Wednesday, December 27, 2006

Solera DataEcho

I came across this press release from Solera Networks on their open source DataEcho application. DataEcho is a Windows program that captures live traffic or reads traces in Libpcap format. It's best used for interpreting Web traffic, as shown in this screen capture of a visit to www.bejtlich.net recorded in Wireshark and fed to DataEcho.



My Web site doesn't render that well because it uses CSS, but you can see how DataEcho breaks down the Web traffic. This is a similar view from Wireshark, sorted on the last column.



Besides DataEcho, I found a SourceForge project page for a Solera-related "tEthereal Network Forensic Console", which says:

Management Console to reconstruct emails, web sessions, VOIP sessions, FTP, and all known supported Internet Protocols for Network Forensics. ***UPDATE*** Project release scheduled.

That looks interesting, but no files are available. I have been exchanging emails with Solera CEO Terry Haas, so I hope to find out more about this company's projects.

5 comments:

Terry said...

Richard and others,

We are posting an update to DataEcho on SourceForge this weekend. It has several bug fixes incorporarted and has some code changes to allow it to run under Linux using Mono.

The "tetheral" project is still a mystery to me, after 2 1/2 months on board at Solera ... apparently it's a command line version of Ethereal but I really don't know its status.

Terry

Anonymous said...

Somewhat reminiscent of Steve Romig's "review" tool from 1997 (http://www3.net.ohio-state.edu/security/talks/1997/1997-06_review_first/review.pdf). Funny how certain things remain in demand.

Vivek Rajan said...

If you are interested in complete reconstruction of web pages, including CSS, inline images, flash, check out Unsniff a new network analysis product. See blog post

Terry said...

Well, we posted v 1.1 on SourceForge earlier this week. We don't have the mono version working yet. Still a couple of bugs in DataEcho but we are working through them, and looking forward to getting some help/enhancements from the community.

Thanks,
Terry

korkusuzlar said...
This comment has been removed by a blog administrator.