Trisul Network Analytics
Developer Zone

**This is an old revision of the document!** ----

====== Analysis of popular PCAP dumps ====== Using Trisul NSM to analyze popular PCAP (Packet Capture) dumps made publicly available. ===== DEFCON 26 PCAP Dump ===== The [[https://www.defcon.org/html/links/dc-ctf.html|DEFCON 26 CTF Competition]] PCAP dump using the Trisul NSM Docker image. This article explains how you can use the free ''trisulnsm/trisul6'' docker image to process the 50GB+ PCAP and also to view the results. ===== Offline analysis with the WRCCDC PCAP dump ===== In this three part series, we explain techniques and show how to analyze the [[https://archive.wrccdc.org/|2018 WRCCDC PCAP]] dump using TrisulNSM. We appreciate the kind folks at WRCCDC for making this publicly accessible. [[offline:wrccdc_pcaps|Part 1: Strategy to analyze large PCAP dumps without getting overwhelmed]] [[offline:wrccdc_pcaps_trisulnsm|Part 2: How to use the free TrisulNSM Docker image to process the PCAPs]] [[offline:wrccdc_pcaps_results|Part 3: Screenshots and vids showing some of the results and techniques]]