wireshark and .Net Framework or later on the machine. I'm going to make it fully mono compatible shortly."

By using tshark he took a lot of the headache out of coding underlying pieces that I've dealt with in Satori. Anyway, I ran some initial pcap files I had around through it and it seemed to do quite nicely on identifying the OS running on them. I didn't have any luck with a live capture, but I didn't dig around very long on trying to figure out why either!

I need to dig into it more and see what all protocols they are utilizing, but if you need another little tool, this one may be worth looking at!

No comments: