The Bitcoin and NBNS decoders are now included in the U.S. Army Research Lab's Dshell repository.

This plugins repository is an unofficial library of decoders for Dshell, the U.S. Army Research Lab's network forensic analysis framework.

For general questions regarding Dshell, please see their README.md

• Dshell, U.S. ARL's Dshell
• Dshell's Prerequisites
  • Linux (developed on Ubuntu 12.04)
  • Python 2.7
  • pygeoip, GNU Lesser GPL
    • MaxMind GeoIP Legacy datasets
  • PyCrypto, custom license
  • dpkt, New BSD License
  • IPy, BSD 2-Clause License
  • pypcap, New BSD License

After installing Dshell, these additional decoders can be downloaded and moved to <install-location>/decoders/misc/

• To ensure that these decoders are now available for use within Dshell:
  • ./dshell which runs Dshell (You should see the Dshell> prompt)
  • decode -l lists the available decoders

• decode -d <decoder>
  • Displays information about the decoder, including command-line flags
• decode -d <decoder> <pcap>
  • Runs the desired decoder on the pcap or list of pcaps