[SANS ISC] The easy way to analyze huge amounts of PCAP data

I published the following diary on isc.sans.org: “The easy way to analyze huge amounts of PCAP data“.

When you are investigating a security incident, there are chances that, at a certain point, you will have to dive into network traffic analysis. If you’re lucky, you’ll have access to a network capture. Approximatively one year ago, I wrote a quick diary to explain how to implement a simple FPC or “Full Packet Capture” solution based on a Docker container. It’s nice to capture all the traffic in PCAP files but then? PCAP files are not convenient to process and they consume a lot of disk space (depending on the captured traffic of course)… [Read more]

 

[The post [SANS ISC] The easy way to analyze huge amounts of PCAP data has been first published on /dev/random]

Article Link: https://blog.rootshell.be/2017/09/28/sans-isc-easy-way-analyze-huge-amounts-pcap-data/