Dshell vs FakeNet-NG
GitHub Stats
About Dshell
Dshell is a network forensic analysis framework developed by the US Army Research Laboratory. It provides a Python-based infrastructure for rapidly developing custom network packet decoders and analyzers. Dshell processes pcap files through a plugin chain, enabling analysts to extract specific protocols, identify suspicious traffic patterns, and reconstruct network sessions. Included plugins handle DNS, HTTP, SMTP, NetFlow, and other protocols. Its chainable decoder architecture allows complex analysis workflows to be built from simple reusable components.
About FakeNet-NG
FakeNet-NG is a dynamic network analysis tool designed for malware analysis on Windows and Linux. It intercepts and redirects all network traffic to local listeners that simulate real internet services (HTTP, HTTPS, DNS, SMTP, FTP, IRC, and custom protocols). This allows analysts to observe malware network behavior without allowing actual internet connectivity, capturing C2 communications, download URLs, exfiltration attempts, and protocol patterns. FakeNet-NG supports SSL interception, custom response scripts, and integration with other analysis tools. It operates at the network driver level, catching traffic from all processes simultaneously.
Platform Support
Tags
Dshell only
FakeNet-NG only