New (IN)SECURE Magazine Features Bejtlich Article

The latest (IN)SECURE magazine was just published. Issue 1.4 features a 7-page article on Structured Traffic Analysis, a methodology to investigate network traces I developed for my Network Security Operations class.

It uses open source tools to perform zero-knowledge analysis of saved traffic. After reading this article, you may share the sentiments of a student in one of my recent classes who said "I’m embarrassed I ever used Ethereal to start network analysis!"

Comments

John Ward said…
Awsome article Rich. This expands on the topics and tools you discuss in your NSM book. Statistical data is always something I tend to overlook and go straight for the content data, but as you point out in NSM, you don't always have content data available. But great article, I will have to try out Argus.
Anonymous said…
Very good article, can't wait to test out this method in a live scenario.

Although, you have to tell me what kind of compression tool you were using to fit a 2GB capture file on to a CD! ; )
Urgh, that should have been a DVD. Oh well!
John Ward said…
I thought it was compressed. I routinely get database archives that are pretty large (in the excess of 20 - 40 Gb) that are compressed to less than a gig. I didn’t really question it...

Popular posts from this blog

Zeek in Action Videos

New Book! The Best of TaoSecurity Blog, Volume 4

MITRE ATT&CK Tactics Are Not Tactics