Malware no image

Published on February 8th, 2015 📆 | 4466 Views ⚑


Dshell – Network Forensic Analysis Framework

An extensible network forensic analysis framework. Enables rapid development of plugins to support the dissection of network packet captures.
Key features:
  • Robust stream reassembly
  • IPv4 and IPv6 support
  • Custom output handlers
  • Chainable decoders
[adsense size='1']
  1. Install all of the necessary Python modules listed above. Many of them are available via pip and/or apt-get. Pygeoip is not yet available as a package and must be installed with pip or manually. All except dpkt are available with pip.
    1. sudo apt-get install python-crypto python-dpkt python-ipy python-pypcap
    2. sudo pip install pygeoip
  2. Configure pygeoip by moving the MaxMind data files (GeoIP.dat, GeoIPv6.dat, GeoIPASNum.dat, GeoIPASNumv6.dat) to /share/GeoIP/
  3. Run make. This will build Dshell.
  4. Run ./dshell. This is Dshell. If you get a Dshell> prompt, you're good to go!

[adsense size='1']
Basic usage

  • decode -l
    • This will list all available decoders alongside basic information about them
  • decode -h
    • Show generic command-line flags available to most decoders
  • decode -d <decoder>
    • Display information about a decoder, including available command-line flags
  • decode -d <decoder> <pcap>
    • Run the selected decoder on a pcap file
Download Dshell

Tagged with:

Comments are closed.