Trisul Network Analytics
Developer Zone

User Tools

Site Tools

You are here: Home » offline » Processing the DEFCON 26 CTF PCAPS using Trisul NSM
Trace:
offline:defcon26ctf

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
offline:defcon26ctf [2018/11/12 17:29]
veera [IDS Alerts, attacks on Drupal] 		offline:defcon26ctf [2018/11/12 17:30] (current)
veera [Port connections over time]
Line 125: Line 125:
 Trisul lets you seamlessly pivot from any analysis point to PCAPs. You can pull down entire PCAP or use the super nifty "PCAP Headers"​ to only see the top of the PCAP. In the PCAP headers, we show the '​strings'​ seen in the PCAP header, the actual Hexdump, and a TSHARK like packet summary.  ​ Trisul lets you seamlessly pivot from any analysis point to PCAPs. You can pull down entire PCAP or use the super nifty "PCAP Headers"​ to only see the top of the PCAP. In the PCAP headers, we show the '​strings'​ seen in the PCAP header, the actual Hexdump, and a TSHARK like packet summary.  ​
  
-{{:​offline:​dc26-7.png?​600|}}+{{:​offline:​dc26-7.png?​800|}}
  
  
Line 133: Line 133:
  
  
-{{:​offline:​dc26-8.png?​600|}}+{{:​offline:​dc26-8.png?​800|}}
  
  
Line 140: Line 140:
 The last one here is quite interesting. Go to Retro Counters > Select the entire Time interval and then select "​Apps"​. ​ We find that CTF contestants attacking different ports on different days. Hmm, maybe something to look deeper into.  The last one here is quite interesting. Go to Retro Counters > Select the entire Time interval and then select "​Apps"​. ​ We find that CTF contestants attacking different ports on different days. Hmm, maybe something to look deeper into. 
  
-{{:​offline:​dc26-9.png?​600|}}+{{:​offline:​dc26-9.png?​800|}}
  
 +
 +===== Conclusion=====
  
 Hope network analysis enthusiasts find this useful. ​  The docker image  bundles a [[https://​trisul.org|Free License of Trisul]]. PCAP dumps upto 3 days in time can be imported. ​ Hope network analysis enthusiasts find this useful. ​  The docker image  bundles a [[https://​trisul.org|Free License of Trisul]]. PCAP dumps upto 3 days in time can be imported. ​
offline/defcon26ctf.1542043744.txt.gz · Last modified: 2018/11/12 17:29 by veera

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki