Description: In this episode of TekTip we demo Moloch
From https://github.com/aol/moloch :
"Moloch is an open source, large scale IPv4 packet capturing (PCAP), indexing and database system. A simple web interface is provided for PCAP browsing, searching, and exporting. APIs are exposed that allow PCAP data and JSON-formatted session data to be downloaded directly. Simple security is implemented by using HTTPS and HTTP digest password support or by using apache in front. Moloch is not meant to replace IDS engines but instead work along side them to store and index all the network traffic in standard PCAP format, providing fast access. Moloch is built to be deployed across many systems and can scale to handle multiple gigabits/sec of traffic."
Big thanks to the Securabit.com team for letting me use their instance of Moloch.
www.TekDefense.com
@TekDefense
Tags: TekDefense , TekTip , 1aN0rmus , Moloch , Traffic , pcap , packet , analysis ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.