CapLoader version 1.2 was released today, with lots of new powerful features.
The most significant additions in CapLoader 1.2 are:
- Network packet carving, i.e. the ability to carve full content network packets from RAM dumps, disk images etc.
- Flows can be hidden/filtered in the user interface.
- Full content keyword search in capture files.
- Flow can be selected based on TCP flags.
- Better handling of broken and corrupt capture files.
In addition to these updates, customers using the commercial edition of CapLoader also get an updated protocol database. This update improves the Port Independent Protocol Identification (PIPI) feature in CapLoader with more protocols and better accuracy. Not only does this help analysts detect services like SSH, FTP and HTTP running on non-standard ports, but the protocol database also includes signatures for malware and APT C2 traffic like ZeroAccess, Zeus, Gh0st RAT and Poison Ivy RAT.
An update for CapLoader to version 1.2 is available for previous customers via our customer portal.
The free trial version of CapLoader can be downloaded from http://www.netresec.com/?page=CapLoader
CapLoader 1.2 with suspect.pcap (from DFRWS 2008) loaded and Transcript window open
Posted by Erik Hjelmvik on Wednesday, 12 March 2014 14:45:00 (UTC/GMT)