Sunday, March 1, 2015


Dshell is a Python-based network forensic analysis framework developed by the U.S. Army Research Laboratory.  The framework handles stream reassembly of both IPv4 and IPv6 network traffic and also includes geolocation and IP-to-ASN mapping data for each connection.  The framework also enables development of network analysis plug-ins that are designed to aid in the understanding of network traffic and present results to the user in a concise, useful manner by allowing users to parse and present data of interest from multiple levels of the network stack.

No comments:

Post a Comment