Honeysnap is designed to be a command-line tool for parsing single or multiple pcap data files and producing a ‘first-cut’ analysis report that identifies significant events within the processed data.
_Fact sheet about Honeynet Project’s Honeysnap_
| costs | freeware |
| software | Honeysnap V1.0.3 |
| release date | 2006-11 |
| platforms | Unix, Windows |
| author | Honeynet Project |
| language(s) | English |
| size of program | 47 KB download |
| download from | Honesnap V1.0.3 |
| more information | FAQ and additional insights about Noneysnap V1.0.3 |
Security engineers tend to use tools that help them answer the:
- _what, how and when_
issues regarding network attacks. In contrast, the Honeynet Project’s Honeysnap tool focuses on:
- Who is trying to attack
- Why is the system being attacked (e.g., is it an unpatched vulnerability?)
Honeysnap offers people interested in security metrics with a pre-prepared menu of high value network activity, aimed at focusing manual forensic analysis. It also helps one go to the root of the issue (addressing the why question) helping security expertz to fix the weaknesses that may have triggered an attack. As importantly, it saves one time when having to investigate an incident.
Once one has identified data that is of interest, one can then employ other tools for more in depth analysis.
Honeysnap is also suitable for manual operation or automation via cron.
Get more tools from CyTRAP Labs’ Choice list here:- CyTRAP Labs’ choice – free tools for security buffs and administrators
No Responses to “CyTRAP Lab’s Choice – free tool – Honeynet Project’s Honeysnap”
Trackbacks/Pingbacks
[...] – CyTRAP Lab’s Choice – free tool – Honeynet Project’s Honeysnap [...]