how-to block ads
|
|
Uniqs:
526 |
Share Topic
 |
 |
|
|
|
 Link LoggerPremium,MVM
join:2001-03-29
Calgary, AB
kudos:3
 ·Shaw
| MD5 File Grouper for PortPeeker and others I don't know how many of you are using PortPeeker and saving captures to files, but you can end up with a ton of files in your capture directory. I suspect that you check them by file length looking for new attack captures, but there is a better way. Attached is a beta program which takes all the files within a directory and groups them into subdirectories via the MD5 Hash value of the file. If it has to create a new directory, meaning that it processes a file with a new hash value, then that directory is displayed in bold text in the program. This is a free utility and comments welcomed.
Blake
I couldn't find one, so I wrote one.
--
Vendor: Firewall Logging Software »www.SonicLogger.com - SonicWall and 3Com »www.LinkLogger.com - Linksys, Netgear and Zyxel | |
Link LoggerPremium,MVM
join:2001-03-29
Calgary, AB
kudos:3 Reviews:
·Shaw
| Attached is a pix of my 3127 capture directory as organized by MD5Grouper. MD5Grouper creates a subdirectory for each unique file hash and then moves files with the same hash into the labeled directory. MD5Grouper also lets you know when it finds a new MD5 hash so you know you have a new file signature (ie a new worm).
So after every couple of captures or whenever you wish, you run MD5Grouper on your capture directory and MD5Grouper will group the new files into whatever directory they belong in or will create new directories for them (and let you know that you have new signatures).
The easiest way to explain this was to post a pix showing what a MD5Grouper directory looks like.
Blake
--
Vendor: Firewall Logging Software »www.SonicLogger.com - SonicWall and 3Com »www.LinkLogger.com - Linksys, Netgear and Zyxel | |
|
