Trisul Network Analytics
Developer Zone

User Tools

Site Tools

You are here: Home » offline » Processing the DEFCON 26 CTF PCAPS using Trisul NSM
Trace: Debugging crashes and other problems on the Trisul Probe nodes Monit Trisul Process How to redirect Netflow to Trisul across network segments using NAT
offline:defcon26ctf

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
offline:defcon26ctf [2018/11/12 22:59] – [IDS Alerts, attacks on Drupal] veeraoffline:defcon26ctf [2018/11/12 23:00] (current) – [Port connections over time] veera
Line 125: Line 125:
 Trisul lets you seamlessly pivot from any analysis point to PCAPs. You can pull down entire PCAP or use the super nifty "PCAP Headers" to only see the top of the PCAP. In the PCAP headers, we show the 'strings' seen in the PCAP header, the actual Hexdump, and a TSHARK like packet summary.   Trisul lets you seamlessly pivot from any analysis point to PCAPs. You can pull down entire PCAP or use the super nifty "PCAP Headers" to only see the top of the PCAP. In the PCAP headers, we show the 'strings' seen in the PCAP header, the actual Hexdump, and a TSHARK like packet summary.  
  
-{{:offline:dc26-7.png?600|}}+{{:offline:dc26-7.png?800|}}
  
  
Line 133: Line 133:
  
  
-{{:offline:dc26-8.png?600|}}+{{:offline:dc26-8.png?800|}}
  
  
Line 140: Line 140:
 The last one here is quite interesting. Go to Retro Counters > Select the entire Time interval and then select "Apps" We find that CTF contestants attacking different ports on different days. Hmm, maybe something to look deeper into.  The last one here is quite interesting. Go to Retro Counters > Select the entire Time interval and then select "Apps" We find that CTF contestants attacking different ports on different days. Hmm, maybe something to look deeper into. 
  
-{{:offline:dc26-9.png?600|}}+{{:offline:dc26-9.png?800|}}
  
 +
 +===== Conclusion=====
  
 Hope network analysis enthusiasts find this useful.   The docker image  bundles a [[https://trisul.org|Free License of Trisul]]. PCAP dumps upto 3 days in time can be imported.  Hope network analysis enthusiasts find this useful.   The docker image  bundles a [[https://trisul.org|Free License of Trisul]]. PCAP dumps upto 3 days in time can be imported. 
offline/defcon26ctf.1542043744.txt.gz · Last modified: 2018/11/12 22:59 by veera