I was running into an issue though when I used the port monitor to sniff the traffic from an Octopus box – the monitor kept crashing when I tried to view the data that was transfered. I knew I used the method outlined by Bram correctly since the output of the port monitor was several megabytes larger than the output of the box, however I couldnt get to the hex dump since the program crashed.
The solution lay in converting the binary log file created by the monitor into a text file with just the transferred hex. This is accomplished by selecting “Tools -> Convert binary log file” from the upper menu. A dialog box will then appear.
Select the log you want to convert and the output directory. Now select “unlimited” in Bytes per dump, “if transfered data exists” under Process Data, and Output Hex data, Output ASCII data, Align and Transferred data only. The resulting output should look something similar to the below.
Adjust the output settings as you need. I hope this helps you in your forensic endeavors.