ChaosReader

Description

ChaosReader is a  freeware tool to trace TCP/UDP/… sessions andetch application data from snoop or tcpdump logs. This is a type of “any-snarf” program, as it will fetch telnet sessions, FTP files, HTTP transfers (HTML, GIF, JPEG, …), SMTP emails, … from the captured data inside network traffic logs. A html index file f is created that links to all the session details, including realtime replay programs for telnet, rlogin, IRC, X11 and VNC sessions; and reports such as image reports and HTTP GET/POST content reports. Chaosreader can also run in standalone mode – where it invokes tcpdump or snoop (if they are available) to create the log files and then processes them.

Usage

Syntax

chaosreader [-aehikqrvxAHIRTUXY] [-D dir]
[-b port[,…]] [-B port[,…]]
[-j IPaddr[,…]] [-J IPaddr[,…]]
[-l port[,…]] [-L port[,…]] [-m bytes[k]]
[-M bytes[k]] [-o “time”|”size”|”type”|”ip”]
[-p port[,…]] [-P port[,…]]
infile [infile2 …]

Options

       infile      # Create application session files, indexes
       -v infile   # Verbose - Create ALL files
       -i infile   # Create info files
       -r infile   # Create raw files
       -S 2,5      # Standalone - sniff network 5 times by 2 mins.

Example

cyborg@cyborg:~$ chaosreader -v inputfile
Chaosreader ver 0.94

Opening, inputfile

Reading file contents,
 100% (245515/245515)
Reassembling packets,
 100% (1011/1016)

