User:Catalin Sbora/sandbox

RedSplice is a network forensics tool that uses a GUI to expose its main functionality. There are three major forensics directions that the application approaches:
 * Packets Inspection which involves dissecting TCP/ UDP packets to identify elements included in OSI Layers 2,3 and 4
 * TCP Session Inspection where the packets are grouped in sessions in such a way that raw data reconstruction is possible
 * Content Inspection which is possible by extracting only useful information(e.g. images, videos, scripts, json) from application protocols (e.g HTTP)

History
First version of the software was first released in 1999 under the name Spynet. It was then acquired by eEye Digital Security and renamed to Iris. In 2014, Iris was acquired by StillVue, LLC which added new features to the product and renamed it to RedSplice.

Features

 * Promiscuous Packet Capture allows capturing packets from other devices in the network as long as the network interface card (NIC or network adapter) supports promiscuous mode
 * Traffic Replay involves injecting captured or saved packets back into the network
 * TCP Session Reconstruction allows correlation and synchronization of TCP packets so that the data associated with the packets can be extracted, visualized and analyzed
 * SSL/ TLS Decoding involves using MITM technique or browser logs to decrypt HTTPS traffic
 * Content Extraction - information like images, videos, scripts is extracted from HTTP/HTTPS traffic and displayed in a structured manner
 * Network Statistics includes a bandwidth monitor, top ten hosts by traffic amount, statistics regarding raw packets as well as protocol usage. Statistics module implements a reporting feature for each detected host which allows the user to see details regarding traffic statistics at host level.
 * Keyword Filtering used to display only the packets that include specific keywords or just mark the sessions containing those packets
 * Protocol Decoding is used to extract protocol specific information for protocols like HTTP, FTP, SMB,  ICMP, POP3, SMTP, SNMP
 * Session to application mapping allows the user to identify the application that generated network traffic in a TCP session