Archive for the ‘PCAP processing’ category
Installing Moloch on Debian 9 Stretch
Moloch is a tool that builds on Elasticsearch to process large numbers of network packets, either from a live network or from imported PCAP files. This is how I installed it on a Debian 9 server.
PCAP Split and Merge
Sometimes it also happens during network troubleshooting engagements, but it is also common for analysis jobs regarding network forensics: dealing with huge number of packets, sometimes millions or more. Two typical situations may have you scratch your head: either you have one huge file containing all packets at once, or you have a ton of […]