Additional Fields for show-networkmap / export-networkmap

[vtmike88]

Would it be possible to add additional packet flow fields for the show-networkmap / export-networkmap commands?

Specifically I'm looking for a way to add timestamp information (first packet, last packet), total number of packets and sum of data sent per flow.

[odedshimon]

Hi @vtmike88 ! I plan t implement a shared context for all the entities extracted (e.g. sessions, host, credentials etc).

Once that context will be implemented, all the relevant entitles related to a host could be exported including sessions (and as part of that also the the above insights could be achieved).

I will consider this suggestion during the design. thanks for uploading it.

Oded.

[odedshimon]

Hi @vtmike88, I have implemented a shared context for all the entities extracted and added some additional fields to the network map:

• open ports
• DNS records
• Sessions count

The exported files including a new file named "BruteShark Network Nodes Data.json" that holds all the nodes details (You can take a look at the latest release).

I can add the the first packet / last packet time and total number of packets pretty easily is it still be useful for you?

[odedshimon]

Examples:

[odedshimon]

You haven't respond me but yet I have added some more fields that I thought they would be useful, not everything you asked for but I considered your suggestion:

1. Sent data - The amount of data (bytes) sent by the host.
2. Received data - The amount of data received (bytes) by the host.
3. Domains - the domains that the host is a member of.
4. Domain users - domain users that logged into the host.

This fields will also appear at the "BruteShark Network Nodes Data.json" file that holds all the nodes details. This change will take place at the next release.

Examples: :