EUIST

EUIST

Just another ComMetrics – social media monitoring, best metrics, marketing metrics weblog

CyTRAP Lab’s Choice – free tool – Honeynet Project’s Honeysnap

January 5th, 2007 · No Comments ·

Honeysnap is designed to be a command-line tool for parsing single or multiple pcap data files and producing a ‘first-cut’ analysis report that identifies significant events within the processed data.

_Fact sheet about Honeynet Project’s Honeysnap_

costs freeware
software Honeysnap V1.0.3
release date 2006-11
platforms Unix, Windows
author Honeynet Project
language(s) English
size of program 47 KB download
download from Honesnap V1.0.3
more information FAQ and additional insights about Noneysnap V1.0.3

Security engineers tend to use tools that help them answer the:

– _what, how and when_

issues regarding network attacks. In contrast, the Honeynet Project’s Honeysnap tool focuses on:

– Who is trying to attack
– Why is the system being attacked (e.g., is it an unpatched vulnerability?)

Honeysnap offers people interested in security metrics with a pre-prepared menu of high value network activity, aimed at focusing manual forensic analysis. It also helps one go to the root of the issue (addressing the why question) helping security expertz to fix the weaknesses that may have triggered an attack. As importantly, it saves one time when having to investigate an incident.

Once one has identified data that is of interest, one can then employ other tools for more in depth analysis.

Honeysnap is also suitable for manual operation or automation via cron.

Get more tools from CyTRAP Labs’ Choice list here:- CyTRAP Labs’ choice – free tools for security buffs and administrators



|

→ No CommentsTags: command · honesnap · honeynet · honeysnap · identifies · manual · parsing · producing