Trisul Network Analytics
Developer Zone

User Tools

Site Tools

You are here: Home » offline » Processing the DEFCON 26 CTF PCAPS using Trisul NSM
Trace:
offline:defcon26ctf

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
Next revisionBoth sides next revision
offline:defcon26ctf [2018/11/12 22:58] – [PCAP totals dashboard] veeraoffline:defcon26ctf [2018/11/12 22:58] – [Trend] veera
Line 87: Line 87:
  
  
-{{:offline:dc26-2.png?600|}}+{{:offline:dc26-2.png?800|}}
  
  
Line 94: Line 94:
 Click on //Dashboards > Sessions// to see top flows by volume, long lived flows, download, upload.  This is a really good place to start because in many CTF or even enterprise loads - elephant flows ((Elephant flows are large volume flows that dominate the bulk of the data transfer))  dominate the overall volume of data. Here we see a single flow from IP 10.13.37.8 pushing nearly 800MB in a 10 Min transfer.  Click on //Dashboards > Sessions// to see top flows by volume, long lived flows, download, upload.  This is a really good place to start because in many CTF or even enterprise loads - elephant flows ((Elephant flows are large volume flows that dominate the bulk of the data transfer))  dominate the overall volume of data. Here we see a single flow from IP 10.13.37.8 pushing nearly 800MB in a 10 Min transfer. 
  
-{{:offline:dc26-3.png?600|}}+{{:offline:dc26-3.png?800|}}
  
  
offline/defcon26ctf.txt · Last modified: 2018/11/12 23:00 by veera