Chaosreader is a freeware tool to fetch application data from snoop or tcpdump logs. Supported protocols include TCP, UDP, IPv4, IPv6, ICMP, telnet, FTP, HTTP, SMTP, IRC, X11, VNC, ...
Ratings and Reviews
- Thumbs up: 1
- Thumbs down: 1
Be the first to post a text review of Chaosreader. Rate and review a project by clicking thumbs up or thumbs down in the right column.
Project Feed
-
Tracker artifact added
Anonymous created the Division by zero; line 4031 artifact -
Tracker artifact added
refrequelate created the handle chunk-encoded transfers artifact -
Tracker artifact added
-
Forum thread added
firedoctor created the thanks forum thread -
File released: /chaosreader/0.94/chaosreader0.94
-
chaosreader 0.94 file released: chaosreader0.94
05-May-2004 BDG typos fixed 01-May-2004 BDG chaosreader ver 0.94 released * Chaosreader is now Perl 5.6 dependant! * SSH Analysis. Three new files are created for SSH connections: a replay file that prints symbols representing the encrypted packets and their sizes, a html version of the replay file, and a keystroke delay data file. The replay file is a perl program that plays back the session. I've found it's very easy to spot the difference between SSH, X11 SSH, and SCP from the replays. The HTML version is not so exciting as it does not convay the timing delays between packets (keystrokes). The keydata file is created for further analysis by other tools, such as the sshkeydata program. sshkeydata uses several factors from the keydata file to estimate the original commands within the encrypted SSH session. Factors include keystroke number, keystroke delays, command output size and time, etc ... So far it can score up to 90% accuracy, something I'd like to improve by using more advanced algorithms (fuzzy classification, Bayesian, etc). * Command line improvements. Originally chaosreader would print packet information as it processed each and every packet. For a capture file with a few thousand packets this was too much, and has been replaced with a single status line. Getopt::Long is now used to provide alternates to the standard command line switches. eg, "-H" can now also be written as "--hex" (hooray! I was running out of meaningful letters of the alphabet). I noticed that using Getopt::Long broke an older Perl distribution I had (ActivePerl 5.005), by the looks of the errors I get the feeling chaosreader is now Perl 5.6 dependant. * Speed. For large captures chaosreader is now running about 50% faster. I've been tuning the code here and there, and have added the Benchmark module to help.
-
sshkeydata 0.20 file released: sshkeydata0.20
This is the first release! Expect future versions to use advanced algorithms to achieve higher accuracies.
-
File released: /sshkeydata/0.20/sshkeydata0.20
-
File released: /chaosreader/0.93/chaosreader0.93
-
chaosreader 0.93 file released: chaosreader0.93
ChangeLog --------- 30-Mar-2004BDGchaosreader ver 0.93 released * Sorts. Can sort the index.html report on the connection size, connection time, connection type or client IP address. By default we use time. * Min/Max size. Users have found chaosreader is reporting too many tiny connections that are not interesting. This can result in a huge index.html. I've added switches so that sessions less (or greater) than a certain size can be dropped. "-m 1k" works well (drop sessions < 1 Kb). * 802.11b processing. we ignore the wireless negotiation packets and concentrate on the data packets. So far this has worked well, but I expect the code will need future updates as the wireless protocols evolve. * less RAM used. I reduced chaosreader's memory footprint by 15%. I'd like to reduce it by a further 50%. * tun packets. 31-Jan-2004BDGchaosreader ver 0.92 released * VNC playbacks (experimental). Compared to the changing resource ID nastyness of X11, VNC turned out to be a dream protocol. These playbacks will replay the VNC session in realtime, or at a factor, in conjunction with vncviewer. * VNC text playbacks. These only replay the keystrokes. I was trying to get the recieved text as well (like X11), but it seems to be pixelated - so no joy there. * VNC HTML report. Just the keystrokes. Not too exciting. * Processes PPPoE traffic. 30-Jan-2004BDGchaosreader ver 0.91 released * X11 playback bug fix (processing $DISPLAY incorrectly). 27-Jan-2004BDGchaosreader ver 0.90 released * X11 playbacks (still experimental). Phew! Processing the raw X11 protocol turned out to be much harder than I was expecting. These are fairly reliable, but very large playbacks still don't work (> 500 Kb) - hence the term "experimental". * X11 text playbacks. These playback the keystrokes and recieved text. Reliable. Once I had processed and translated the X11 for graphical playback, adding a text only feature was simple. * X11 HTML report. These display the keystrokes and recieved text in a coloured 2-way report. 16-Nov-2003BDGchaosreader ver 0.89 released * HTTP proxy logs based on observed HTTP traffic, using the squid log format. This is handy if you then combine the generated proxy log with other tools to report on the log (many good tools exist on the Internet to do this - search for tools that process squid logs). * coloured HTML hex dumps for any TCP, UDP or ICMP traffic. These are actually useful when analysing protocols while writing chaosreader. So running chaosreader is helping me write chaosreader (next thing I know it'll be writing itself). * plain text hex dumps for any TCP, UDP or ICMP traffic. I'm not HTML insane, I'm always going to have plain text versions of the output somewhere. * I call this a "stable version", as it's before it grew with the mountains of code necessary to process X11. Before 16-Nov-2003BDGold versions of chaosreader (0.5 -> 0.88) (before this ChangeLog file existed) * Reads Solaris snoop logs and four versions of tcpdump/libpcap logs * Standalone mode generates a series of logs and then processes those * HTTP, FTP, telnet, SMTP, IRC, ... application protocols * Processes any TCP and UDP traffic * HTML and text reports to list contents of the log * realtime replay programs for telnet or IRC sessions * image reports from HTTP, FTP transfers * HTTP GET and POST reports from queries * Supports TCP out of sequence number delivery * Supports IP fragmentation * Supports IPv4 and IPv6 * Processes ICMP and ICMPv6 * configurable (including filtering on IPs and ports) * Tested on Solaris, RedHat, Windows, ... 28-Sep-2003BDGFirst version of chaosreader (no version number) * red/blue coloured HTML reports for 2-way sessions (telnet, FTP...) * red/blue coloured HTML reports for any TCP, UDP or ICMP traffic * raw data files from TCP or UDP transfers * Retrieves transferred files from FTP and HTTP traffic * SNMP emails, small NFS transfers * Generates a HTML index to captured sessions
About SourceForge
Develop Software
Copyright © 2009 Geeknet, Inc. All rights reserved. Terms of Use
