GopherCAP Update: PCAP Filtering and SMB Lateral Detection Research

Roger Wilco Suricata 16 février 2022 Affichages : 751

GopherCAP Update: Filtering and SMB Lateral Detection Research

Re-Introduction to PCAP Replay and GopherCAP

A while back we introduced GopherCAP, a simple tool written in Golang that leverages Google's GoPacket library for advanced packet replay. We were challenged by a special dataset that traditional tools simply could not handle.

More than a year has passed since we posted that initial introduction article in which we emphasized PCAP replay as the first GopherCAP use case. The GopherCAP command-line tool was implemented as a Go binary that incorporates multiple subcommands. Some are meant to be used in tandem, such as map and replay commands which were introduced in our previous blog post. Others are meant to tackle specific use cases where traditional tooling falls short. This post introduces one such subcommand - filter.

WHAT ARE YOU LOOKING FOR?

Popular Tags

GopherCAP Update: PCAP Filtering and SMB Lateral Detection Research

Re-Introduction to PCAP Replay and GopherCAP

Follow us on

Most popular

New Real-time Network Awareness (RNA) inspector feature added to Snort 3 beta

Snort rule update for Oct. 31, 2019

Snort 2.9.15.1 has been released

Snort rule update for Jan. 9, 2020

Snort rule update for Nov. 7, 2019

Snort rule update for Nov. 19, 2019

Category

Popular Sections

About