User Tools

Site Tools



Articles about network security monitoring, traffic analytics, setting up measurement, techniques for scaling, threat hunting tips, etc.

Hardware and Data Acquisition

Netflow tunneling

Tunneling Netflow to a remote Trisul involves preserving the original IP address of the switch/router. We describe three methods to achieve it, NAT, GRE, and Shim Tunnels.

Using NAT on gateway to send Netflow to remote Trisul

Using GRE Tunnel to send Netflow to a remote Trisul

Using a Shim Tunnel to send Netflow to a remote Trisul

Use a Shim Tunnel when you cant use GRE or NAT


NSM and Packet Analytics Concepts


TLS Fingerprinting

Intrusion Detection

Offline analysis with the WRCCDC PCAP dump

In this three part series, we explain techniques and show how to analyze the 2018 WRCCDC PCAP dump using TrisulNSM. We appreciate the kind folks at WRCCDC for making this publicly accessible.

Part 1: Strategy to analyze large PCAP dumps without getting overwhelmed

Part 2: How to use the free TrisulNSM Docker image to process the PCAPs

Part 3: Screenshots and vids showing some of the results and techniques

Netflow analytics

Administration Tips


articles.txt · Last modified: 2021/04/21 16:56 by veera