offline:wrccdc_pcaps
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
offline:wrccdc_pcaps [2018/05/12 16:26] – [Analyzing the WRCCDC PCAP dump using TrisulNSM : Part 1 Approach] veera | offline:wrccdc_pcaps [2018/05/13 00:10] (current) – [Drilling down] veera | ||
---|---|---|---|
Line 7: | Line 7: | ||
* Part 1: Approach how to avoid getting overwhelmed by large PCAPS | * Part 1: Approach how to avoid getting overwhelmed by large PCAPS | ||
* [[offline: | * [[offline: | ||
- | * Part 3: Screenshots & video of possible analysis paths (using TrisulNSM) | + | * [[offline: |
Line 93: | Line 93: | ||
+ | ==== Next ==== | ||
- | ===== Instructions to run TrisulNSM over the PCAPs ===== | + | Enough of theory. [[offline:wrccdc_pcaps_trisulnsm|Part-2 of this series]] explains how you can get the TrisulNSM |
- | + | ||
- | + | ||
- | + | ||
- | + | ||
- | Download the first 8 PCAP files. Roughly 4GB into ''/ | + | |
- | + | ||
- | < | + | |
- | root@unpl:~# ls -lh / | + | |
- | total 3.8G | + | |
- | -rw-r--r-- 1 root root 477M May 10 12:28 wrccdc.2018-03-23.010014000000000.pcap | + | |
- | -rw-r--r-- 1 root root 477M May 10 12:28 wrccdc.2018-03-23.010103000000000.pcap | + | |
- | -rw-r--r-- 1 root root 477M May 10 12:28 wrccdc.2018-03-23.010232000000000.pcap | + | |
- | -rw-r--r-- 1 root root 477M May 10 12:28 wrccdc.2018-03-23.010356000000000.pcap | + | |
- | -rw-r--r-- 1 root root 477M May 10 12:29 wrccdc.2018-03-23.010717000000000.pcap | + | |
- | -rw-r--r-- 1 root root 477M May 10 12:29 wrccdc.2018-03-23.010904000000000.pcap | + | |
- | -rw-r--r-- 1 root root 477M Mar 23 20:13 wrccdc.2018-03-23.011313000000000.pcap | + | |
- | -rw-r--r-- 1 root root 477M Mar 23 20:13 wrccdc.2018-03-23.011338000000000.pcap | + | |
- | root@unpl: | + | |
- | </ | + | |
- | + | ||
- | + | ||
- | + | ||
- | Run the Docker image over the pcaps | + | |
- | + | ||
- | < | + | |
- | + | ||
- | sudo docker run --name=trisul1n \ | + | |
- | --privileged=true --net=host -v / | + | |
- | -d trisulnsm/ | + | |
- | --webserver-port 4000 --websockets-port 4003 \ | + | |
- | --fine-resolution | + | |
- | --pcap | + | |
- | </ | + | |
- | + | ||
- | + | ||
- | + | ||
- | Upon completion your '' | + | |
- | + | ||
- | + | ||
- | < | + | |
- | + | ||
- | Finished elapsed : 328 seconds | + | |
- | + | ||
- | + | ||
- | ==== SUCCESSFULLY IMPORTED FROM PCAP REPO / | + | |
- | ==== TO VIEW DASHBOARDS ===== | + | |
- | ==== 1. login to the Web Trisul interface ===== | + | |
- | ==== 2. select wrccdc1 on the Login Screen ===== | + | |
- | + | ||
- | Started TrisulNSM docker image. Sleeping. | + | |
- | + | ||
- | </ | + | |
- | + | ||
- | + | ||
- | + | ||
- | Using Trisul to analyze the PCAPs | + | |
- | + | ||
- | + | ||
- | File extraction | + | |
- | + | ||
- | < | + | |
- | DOCKER: | + | |
- | -rw-r--r-- 1 trisul trisul | + | |
- | -rw-r--r-- 1 trisul trisul | + | |
- | -rw-r--r-- 1 trisul trisul 12582912 May 11 12:52 / | + | |
- | -rw-r--r-- 1 trisul trisul 42846720 May 11 12:52 / | + | |
- | DOCKER: | + | |
- | + | ||
- | + | ||
- | </ | + | |
offline/wrccdc_pcaps.txt · Last modified: 2018/05/13 00:10 by veera