Moloch: A New And Free Way To Index Your Packet Capture Repository presented at Shmoocon 2013

by Eoin Miller, Andy Wick,

Summary : Moloch is a highly scalable and open source full packet capture system that has just been published to the world in October of 2012 (http://github.com/aol/moloch). Moloch has the ability to parse and index billions of network sessions to provide an extremely fast and easy to use web application for navigating large collections of PCAP based on IP/GeoIP/ASN/hostname/URL/filetype and more. It can capture from the wire live for use as a network forensics tool to investigate compromises. Moloch also serves as a great way for searching and interacting with large PCAP repositories for research (malware traffic, exploit/scanning traffic). Moloch’s web API also makes it extremely easy to integrate with existing SEIM’s or other alerting tools/consoles to help speed up analysis.