• http://project.honeynet.org/tools/honeysnap/

修正されたみたいですねぇ

The goal of this page is to provide you the latest documentation, source code, and information for Honeysnap. Honeysnap is designed to be a command-line tool for parsing single or multiple pcap data files and producing a 'first-cut' analysis report that identifies significant events within the processed data. This presents security analysts with a pre-prepared menu of high value network activity, aimed at focusing manual forensic analysis and saving significant incident investigation time. Once you have identified data that interests you, you can then employ other tools for more in depth analysis, such as the Walleye user interface to the Honeywall. Honeysnap is also suitable for manual operation or automation via cron.

Please provide any feedback or suggestions to honeysnap@honeynet.org. Bugs should be submitted to Honeynet Project Bug Server. Examples of functionality include:

* Packet and connection overview.
* Flow extraction of ASCII based communications.
* Protocol decode of the more common Internet communication protocols.
* Binary file transfer extraction.
* Flow summary of inbound and outbound connections.
* Keystroke extraction of ver2 and ver 3 Sebek data.
* Identification and analysis of IRC traffic, including keyword matching.

Last Updated: 16 February, 2007