User Tools
Sidebar
offline:defcon26ctf
**This is an old revision of the document!** ----
A PCRE internal error occured. This might be caused by a faulty plugin
====== Processing the DEFCON 26 CTF PCAPS using Trisul NSM ====== [[https://www.defcon.org/html/links/dc-ctf.html|DEFCON 26 CTF Competition]] 1. Download the DEFCON26 PCAP , a 5GB file into a directory. 2. Unrar the file and extract the inside PCAP into a filename without spaces ''defcon26ctf.pcap'' 1. Install docker on your Linux distro. 2. Create a directory on your system where the results will be stored. Move the PCAP to that directory so the docker container can see the PCAP file. Run the following lines <code bash> mkdir /opt/trisulroot mv defcon26ctf.pcap /opt/trisulroot </code> Run the trisulnsm/trisul6 docker image over the PCAP <code bash> sudo docker run --privileged=true \ --name=trisul1a \ --net=host -v /opt/trisulroot:/trisulroot \ -d trisulnsm/trisul6 \ --pcap dc26ctf.pcap \ --webserver-port 4000 </code> ===== Screenshots ===== Timeline showing volume of traffic between 10 and 100Mbps over the period of the competition. You can select any timewindow and drill down {{:offline:dc26-1.png?400|}} Trend {{:offline:dc26-2.png?400|}} Top flows {{:offline:dc26-3.png?400|}} PCAP totals dashboard {{:offline:dc26-4.png?400|}} Exploring HTTP Status 123 {{:offline:dc26-5.png?400|}} Alerts, attacks on Drupal {{:offline:dc26-6.png?400|}} Pivot to packets from anywhere {{:offline:dc26-7.png?400|}} Conversations of a particular hosts {{:offline:dc26-8.png?400|}} Port connections over time {{:offline:dc26-9.png?400|}}
offline/defcon26ctf.1542030507.txt.gz · Last modified: 2018/11/12 13:48 by veera
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
