Thursday, January 8, 2015

Tools for editing PCAP files

I wrote a new command line tool to rebase PCAP files and edit their layer2 and layer3 addresses. This tool is smart enough to edit corresponding ARP packets and understands 802.1Q tagged frames and Q-in-Q double tagged frames.  It should easily compile with Go v1.4 on MacOSX and Linux (it may also compile on Windows though I can not test that). You can get it on GitHub at:

Results of the 2014 Holiday Spy Hunter Network Forensics Challenge

I hope everyone had a great holiday season and enjoyed working through the challenge. After reading through loads of really great submissions, the top 3 reports, being 90+% complete, were from:

  1. Peter VanBuskirk
  2. Matthew Edmondson
  3. Rich Cassara 

A round of virtual congratulations is in order for these three and everyone else that submitted solutions. For those of you that have been asking, the next challenge should be ready by midyear.