DOCSLIB.ORG

Documentation.Pdf

Documentation.Pdf

Tranalyzer2 Version 0.8.11, Beta, Tarantula Flow based forensic and network troubleshooting traffic analyzer Tranalyzer Development Team CONTENTS CONTENTS Contents 1 Introduction 1 1.1 Getting Tranalyzer..............................................1 1.2 Dependencies.................................................1 1.3 Compilation..................................................2 1.4 Installation..................................................3 1.5 Getting Started................................................3 1.6 Getting Help..................................................3 2 Tranalyzer2 5 2.1 Supported Link-Layer Header Types.....................................5 2.2 Enabling/Disabling Plugins..........................................5 2.3 Man Page...................................................7 2.4 Invoking Tranalyzer..............................................7 2.5 hashTable.h.................................................. 13 2.6 ioBuffer.h................................................... 13 2.7 loadPlugins.h................................................. 13 2.8 main.h..................................................... 13 2.9 networkHeaders.h............................................... 14 2.10 proto/capwap.h................................................ 15 2.11 proto/ethertype.h............................................... 15 2.12 proto/linktype.h................................................ 15 2.13 proto/lwapp.h................................................. 15 2.14 packetCapture.h................................................ 15 2.15 tranalyzer.h.................................................. 16 2.16 bin2txt.h.................................................... 26 2.17 gz2txt.h.................................................... 26 2.18 outputBuffer.h................................................. 26 2.19 rbTree.h.................................................... 27 2.20 subnetHL.h.................................................. 27 2.21 t2log.h..................................................... 27 2.22 Tranalyzer2 Output.............................................. 27 2.23 Final Report.................................................. 28 2.24 Monitoring Modes During Runtime..................................... 31 2.25 Cancellation of the Sniffing Process..................................... 36 3 arpDecode 37 3.1 Description.................................................. 37 3.2 Dependencies................................................. 37 3.3 Configuration Flags.............................................. 37 3.4 Flow File Output............................................... 37 3.5 Plugin Report Output............................................. 39 3.6 Packet File Output.............................................. 39 b Copyright © 2008–2021 by Tranalyzer Development Team CONTENTS CONTENTS 4 basicFlow 40 4.1 Description.................................................. 40 4.2 Configuration Flags.............................................. 40 4.3 Flow File Output............................................... 41 4.4 Packet File Output.............................................. 50 4.5 Post-Processing................................................ 50 5 basicStats 51 5.1 Description.................................................. 51 5.2 Configuration Flags.............................................. 51 5.3 Flow File Output............................................... 51 5.4 Packet File Output.............................................. 52 5.5 Plugin Report Output............................................. 52 6 bgpDecode 53 6.1 Description.................................................. 53 6.2 Dependencies................................................. 53 6.3 Configuration Flags.............................................. 53 6.4 Flow File Output............................................... 54 6.5 Additional Output............................................... 59 6.6 Plugin Report Output............................................. 60 6.7 Post-Processing................................................ 60 6.8 Anomalies................................................... 64 6.9 Examples................................................... 64 6.10 References................................................... 65 7 binSink 66 7.1 Description.................................................. 66 7.2 Dependencies................................................. 66 7.3 Configuration Flags.............................................. 66 7.4 Post-Processing................................................ 67 7.5 t2b2t...................................................... 67 7.6 Custom File Output.............................................. 67 8 cdpDecode 68 8.1 Description.................................................. 68 8.2 Dependencies................................................. 68 8.3 Configuration Flags.............................................. 68 8.4 Flow File Output............................................... 68 8.5 Packet File Output.............................................. 70 8.6 Plugin Report Output............................................. 70 9 connStat 72 9.1 Description.................................................. 72 9.2 Configuration Flags.............................................. 72 9.3 Flow File Output............................................... 72 9.4 Plugin Report Output............................................. 72 c Copyright © 2008–2021 by Tranalyzer Development Team CONTENTS CONTENTS 10 descriptiveStats 73 10.1 Description.................................................. 73 10.2 Dependencies................................................. 73 10.3 Configuration Flags.............................................. 73 10.4 Flow File Output............................................... 73 10.5 Known Bugs and Limitations......................................... 74 11 dhcpDecode 75 11.1 Description.................................................. 75 11.2 Configuration Flags.............................................. 75 11.3 Flow File Output............................................... 75 11.4 Packet File Output.............................................. 84 11.5 Plugin Report Output............................................. 85 11.6 TODO..................................................... 85 11.7 References................................................... 85 12 dnsDecode 86 12.1 Description.................................................. 86 12.2 Configuration Flags.............................................. 86 12.3 Flow File Output............................................... 86 12.4 Packet File Output.............................................. 93 12.5 Plugin Report Output............................................. 93 12.6 Example Output................................................ 94 12.7 TODO..................................................... 94 13 entropy 95 13.1 Description.................................................. 95 13.2 Configuration Flags.............................................. 95 13.3 Flow File Output............................................... 95 13.4 Plugin Report Output............................................. 95 14 findexer 96 14.1 Description.................................................. 96 14.2 Configuration Flags.............................................. 96 14.3 fextractor................................................... 96 14.4 Example scenario............................................... 97 14.5 Additional Output (findexer v2)....................................... 97 14.6 Limitations.................................................. 98 14.7 Old format (findexer v1)........................................... 98 15 fnameLabel 100 15.1 Description.................................................. 100 15.2 Configuration Flags.............................................. 100 15.3 Flow File Output............................................... 100 15.4 Packet File Output.............................................. 100 d Copyright © 2008–2021 by Tranalyzer Development Team CONTENTS CONTENTS 16 ftpDecode 101 16.1 Description.................................................. 101 16.2 Configuration Flags.............................................. 101 16.3 Flow File Output............................................... 101 16.4 Packet File Output.............................................. 104 16.5 Plugin Report Output............................................. 104 17 geoip 105 17.1 Description.................................................. 105 17.2 Dependencies................................................. 105 17.3 Configuration Flags.............................................. 105 17.4 Flow File Output............................................... 107 17.5 Post-Processing................................................ 109 18 gtpDecode 110 18.1 Description.................................................. 110 18.2 Flow File Output............................................... 110 18.3 Packet File Output.............................................. 110 18.4 Plugin Report Output............................................. 110 19 httpSniffer 111 19.1 Description.................................................. 111 19.2 Configuration Flags.............................................. 111 19.3 Flow File Output............................................... 113 19.4 Plugin Report Output............................................

View Full Text

Details

  • File Type
    pdf
  • Upload Time
    -
  • Content Languages
    English
  • Upload User
    Anonymous/Not logged-in
  • File Pages
    379 Page
  • File Size
    -

Download

Channel Download Status
Express Download Enable

Copyright

We respect the copyrights and intellectual property rights of all users. All uploaded documents are either original works of the uploader or authorized works of the rightful owners.

  • Not to be reproduced or distributed without explicit permission.
  • Not used for commercial purposes outside of approved use cases.
  • Not used to infringe on the rights of the original creators.
  • If you believe any content infringes your copyright, please contact us immediately.

Support

For help with questions, suggestions, or problems, please contact us