{"id":8544,"date":"2012-12-01T19:43:27","date_gmt":"2012-12-02T01:43:27","guid":{"rendered":"http:\/\/bucktownbell.com\/?p=8544"},"modified":"2012-12-01T19:43:27","modified_gmt":"2012-12-02T01:43:27","slug":"extracting-data-from-network-captures-pcap-with-perl","status":"publish","type":"post","link":"http:\/\/bucktownbell.com\/?p=8544","title":{"rendered":"Extracting Data from Network Captures pcap with Perl"},"content":{"rendered":"<blockquote><p>When I am analyzing network activity generated by malware, I am most interested in <a href=\"http:\/\/www.brendangregg.com\/Chaos04\/getpost.html\">HTTP get\/posts<\/a>, the addresses the malware is communicating with, and the data that was actually sent or received.<\/p><\/blockquote>\n<p>via <a href=\"http:\/\/micksmix.wordpress.com\/2009\/10\/11\/extracting-data-from-network-captures-pcap\/\">Extracting Data from Network Captures pcap with Perl \u00ab Mick&#8217;s Mix<\/a>.<\/p>\n<blockquote><p><a href=\"http:\/\/sourceforge.net\/projects\/chaosreader\/\">Chaosreader<\/a> is a Perl script that takes a pcap file as its argument and will create communication summaries in a report format. It will also pull data from the tcp streams (within the pcap) and re-assemble the actual files.<\/p><\/blockquote>\n","protected":false},"excerpt":{"rendered":"<p>When I am analyzing network activity generated by malware, I am most interested in HTTP get\/posts, the addresses the malware is communicating with, and the data that was actually sent or received. via Extracting Data from Network Captures pcap with &hellip; <a href=\"http:\/\/bucktownbell.com\/?p=8544\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[110],"tags":[347,468,171,698],"class_list":["post-8544","post","type-post","status-publish","format-standard","hentry","category-networking","tag-malware","tag-pcap","tag-perl","tag-security-research"],"_links":{"self":[{"href":"http:\/\/bucktownbell.com\/index.php?rest_route=\/wp\/v2\/posts\/8544","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/bucktownbell.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/bucktownbell.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/bucktownbell.com\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"http:\/\/bucktownbell.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=8544"}],"version-history":[{"count":1,"href":"http:\/\/bucktownbell.com\/index.php?rest_route=\/wp\/v2\/posts\/8544\/revisions"}],"predecessor-version":[{"id":8545,"href":"http:\/\/bucktownbell.com\/index.php?rest_route=\/wp\/v2\/posts\/8544\/revisions\/8545"}],"wp:attachment":[{"href":"http:\/\/bucktownbell.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=8544"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/bucktownbell.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=8544"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/bucktownbell.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=8544"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}