May 26, 2018
Tool to extract data from tcpdump logs
Chaosreader is a perl script that parses snoop or tcpdump logs and extracts sessions for a number of different appplications ssh, telnet, smtp, irc, ftp, etc. The data are formatted into an html file and can be used to replay some sessions.
Sshkeydata is a perl script that attempts to recreate ssh sessions extracted by chaosreader by estimating what commands may have been typed.
Both scripts are installed in $PREFIX/bin