Chaosreader 0.94 review

Download
by rbytes.net on

Chaosreader is an open source tool to trace TCP/UDP/..

License: GPL (GNU General Public License)
File size: 181K
Developer: Brendan Gregg
0 stars award from rbytes.net

Chaosreader is an open source tool to trace TCP/UDP/... sessions and fetch application data from snoop or tcpdump logs. This is a type of "any-snarf" program, as it will fetch telnet sessions, FTP files, HTTP transfers (HTML, GIF, JPEG, ...), SMTP emails, ... from the captured data inside network traffic logs.

A index in html file is created that links to all the session details, including realtime replay programs for telnet, rlogin, IRC, X11 or VNC sessions; and reports such as image reports and HTTP GET/POST content reports. Chaosreader can also run in standalone mode - where it invokes tcpdump or snoop (if they are available) to create the log files and then processes them. For a look at the command line options see the readme printed by the program (chaosreader --help2).

Here are some key features of "Chaosreader":
Reads Solaris snoop logs and four versions of tcpdump/libpcap logs
Standalone mode generates a series of logs and then processes those
Processes HTTP, FTP, telnet, SMTP, IRC, ... application protocols
Processes any TCP and UDP traffic
Processes 802.11b wireless traffic
Processes PPPoE traffic, tun device traffic
Retrieves transferred files from FTP and HTTP traffic
Creates HTML and text reports to list contents of the log
Creates realtime replay programs for telnet or IRC sessions
Creates red/blue coloured HTML reports for 2-way sessions such as telnet and FTP
Creates red/blue coloured HTML reports for any TCP, UDP or ICMP traffic
Creates image reports from HTTP, FTP transfers
Creates HTTP GET and POST reports from queries
Creates red/blue coloured HTML hex dumps for any TCP, UDP or ICMP traffic
Creates plain text hex dumps for any TCP, UDP or ICMP traffic
Creates HTTP proxy logs based on observed HTTP traffic, using the squid log format
Creates X11 realtime replay programs to playback an X11 session. (experimental).
Creates red/blue coloured HTML reports for X11 text and keystrokes.
Creates realtime replay programs for X11 text communication.
Creates VNC realtime replay programs to playback a VNC session. (experimental).
Creates HTML reports for VNC keystrokes.
Creates realtime replay programs for VNC keystrokes.
SSH content analysis. reports, replays and keystroke delay data files.
Creates raw data files from TCP or UDP transfers
Supports TCP out of sequence number delivery
Supports IP fragmentation
Supports IPv4 and IPv6
Processes ICMP and ICMPv6
Very configurable (including filtering on IPs and ports)
Can sort data based on time, size, type or IP.
Can skip sessions smaller than a min size.
Runs on Solaris, RedHat, Windows, ...

Chaosreader 0.94 search tags