GitHub - yiwiz-sai/Windows-Sensor: Perform packet-process correlation on Windows using the Windows equivalent of the Linux sensor.

yiwiz-sai / Windows-Sensor Public

forked from HoneProject/Windows-Sensor

Notifications You must be signed in to change notification settings
Fork 0
Star 0

Perform packet-process correlation on Windows using the Windows equivalent of the Linux sensor.

View license

0 stars 12 forks Branches Tags Activity

Star

Notifications

Branches Tags

Name		Name	Last commit message	Last commit date
Latest commit History 2 Commits
hone		hone
honeutil		honeutil
installer		installer
.gitignore		.gitignore
DIRS		DIRS
License.txt		License.txt
README		README
Readme.html		Readme.html
build.py		build.py
build_helper.bat		build_helper.bat
ioctls.h		ioctls.h
version_info.h		version_info.h
wfp_common.cpp		wfp_common.cpp
wfp_common.h		wfp_common.h

Repository files navigation

Host-Network (Hone) Packet-Process Correlator for Windows

Copyright (c) 2014-2015 Battelle Memorial Institute
Licensed under a modification of the 3-clause BSD license
See License.txt for the full text of the license and additional disclaimers

Author: Richard L. Griswold
Contributors: Peter L. Nordquist, Ruslan A. Doroshchuk, Alexis J. Malozemoff,
Brandon J. Carpenter, and Glenn A. Fink


H   H  OOO  N   N EEEEE
H   H O   O NN  N E
HHHHH O   O N N N EEEE
H   H O   O N  NN E
H   H  OOO  N   N EEEEE


Hone is a tool for correlating packets to processes to bridge the HOst-NEtwork
divide. The Hone Packet-Process Correlator for Windows consists of a
kernel-mode driver that performs packet-process correlation and user-mode
utilities for reading data collected by the driver and managing the driver.
For information on building, installing, and using Hone, as well as technical
information about the inner workings of Hone, see the Readme.html file.