<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=2180921&amp;fmt=gif">

What can GopherCAP do?

  • Parse PCAPs for metadata and timestamp extraction
  • Replay those PCAPs to local capture interface while preserving inter-packet timestamps and accounting for delay between each file beginning in asynchronous sets
  • Extract files from gzipped tar archives directly to compressed file handles, thus saving space when only a subset of PCAP files are needed from a large archive
  • Deduplicate packets by hashing packet IP and TCP/UDP headers

Why did we develop GopherCAP?

Much of the Stamus Networks QA pipeline is data-driven, meaning we rely on replaying PCAPs over and over again to develop our advanced threat detection solutions. Previously we relied on other popular PCAP replay tools, but we found that those tools weren’t capable of replaying larger-than-average PCAPs efficiently.

 

This led us to develop GopherCAP, a custom PCAP manipulation tool that uses the existing packet decoding abilities of Google’s GoPacket library to perform faster and more flexible packet manipulation. Since the initial development, we have also included additional manipulation features for threat hunters. 

Join the Community Discussion

Have questions or comments about the GopherCAP project?

Interested in contributing to the code or knowledge base?

Open your pull request on the project's GitHub repository.
Or join the discussion on our Discord server.

Go to GopherCAP on GitHub
Join Stamus Labs on Discord

Additional Resources

Stamus-GopherCAP-PCAP-Manipulation

Introducing GopherCAP: Powerful PCAP Manipulation

Read More
GopherCap-Blog3-DeDup

GopherCap Packet De-duplication

Read More
Stamus_GopherCAP_Blog_2022

GopherCAP Update: PCAP Filtering and SMB Lateral Detection Research

Read More

ABOUT STAMUS NETWORKS

Stamus Networks believes in a world where defenders are heroes, and a future where those they protect remain safe. As organizations face threats from well-funded adversaries, we relentlessly pursue solutions that make the defender’s job easier and more impactful. The global leader in Suricata-based network security solutions, Stamus Networks helps enterprise security teams know more, respond sooner and mitigate their risk with insights gathered from cloud and on-premise network activity. Our Stamus Security Platform combines the best of intrusion detection (IDS), network security monitoring (NSM), and network detection and response (NDR) systems into a single solution that exposes serious and imminent threats to critical assets and empowers rapid response. 

Indianapolis, USA Paris, France

Privacy

© 2014-2024 Stamus Networks, Inc. All rights Reserved.