PCAP

Filter PCAPs using complex criteria
Filter PCAPs using complex criteria
You’re not sure what data your packet capture is really containing and it is too big to be opened with Wireshark or other tools? Visualize it using Squey, isolate packets or sessions worth of interest with arbitrary complexe criteria and then export it to smaller PCAP file(s). As an example, we will load the complete MACCDC 2012 PCAP dataset composed of 17 files (~17GB) and export HTTP communications between IPs 192.
DFIR MONTEREY 2015 Network Forensics Challenge
DFIR MONTEREY 2015 Network Forensics Challenge
This article aims at solving the PCAP related questions from the DFIR MONTEREY 2015 Network Forensics Challenge using Squey. Of course the idea here is not to really solve the challenge as it has been solved numerous times since then, but to see how easier it is to solve it using Squey. The dataset 2014-11+DFIR+Network+Forensics+Challenge.zip was taken from the Netresec PCAP page. Note: questions 1 and 4 were not solved because they didn’t involve any PCAP data.