NetDude – Network Dump data Displayer

The Network Dump data Displayer and Editor is a framework for inspection, analysis and manipulation of tcpdump trace files. It addresses the need for a toolset that allows easy inspection, modification, and creation of pcap/tcpdump trace files. Netdude builds on any popular UNIX-like OS, such as Linux, the BSDs, or OSX.

NetDude – Network Dump data Displayer

Some of the supported features with this tool:

  • Inspecting and filtering packets at arbitrary locations in trace files that can be many gigabytes in size. Trace locations can be specified both as timestamps and as fractions relative to the full trace size.
  • Inspecting and editing the values of every field in a protocol’s packet header, provided that a protocol plugin to support the protocol is installed.
  • Resizing individual packets.
  • A Hex/ASCII editor for directly modifying packet payload.
  • Defining arbitrary trace areas for subsequent packet modifications.
  • Editing multiple traces at the same time.
  • Copying, moving, and deleting packets in a trace file and between trace files.
  • Highly modular architecture, allowing easy third-party development of additional plugins providing more protocols or features.

Usually during incident response the focus will be on local files and compromised system while collecting evidence on the network level provide a second source of evidence to confirm the finding and a quick way to eliminate non affected system.

You can read more and download this tool over here: http://netdude.sourceforge.net/

Share