You've all heard of the great Malware PCAPs made public by Malware Traffic Analysis.NET Here is a short recipe that explains how you can use the TrisulNSM Docker Image to setup an analysis platform.

Host : Ubuntu 16.04 LTS on Amazon

First install docker and start it

sudo apt update sudo apt install docker.io sudo systemctl start docker

Next Run the trisulnsm/trisul6 image available on DockerHub - Notice that we are not starting a live capture, because we intend to read the PCAPs

sudo docker run –name=trisul1a –net=host \

1. v /opt/trisul6_root:/trisulroot \
   1. d trisulnsm/trisul6

Point your browser to <ip>:3000 then login as admin/admin and select Manage → Apps

Install the following Apps:

- TLS Fingerprinter - Save Binaries - SNI TLS Metrics

Now you have the platform ready to process the PCAPs.