Skip to content
This repository has been archived by the owner on Apr 16, 2021. It is now read-only.

Squert: pivot to CapMe for pcap #867

Closed
dougburks opened this issue Feb 18, 2016 · 4 comments
Closed

Squert: pivot to CapMe for pcap #867

dougburks opened this issue Feb 18, 2016 · 4 comments

Comments

@dougburks
Copy link
Contributor

No description provided.

@dougburks
Copy link
Contributor Author

https://groups.google.com/d/topic/security-onion/n80a6LK696Q/discussion

@dougburks
Copy link
Contributor Author

The version of CapMe currently in testing handles large pcaps more gracefully and provides some additional features. Ultimately, Squert will no longer handle pcap transcripts itself and simply pivot to CapMe.

squert.css:

td.sub2_capme {
text-decoration:underline;
cursor:pointer;
color:#4D5580;
}

squertMain.js:

// Transcript link
          txdata = "s" + i + "-" + cid + "-" + s2h(sid + "|" + utctimestamp + "|" + src_ip + "|" + src_port + "|" + dst_ip + "|" + dst_port);

          txBit = "<td class=\"sub sub2_inactive\">" + sid + "." + cid + "</div>";
          if (src_port != "-" && dst_port != "-") {
            // txBit = "<td class=\"sub sub2_active\" data-tx=" + txdata + " title='Generate Transcript'>" + sid + "." + cid + "</td>";
                var startDate = new Date(utctimestamp);
                var start_tz_offset = (startDate.getTimezoneOffset());
                var stime = startDate.setTime( startDate.getTime()/1000-(start_tz_offset*60) ) - 3600;
                var endDate = new Date(utctimestamp);
                var end_tz_offset = (endDate.getTimezoneOffset());
                var etime = endDate.setTime( endDate.getTime()/1000-(end_tz_offset*60) ) + 3600;
                txBit = "<td class='sub sub2_capme' title='Pivot to CapMe for transcript'> <a href='/capme/?sip=" + src_ip + "&dip=" + dst_ip + "&spt=" + src_port + "&dpt=" + dst_port + "&stime=" + stime + "&etime=" + etime + "&filename=squert' target='_blank'>" + sid + "." + cid + "</a></td>";
          }

@dougburks
Copy link
Contributor Author

submitted for testing:
https://groups.google.com/d/topic/security-onion-testing/ltCcCArPA2o/discussion

@dougburks dougburks changed the title Squert: handle large pcap transcripts more gracefully Squert: pivot to CapMe for pcap Jun 3, 2016
@dougburks
Copy link
Contributor Author

published:
http://blog.securityonion.net/2016/06/new-capme-and-squert-packages-resolve.html

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@dougburks