offline:wrccdc_pcaps
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionLast revisionBoth sides next revision | ||
offline:wrccdc_pcaps [2018/05/12 16:19] – [Analyzing the WRCCDC PCAP dump using TrisulNSM : Part 1 Approach] veera | offline:wrccdc_pcaps [2018/05/12 17:10] – [Analyzing the WRCCDC PCAP dump using TrisulNSM : Part 1 Approach] veera | ||
---|---|---|---|
Line 6: | Line 6: | ||
* Part 1: Approach how to avoid getting overwhelmed by large PCAPS | * Part 1: Approach how to avoid getting overwhelmed by large PCAPS | ||
- | * Part 2: How to use the free TrisulNSM Docker Image to analyze the PCAP dump | + | * [[offline: |
- | * Part 3: Screenshots & video of possible analysis paths (using TrisulNSM) | + | * [[offline: |
Line 93: | Line 93: | ||
- | |||
- | ===== Instructions to run TrisulNSM over the PCAPs ===== | ||
- | |||
- | |||
- | |||
- | |||
- | Download the first 8 PCAP files. Roughly 4GB into ''/ | ||
- | |||
- | < | ||
- | root@unpl: | ||
- | total 3.8G | ||
- | -rw-r--r-- 1 root root 477M May 10 12:28 wrccdc.2018-03-23.010014000000000.pcap | ||
- | -rw-r--r-- 1 root root 477M May 10 12:28 wrccdc.2018-03-23.010103000000000.pcap | ||
- | -rw-r--r-- 1 root root 477M May 10 12:28 wrccdc.2018-03-23.010232000000000.pcap | ||
- | -rw-r--r-- 1 root root 477M May 10 12:28 wrccdc.2018-03-23.010356000000000.pcap | ||
- | -rw-r--r-- 1 root root 477M May 10 12:29 wrccdc.2018-03-23.010717000000000.pcap | ||
- | -rw-r--r-- 1 root root 477M May 10 12:29 wrccdc.2018-03-23.010904000000000.pcap | ||
- | -rw-r--r-- 1 root root 477M Mar 23 20:13 wrccdc.2018-03-23.011313000000000.pcap | ||
- | -rw-r--r-- 1 root root 477M Mar 23 20:13 wrccdc.2018-03-23.011338000000000.pcap | ||
- | root@unpl: | ||
- | </ | ||
- | |||
- | |||
- | |||
- | Run the Docker image over the pcaps | ||
- | |||
- | < | ||
- | |||
- | sudo docker run --name=trisul1n \ | ||
- | --privileged=true --net=host -v / | ||
- | -d trisulnsm/ | ||
- | --webserver-port 4000 --websockets-port 4003 \ | ||
- | --fine-resolution | ||
- | --pcap | ||
- | </ | ||
- | |||
- | |||
- | |||
- | Upon completion your '' | ||
- | |||
- | |||
- | < | ||
- | |||
- | Finished elapsed : 328 seconds | ||
- | |||
- | |||
- | ==== SUCCESSFULLY IMPORTED FROM PCAP REPO / | ||
- | ==== TO VIEW DASHBOARDS ===== | ||
- | ==== 1. login to the Web Trisul interface ===== | ||
- | ==== 2. select wrccdc1 on the Login Screen ===== | ||
- | |||
- | Started TrisulNSM docker image. Sleeping. | ||
- | |||
- | </ | ||
- | |||
- | |||
- | |||
- | Using Trisul to analyze the PCAPs | ||
- | |||
- | |||
- | File extraction | ||
- | |||
- | < | ||
- | DOCKER: | ||
- | -rw-r--r-- 1 trisul trisul | ||
- | -rw-r--r-- 1 trisul trisul | ||
- | -rw-r--r-- 1 trisul trisul 12582912 May 11 12:52 / | ||
- | -rw-r--r-- 1 trisul trisul 42846720 May 11 12:52 / | ||
- | DOCKER: | ||
- | |||
- | |||
- | </ | ||
offline/wrccdc_pcaps.txt · Last modified: 2018/05/13 00:10 by veera