I want to create, for my thesis in "Cyber Forensics Challenges", an application that can take any PCAP file and render an HTML analysis file with as much information as possible, probably coupled with an API that searches the ip lookup. I have very little knowledge in Python or C++, so I decided to begin with jNetPcap, a Java library for libpcap. I would like to know the limits of this library and your advice on creating the software in less than a week. Indeed, I have been trying to reassemble a TCP stream and fail miserably. Is this the best language to create such application? Does anybody know of a similar project?
Asked
Active
Viewed 233 times
2 Answers
3
Java will work just fine for the application. I suggest that you design the application first and then code.
I am not being snarky. It is tempting, especially with a short timeframe, to jump right into coding. You need to resist that temptation and step back from the keyboard and determine exactly what you want to present to the user (you) of the application, then determine how to get there from the input data (pcap file). Once you work that out, it is a "simple" matter of writing code. You need to have a clear objective in mind or you will never know when you're done.
Also, you need to be sure that you can say "it's good enough" and not strive for perfection, because perfection rarely if ever comes.
querist
- 614
- 3
- 11
1
those two are what i am using
- if you want dealing packet fast c++ pcapplusplus https://pcapplusplus.github.io/
- if you want learn protocol fast python scapy https://scapy.readthedocs.io/en/latest/usage.html
辜乘风
- 152
- 5