Traffic Sniffer

Discussion in 'other software & services' started by CyberWorm, Apr 21, 2010.

Thread Status:
Not open for further replies.
  1. CyberWorm

    CyberWorm Registered Member

    Joined:
    Apr 21, 2010
    Posts:
    74
    I am researching a rootkit and looking for an application which logs data to and from the malware. Other than WireShark, what tools would you recommend for this purpose?


    Regards,
    CW
     
  2. Searching_ _ _

    Searching_ _ _ Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    1,988
    Location:
    iAnywhere
    What OS are you running?

    If Windows,
    Have you tried Buster Sandbox Analyzer? Requires a paid liscense for Sandboxie.
     
  3. CyberWorm

    CyberWorm Registered Member

    Joined:
    Apr 21, 2010
    Posts:
    74
    Thanks for that, I've never heard of that aplication before so I'll give it a go.

    Maybe I am overlooking something in WireShark but is there any easy way to filter POST data, or look for unusual connection activity without going through all the data manually.
     
  4. Blitzer

    Blitzer Registered Member

    Joined:
    Mar 30, 2010
    Posts:
    26
    Just an aside note.
    Theoretically it is possible to compromise the kernel in a way that whatever traffic sniffer you might use its records can become unreliable.
     
  5. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
  6. CyberWorm

    CyberWorm Registered Member

    Joined:
    Apr 21, 2010
    Posts:
    74
    I saw one on YouTube ages ago which acted as a proxy. This would allow you to use two different machines, logging the packets on a clean machine would give almost 100% accurate results. Shame I can't remember what its called.
     
  7. GlobalForce

    GlobalForce Regular Poster

    Joined:
    Jun 30, 2004
    Posts:
    3,581
    Location:
    Garden State, USA
    Charles proxy?
     
  8. CyberWorm

    CyberWorm Registered Member

    Joined:
    Apr 21, 2010
    Posts:
    74
    No, I don't think it wasn't charles proxy.
     
  9. Spiral123

    Spiral123 Registered Member

    Joined:
    Jan 10, 2007
    Posts:
    128
    google network miner, there are a few other programs similar
     
  10. GlobalForce

    GlobalForce Regular Poster

    Joined:
    Jun 30, 2004
    Posts:
    3,581
    Location:
    Garden State, USA
    The only other that comes to mind is put out by TamoSoft. Check SnapFiles shareware sec-privacy and networking categories.
     
  11. mhf

    mhf Registered Member

    Joined:
    Feb 13, 2006
    Posts:
    52
    Location:
    Europe
    You could also try Networkminer

    The wiki says : "NetworkMiner also comes in very handy when analyzing malware traffic, such as C&C (command-and-control) traffic from a BotNet, since uploaded and downloaded files are extracted to disk."

    And check this
     
    Last edited: Apr 27, 2010
  12. CyberWorm

    CyberWorm Registered Member

    Joined:
    Apr 21, 2010
    Posts:
    74
  13. GlobalForce

    GlobalForce Regular Poster

    Joined:
    Jun 30, 2004
    Posts:
    3,581
    Location:
    Garden State, USA
    Along with Membrane, WebScarab and WFetch - the other "proxy" type application that slipped by.
     
  14. MrBrian

    MrBrian Registered Member

    Joined:
    Feb 24, 2008
    Posts:
    6,032
    Location:
    USA
  15. Espresso

    Espresso Registered Member

    Joined:
    Aug 1, 2006
    Posts:
    975
Loading...
Thread Status:
Not open for further replies.