![]() “I’ve had several questions about the possibility of open-sourcing this tool. He received several emails about integrating open-threat feeds into the tool, and he plans on leveraging them. Overall, the feedback from the community has been very positive, he told me. I also am playing with the idea of post-processing analysis which would give additional insight into malicious packets, as well as giving users the ability to tag custom IOCs within the packet-capture.” A private submission UI and API are in the works, and I’m targeting roughly mid-2017 to late-2017 before these features go live. ![]() “Currently, I only support a handful of analytics options, but I plan on adding more, as well as several new chart types in the analytics view. In the immediate future, I plan on adding several additional analysts tools, currently only whois, and IP2GEO are supported,” he explained. “I initially released the tool to a fairly small community, and since then the volume to the site has risen almost exponentially everyday. His plans for the PacketTotal are many, but first and foremost he means to scale the backend properly. Of course, the technologies that it’s based on – BRO, Suricata, and Elasticsearch – are open-source, and have been in development for years. He’s a senior information security engineer at SPX Corporation, but this project is completely independent from the company and he’s been working on it in his spare time. Help Net Security has reached out to him for more information, and we will update this item when he gets back to us.Īs it turns out, Becker has been working on PacketTotal for the past year and a half, and has had a ton of fun building it. He also says that he has big plans for this project and more improvements in the pipeline. More details about what information the tool captures and potentially shares with vendors within the security industry, educational and private institutions, or other third parties can be found in the site’s Privacy Policy.īecker advises users to redact any information they don’t want to share with a. “The tool was intended for packet-captures generated within sandboxed environments, ensuring that no potentially confidential information is exposed. “Before you start analyzing packet captures it is important to remember that once analysis has started the information within the packet capture file becomes available to the Internet,” he warned. The author is Jamin Becker, and his main goal is to allow open intel sharing of malicious packet-captures accross the infosec community. The found artifacts can also be downloaded. Things like: artifacts inside the packet capture, TCP, UDP, and ICMP connections within the capture, protocols, etc. PacketTotal is meant to provide security analysts and researchers with useful information in a matter of minutes. Elasticsearch for indexing packet-capture meta-data, and making it available for search and rendering in the future. ![]() Suricata IDS for signature based identification of known malicious traffic within the capture. ![]() BRO IDS for identifying the various protocols and extracting artifacts found within the capture.PacketTotal is a free tool for analyzing packet captures that has recently been offered to the infosec community.Īvailable online, the tool is powered by a Python-based engine and uses several open source technologies: ![]()
0 Comments
Leave a Reply. |