Add "Shells" tab to display text from rsh, telnet, ftp etc.
The Network Forensics Tool
Brought to you by:
hjelmvik
Text shell sessions from various protocols could be displayed under a tab named "Shells". The view should display a list of shell sessions (rsh, telnet, ftp etc) with client, server, timestamp etc. The text from the selected session should be displayed in a textbox.
This could be generalized into a tab called "Sessions". This tab would contain a list with all TCP sessions (i.e. not just shell sessions).
When a session is selected the data from the session will be displayed in a textbox (pretty much like the result of "follow TCP stream" does in WireShark). It could also be a good idea to allow the user to filter out either one of the directions (i.e just display text from server or client).
Add several different ways of viewing the data in a session. One way could be to show the data in a WebBrowser (if it is a HTTP session). Clear-text sessions (like shells) should however be defaulted to a simple text-view.