Creating files...
   Num  Session (host:port <=> host:port)              Service
  0077  192.168.171.129:56574,216.58.196.110:443       https
  0055  192.168.171.129:45614,212.129.62.232:443       https
  0072  192.168.171.129:45415,54.187.97.23:443         https
  0067  192.168.171.129:58243,54.201.112.14:443        https
  0070  192.168.171.129:58245,54.201.112.14:443        https
  0122  192.168.171.129:51047,95.211.169.35:443        https
  0076  192.168.171.129:35872,54.191.222.218:443       https
  0121  192.168.171.129:55048,195.154.119.102:443      https
  0016  192.168.171.129:39232,185.62.190.249:443       https
  0004  192.168.171.129:36848,195.154.108.12:9001      9001
  0089  192.168.171.129:58422,216.58.196.99:443        https
  0003  192.168.171.129:42612,5.103.104.140:9001       9001
  0049  192.168.171.129:52539,108.53.208.157:443       https
  0066  192.168.171.129:58242,54.201.112.14:443        https
  0071  192.168.171.129:45414,54.187.97.23:443         https
  0017  192.168.171.129:44266,192.42.115.101:9003      9003
  0026  192.168.171.129:47105,134.119.36.135:443       https
  0084  192.168.171.129:60995,74.125.68.105:443        https
  0054  192.168.171.129:54904,82.94.251.204:443        https
  0051  192.168.171.129:38356,5.39.89.124:9001         9001
  0079  192.168.171.129:57844,54.68.59.115:443         https
  0001  192.168.171.129:58583,154.46.204.125:443       https
  0048  192.168.171.129:41658,62.210.124.124:9101      bacula-dir
  0005  192.168.171.129:47395,5.175.233.86:443         https
  0131  192.168.171.129:35770,91.121.209.68:443        https
  0152  192.168.171.129:35882,54.191.222.218:443       https
  0013  192.168.171.129:41383,2.22.48.115:443          https
  0021  192.168.171.129:35690,5.79.86.168:9001         9001
  0137  192.168.171.129:45724,78.46.51.124:22          ssh
  0050  192.168.171.129:35973,188.226.149.124:9001     9001
  0002  192.168.171.129:34882,5.9.108.74:7012          7012
  0139  192.168.171.129:51050,95.211.169.35:443        https
  0075  192.168.171.129:35871,54.191.222.218:443       https
  0073  192.168.171.129:45416,54.187.97.23:443         https
  0018  192.168.171.129:42161,86.59.119.88:443         https
  0068  192.168.171.129:57083,74.125.68.94:443         https
  0006  192.168.171.129:41951,84.234.155.81:9003       9003
  0022  192.168.171.129:35945,46.252.24.56:9001        9001
  0034  192.168.171.129:8798,192.168.171.2:53          domain
  0009  192.168.171.129:10861,192.168.171.2:53         domain
  0040  192.168.171.129:29509,192.168.171.2:53         domain
  0100  192.168.171.129:24591,192.168.171.2:53         domain
  0095  192.168.171.129:5353,224.0.0.251:5353          mdns
  0127  192.168.171.129:59232,192.168.171.2:53         domain
  0154  192.168.171.129:49171,192.168.171.2:53         domain
  0058  192.168.171.129:18848,192.168.171.2:53         domain
  0143  192.168.171.129:14999,192.168.171.2:53         domain
  0011  192.168.171.129:17399,192.168.171.2:53         domain
  0097  fe80:::2c:29ff:feda:59f8:5353,ff2::fb:5353     mdns
  0112  192.168.171.129:63260,192.168.171.2:53         domain
  0025  192.168.171.129:17980,192.168.171.2:53         domain
  0115  192.168.171.129:13937,192.168.171.2:53         domain
  0126  192.168.171.129:11372,192.168.171.2:53         domain
  0083  192.168.171.129:42578,192.168.171.2:53         domain
  0012  192.168.171.129:46584,192.168.171.2:53         domain
  0093  0.0.0.0:68,255.255.255.255:67                  bootps
  0098  192.168.171.129:33731,192.168.171.2:53         domain
  0036  192.168.171.129:25673,192.168.171.2:53         domain
  0101  192.168.171.129:46921,192.168.171.2:53         domain
  0147  192.168.171.129:30917,192.168.171.2:53         domain
  0146  192.168.171.129:22183,192.168.171.2:53         domain
  0091  192.168.171.129:16011,192.168.171.2:53         domain
  0027  192.168.171.129:2528,192.168.171.2:53          domain
  0015  192.168.171.129:64611,192.168.171.2:53         domain
  0008  192.168.171.129:27090,192.168.171.2:53         domain
  0035  192.168.171.129:21381,192.168.171.2:53         domain
  0108  192.168.171.129:10841,192.168.171.2:53         domain
  0031  192.168.171.129:21359,192.168.171.2:53         domain
  0110  192.168.171.129:53117,192.168.171.2:53         domain
  0024  192.168.171.129:31465,192.168.171.2:53         domain
  0088  192.168.171.129:9135,192.168.171.2:53          domain
  0080  192.168.171.129:25830,192.168.171.2:53         domain
  0109  192.168.171.129:59128,192.168.171.2:53         domain
  0116  192.168.171.129:54224,192.168.171.2:53         domain
  0150  192.168.171.129:39163,192.168.171.2:53         domain
  0144  192.168.171.129:19437,192.168.171.2:53         domain
  0103  192.168.171.129:4486,192.168.171.2:53          domain
  0059  192.168.171.129:13324,192.168.171.2:53         domain
  0086  192.168.171.129:21755,192.168.171.2:53         domain
  0135  123.108.200.124:123,192.168.171.129:123        ntp
