Closed GoogleCodeExporter closed 8 years ago
GoogleCodeExporter
commented
8 years ago sorry for the spam, changing to "enhancement"Original comment by jamie.l...@gmail.com on 14 Mar 2012 at 3:41
GoogleCodeExporter
commented
8 years ago In case it's of use, this may in some way be related:
http://blog.didierstevens.com/2012/03/12/naft-release/Original comment by mike.auty@gmail.com on 14 Mar 2012 at 6:31
GoogleCodeExporter
commented
8 years ago it is somewhat related...
another good example is bulk_extractor which also dumps packets to a pcap:
http://afflib.org/software/bulk_extractorOriginal comment by jamie.l...@gmail.com on 14 Mar 2012 at 6:42
GoogleCodeExporter
commented
8 years ago Ok, here's an initial version. It doesn't write pcaps, but should give people
an idea of what data can be found.
It also only scans the physical address space, because the scanning engine
currently doesn't know the available limits of virtual memory. That's waiting
on a patch in issue 214 before I'd recommend pushing it over to virtual
scanning.Original comment by mike.auty@gmail.com on 25 Mar 2012 at 10:52
Attachments:
GoogleCodeExporter
commented
8 years ago Nice job Mike, works fine on a few test images so this looks like the perfect
"shell" that we need. I'm not sure if full pcaps would be necessary (though it
would make a cool example of a render_pcap function), but some other details of
the packet and perhaps a payload hexdump would be nice. I'll be glad to assist!Original comment by michael.hale@gmail.com on 26 Mar 2012 at 1:15
GoogleCodeExporter
commented
8 years ago Original comment by mike.auty@gmail.com on 18 Feb 2015 at 6:53
Original issue reported on code.google.com by
jamie.l...@gmail.comon 14 Mar 2012 at 3:30