Open icedevml opened 3 years ago
Hey! I would like to contribute to this issue. Would you mind expanding upon the instructions so that It is easier for me? I am still trying to understand the project! As in mainly, which PCAP files do i need to parse? Which files should I mainly be focusing on etc.
As can be seen here DRAKVUF Sandbox is recording all traffic in & out of the VM. There's 1 PCAP being created for each analysis. What needs to be done is some kind of parsing during postprocess phase - which we already do with plugin logs. After extracting list of addresses the VM connects to, it needs to be saved and presented in human friendly GUI form in web view.
https://github.com/CERT-Polska/drakvuf-sandbox/pull/701 @BonusPlay May you please check this ?
Parse PCAP and display some small network summary in the web UI (e.g. list of TCP connections, DNS/HTTP requests etc)