Pcaparse is a open source tool able to parse a pcap file (in tcpdump format) and it does this tasks:
- Reproduce HTTP, TCP, DNS and ARP protocol
- Reproduce PDF, web page, images thar are in pcap file
- Discover some web attack like SQL injection and XSS Attacks
- Discober malicious User-Agent in HTTP protocol some sqlmap
- Show invalid TCP flags
This tool has a web interface and saves your cases in a sqlite database.
I have tested this tool with Ubuntu distribution.
You can download pcaparse here
Under Ubuntu, this tool has the follows dependencies:
sudo apt-get install scapy python-matplotlib tcpflow
pip install pygeoip
To run pcaparse, just open a linux shell and run this command:
This software is distributed with an unmodified copy of web2py from web2py.com
This tool is currently maintained by Stefano Lorenzi, who can be contacted at email@example.com or twitter @BerghemHackLab https://twitter.com/BerghemHackLab. Suggestions and criticism are welcome.