Erik Hjelmvik

Show:

What's happening?

  • Followup: RE: networkminer extracting messages

    If you're on Windows, then I suggest that you run [url=http://www.netresec.com/?page=SplitCap]Split Cap[/url]. It is a command line tool that can extract the payload. You can run this command to extract the payload from the TCP session: SplitCap -r your_cap_file.pcap -s flow -y L7 -ip 1.2.3.4 -o "C:\case1\extracted_message_out\" Just make sure you replace...

    2012-05-13 11:17:09 PDT in NetworkMiner pack...

  • Followup: RE: networkminer extracting messages

    The full content of the message should be retrievable if you can find it with the keyword search. If the keyword matched a session to or from TCP port 80 then you'll most likely be able to find the full message in the parameters tab of [url=http://www.netresec.com/?page=NetworkMiner]NetworkMiner[/url]. Another alternative is to run the pacp through the tool tcpflow and look inside the...

    2012-05-12 13:36:35 PDT in NetworkMiner pack...

  • NetworkMiner pack...

    hjelmvik made 1 file-release changes.

    2012-04-12 14:42:03 PDT in NetworkMiner pack...

  • NetworkMiner pack...

    hjelmvik made 2 file-release changes.

    2012-04-12 14:41:02 PDT in NetworkMiner pack...

  • NetworkMiner pack...

    hjelmvik made 1 file-release changes.

    2012-04-12 14:40:02 PDT in NetworkMiner pack...

  • Comment: Implement Generic Routing Encapsulation (GRE)

    Implemented in NetworkMiner 1.2.

    2012-01-28 06:04:58 PST in NetworkMiner pack...

  • Followup: RE: Possible Session Crash.

    The details you've supplied were (hopefully) enough to solve the bug. I have now modified the code for the FinPacketReceived getter to avoid null references. Please send an email to me at: erik.hjelmvik [at] gmail.com in order to get the fixed version to try on your pcap file. Thanks! /erik.

    2012-01-15 10:53:17 PST in NetworkMiner pack...

  • Followup: RE: Possible Session Crash.

    You can debug NetworkMiner by downloading the source code from: http://sourceforge.net/projects/networkminer/files/networkminer/NetworkMiner-1.2/ If you don't have visual studio, then I suggest you get it from: http://www.microsoft.com/visualstudio/en-us/products/2010-editions/express Open the project and start debugging with F5. Visual Studio should pause execution when it receives...

    2012-01-15 01:28:39 PST in NetworkMiner pack...

  • Followup: RE: Possible Session Crash.

    I've now loaded multiple pcap files containing fragmented IP packets (I've looked for "ip.fragments" as well as "ip.flags.mf eq 1"). But I have not yet been able to crash NetworkMiner. May I ask what application layer protocol the fragmented IP packet(s) contains?.

    2012-01-14 12:46:09 PST in NetworkMiner pack...

  • Followup: RE: Possible Session Crash.

    Hi, This is not a known bug if your are able to crash the latest version (1.2) of NetworkMiner. Is the crash reliable, i.e. does it crash the same way every time you open a specific pcap file? Also, is there some way you would be able to share some pcap data, which we can use to recreate the crash you are experiencing? Regards, Erik Hjelmik.

    2012-01-14 03:57:17 PST in NetworkMiner pack...

About Me

  • 2007-02-13 (5 years ago)
  • 1718520
  • hjelmvik (My Site)
  • Erik Hjelmvik

Send me a message