The latest (IN)SECURE magazine was just published. Issue 1.4 features a 7-page article on Structured Traffic Analysis, a methodology to investigate network traces I developed for my Network Security Operations class.
It uses open source tools to perform zero-knowledge analysis of saved traffic. After reading this article, you may share the sentiments of a student in one of my recent classes who said "I’m embarrassed I ever used Ethereal to start network analysis!"
Subscribe to:
Post Comments (Atom)
4 comments:
Awsome article Rich. This expands on the topics and tools you discuss in your NSM book. Statistical data is always something I tend to overlook and go straight for the content data, but as you point out in NSM, you don't always have content data available. But great article, I will have to try out Argus.
Very good article, can't wait to test out this method in a live scenario.
Although, you have to tell me what kind of compression tool you were using to fit a 2GB capture file on to a CD! ; )
Urgh, that should have been a DVD. Oh well!
I thought it was compressed. I routinely get database archives that are pretty large (in the excess of 20 - 40 Gb) that are compressed to less than a gig. I didn’t really question it...
Post a Comment