  0039  192.168.171.129:50659,192.168.171.2:53         domain
  0074  192.168.171.129:4429,192.168.171.2:53          domain
  0132  103.252.195.20:123,192.168.171.129:123         ntp
  0125  192.168.171.129:52395,192.168.171.2:53         domain
  0155  192.168.171.129:37335,192.168.171.2:53         domain
  0151  192.168.171.129:55925,192.168.171.2:53         domain
  0133  192.168.171.129:1452,192.168.171.2:53          domain
  0060  192.168.171.129:45548,192.168.171.2:53         domain
  0044  192.168.171.129:7592,192.168.171.2:53          domain
  0065  192.168.171.129:47860,192.168.171.2:53         domain
  0041  125.62.193.121:123,192.168.171.129:123         ntp
  0014  192.168.171.129:5231,192.168.171.2:53          domain
  0029  192.168.171.129:48694,192.168.171.2:53         domain
  0042  192.168.171.129:123,202.71.140.36:123          ntp
  0020  192.168.171.129:16611,192.168.171.2:53         domain
  0032  192.168.171.129:18245,192.168.171.2:53         domain
  0141  192.168.171.129:9071,192.168.171.2:53          domain
  0148  192.168.171.129:49377,192.168.171.2:53         domain
  0113  192.168.171.129:3964,192.168.171.2:53          domain
  0099  192.168.171.129:40385,192.168.171.2:53         domain
  0023  192.168.171.129:9783,192.168.171.2:53          domain
  0053  192.168.171.129:2264,192.168.171.2:53          domain
  0140  192.168.171.129:56153,192.168.171.2:53         domain
  0120  192.168.171.129:35089,192.168.171.2:53         domain
  0129  192.168.171.129:26714,192.168.171.2:53         domain
  0105  192.168.171.129:1302,192.168.171.2:53          domain
  0142  192.168.171.129:21650,192.168.171.2:53         domain
  0062  192.168.171.129:37205,192.168.171.2:53         domain
  0061  192.168.171.129:52616,192.168.171.2:53         domain
  0043  192.168.171.129:2180,192.168.171.2:53          domain
  0124  192.168.171.129:53225,192.168.171.2:53         domain
  0107  192.168.171.129:4638,192.168.171.2:53          domain
  0064  192.168.171.129:23884,192.168.171.2:53         domain
  0153  192.168.171.129:39437,192.168.171.2:53         domain
  0069  192.168.171.129:1381,192.168.171.2:53          domain
  0128  192.168.171.129:46703,192.168.171.2:53         domain
  0118  192.168.171.129:14557,192.168.171.2:53         domain
  0130  120.88.46.10:123,192.168.171.129:123           ntp
  0045  192.168.171.129:32258,192.168.171.2:53         domain
  0082  192.168.171.129:65039,192.168.171.2:53         domain
  0081  192.168.171.129:59678,192.168.171.2:53         domain
  0057  192.168.171.129:23731,192.168.171.2:53         domain
  0033  192.168.171.129:123,91.189.89.199:123          ntp
  0010  192.168.171.129:45002,192.168.171.2:53         domain
  0114  192.168.171.129:6437,192.168.171.2:53          domain
  0052  192.168.171.129:12138,192.168.171.2:53         domain
  0063  192.168.171.129:22461,192.168.171.2:53         domain
  0123  192.168.171.129:3724,192.168.171.2:53          domain
  0149  192.168.171.129:58692,192.168.171.2:53         domain
  0047  192.168.171.129:7975,192.168.171.2:53          domain
  0085  192.168.171.129:35180,192.168.171.2:53         domain
  0030  192.168.171.129:64771,192.168.171.2:53         domain
  0106  192.168.171.129:38214,83.170.6.76:3544         3544
  0038  192.168.171.129:39398,192.168.171.2:53         domain
  0090  192.168.171.129:8527,192.168.171.2:53          domain
  0111  192.168.171.129:35313,192.168.171.2:53         domain
  0007  192.168.171.129:37183,192.168.171.2:53         domain
  0117  192.168.171.129:48113,192.168.171.2:53         domain
  0087  192.168.171.129:11670,192.168.171.2:53         domain
  0102  192.168.171.129:46285,192.168.171.2:53         domain
  0037  123.108.225.6:123,192.168.171.129:123          ntp
  0094  192.168.171.129:68,192.168.171.254:67          bootps
  0138  216.66.84.158:42626,192.168.171.129:38214      38214
  0028  192.168.171.129:62371,192.168.171.2:53         domain
  0019  192.168.171.129:10949,192.168.171.2:53         domain
  0145  192.168.171.129:33994,192.168.171.2:53         domain
  0046  192.168.171.129:57197,192.168.171.2:53         domain
  0136  192.168.171.129:123,91.189.94.4:123            ntp
  0134  192.168.171.129:24482,192.168.171.2:53         domain
  0056  192.168.171.129:53641,192.168.171.2:53         domain
  0104  fe80:::2c:29ff:feda:59f8,ff2::2                ICMP 133
  0096  fe80:::2c:29ff:feda:59f8,ff2::2                ICMP 133
  0078  192.168.171.129,192.168.171.2                  ICMP Destination Unreachable
  0092  00::0,ff2::1:ffda:59f8                         ICMP Neighbor solicitation
  0119  fe80:::2c:29ff:feda:59f8,ff2::2                ICMP 133

index.html created.

Here is preview of index.html


  ChaosReader  ChaosReader
chaosr2 ChaosReader chaosr3 ChaosReader
0 Comments

Leave a reply

CONTACT US

We're are building as a community and a team. Be a part of it.

Sending

©2017 Ztrela Knowledge Solutions Pvt. Ltd

Log in with your credentials

Forgot your details?