Announce: Honeysnap v1.0

[Arthur Clune <arthur () honeynet org uk>]

The Honeynet Project and Honeynet Research Alliance are happy to  
announce the release of Honeysnap 1.0.

Honeysnap is a command line tool for parsing single or multiple  
packet capture data files and producing a first-cut analysis report  
that identifies significant events within the data captured in the  
network attack.  Honeysnap provides security analysts with a prepared  
menu of high value network activity, enabling manual forensic  
analysis and saving significant incident investigation time.   
Honeysnap is highly suitable for batch mode operation and automation.

Functionality includes:

    * Packet and connection overview.
    * Flow extraction of common ASCII based communications.
    * Protocol decode of the most common Internet communication  
protocols
    * File transfer extraction.
    * Flow summary of inbound and outbound connections.
    * Extraction of ver2 and ver 3 Sebek data.
    * Extensive support for identification, extraction and analyses  
of IRC traffic, including keyword matching.
    * Highly modular python-based design making it easy to add in  
extra functionality.

This is the first public release and all code is under the GNU GPL.  
More releases are planned to extend Honeysnap's functionality over  
the next few months. Honeysnap is fully tested under OS X and Linux,  
and should work on any Unix-like system. Windows support is currently  
considered 'beta' and is not fully documented. This will be fixed in  
a future release.

For more information, sample output etc. see:

http://www.honeynet.org/tools/honeysnap

or contact honeysnap () honeynet org.

Arthur


--
Arthur Clune arthur () honeynet org uk