Using Trisul NSM to analyze popular PCAP (Packet Capture) dumps made publicly available.
Processing the DEFCON26 CTF Competition PCAP dump. This article explains how you can use the free trisulnsm/trisul6 docker image to process the 50GB+ PCAP and to view the results.
Credits : DEFCON 26 CTF Competition Thanks to the good folks at DEFCON26 for making the PCAP public.
In this three part series, we explain techniques and show how to analyze the 2018 WRCCDC PCAP dump using TrisulNSM. We appreciate the kind folks at WRCCDC for making this publicly accessible.
Part 1: Strategy to analyze large PCAP dumps without getting overwhelmed
Part 2: How to use the free TrisulNSM Docker image to process the PCAPs
Part 3: Screenshots and vids showing some of the results and techniques