• Stars
    star
    216
  • Rank 183,179 (Top 4 %)
  • Language
  • Created over 10 years ago
  • Updated over 3 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

An any-snarf program that processes application protocols (HTTP/FTP/...) from tcpdump or snoop files and stores session and file data

Chaosreader

Chaosreader is an any-snarf program that processes application protocols (HTTP/FTP/...) from tcpdump or snoop files and stores session and file data. Rip files from network sniffing dumps.

This was originally written as a security demonstration tool, proving that unencrypted protocol types including telnet, X11, and VNC, can be reassembled and replayed from network packet dumps. This was the first tool to capture and replay VNC, and one of only a few to attempt X11.

Various protocols and file transfers are supported, including telnet sessions, FTP files, HTTP transfers (HTML, GIF, JPEG, ...), SMTP emails, X11 sessions, VNC sessions, etc. Chaosreader creates a html index file that links to all the session details, including realtime replay programs for telnet, rlogin and IRC sessions; and reports such as image reports and HTTP GET/POST content reports. It also creates replay programs for telnet sessions, so that you can play them back in realtime (or even different speeds).

Chaosreader can also run in standalone mode - where it invokes tcpdump or snoop (if they are available) to create the log files and then processes them.

This is an updated fork of my original chaosreader, and includes patches by Jens Lechtenbörger http://www.informationelle-selbstbestimmung-im-internet.de/chaosreader.html and others.

Dependencies

This is a Perl program that reads binary tcpdump/snoop files, and performs both TCP and IP-fragment reassembly. It uses a minimal set of modules, which may already exist in your Perl distribution, requiring no additions from CPAN.

More modules were added in the latest version. If these are a problem, other than adding the required modules, there is also an older version under older_versions/chaosreader0.94.

Patches:

  • Handling Content-Encoding: deflate

More Repositories

1

FlameGraph

Stack trace visualizer
Perl
16,893
star
2

perf-tools

Performance analysis tools based on Linux perf_events (aka perf) and ftrace
Shell
9,533
star
3

bpf-perf-tools-book

Official repository for the BPF Performance Tools book
Python
1,621
star
4

HeatMap

Heat map generation tools
Perl
305
star
5

pmc-cloud-tools

PMC (Performance Monitoring Counter) tools for the cloud
Shell
233
star
6

dtrace-cloud-tools

Some DTrace tools written for the SmartOS/SmartDataCenter cloud (illumos-based)
D
202
star
7

wss

Working Set Size tools
C
200
star
8

systemtap-lwtools

SystemTap Lightweight Tools
182
star
9

bpf-perf-workshop

C
179
star
10

msr-cloud-tools

MSR Cloud Tools
Shell
173
star
11

DTrace-book-scripts

Scripts from "DTrace: Dynamic Tracing in Oracle Solaris, Mac OS X, and FreeBSD", by Brendan Gregg and Jim Mauro, Prentice Hall, 2011.
167
star
12

BPF-tools

Performance Tools using Linux eBPF
C
118
star
13

perf-labs

Performance analysis labs
C
89
star
14

DTrace-tools

DTrace tools for FreeBSD
DTrace
69
star
15

PerfModels

Performance Scalability Models
R
67
star
16

Misc

Misc
Shell
65
star
17

Dump2PNG

Visualize file data as a PNG
C
40
star
18

GuessingGame

Guessing game written in many programming languages
Batchfile
33
star
19

proc-profiler

Linux /proc/PID/stack profiler
Perl
32
star
20

bpf-typewriter

BPF noisy typewriter (bpftrace)
23
star
21

p1bench

Perturbation Benchmark
C
20
star
22

DTraceToolkit

A collection of useful, tested and documented DTrace scripts
16
star
23

FlameScope

coming soon
Perl
13
star
24

skid-testing

Processor PMC sample skid testing
C
7
star
25

wrmsrbench

WRMSR micro benchmark
C
7
star
26

Test

testing github
JavaScript
3
star
27

brendangregg.github.io

HTML
3
star