Closed GoogleCodeExporter closed 8 years ago
sorry for the spam, changing to "enhancement"
Original comment by jamie.l...@gmail.com
on 14 Mar 2012 at 3:41
In case it's of use, this may in some way be related:
http://blog.didierstevens.com/2012/03/12/naft-release/
Original comment by mike.auty@gmail.com
on 14 Mar 2012 at 6:31
it is somewhat related...
another good example is bulk_extractor which also dumps packets to a pcap:
http://afflib.org/software/bulk_extractor
Original comment by jamie.l...@gmail.com
on 14 Mar 2012 at 6:42
Ok, here's an initial version. It doesn't write pcaps, but should give people
an idea of what data can be found.
It also only scans the physical address space, because the scanning engine
currently doesn't know the available limits of virtual memory. That's waiting
on a patch in issue 214 before I'd recommend pushing it over to virtual
scanning.
Original comment by mike.auty@gmail.com
on 25 Mar 2012 at 10:52
Attachments:
Nice job Mike, works fine on a few test images so this looks like the perfect
"shell" that we need. I'm not sure if full pcaps would be necessary (though it
would make a cool example of a render_pcap function), but some other details of
the packet and perhaps a payload hexdump would be nice. I'll be glad to assist!
Original comment by michael.hale@gmail.com
on 26 Mar 2012 at 1:15
Original comment by mike.auty@gmail.com
on 18 Feb 2015 at 6:53
Original issue reported on code.google.com by
jamie.l...@gmail.com
on 14 Mar 2012 at 3:30