Analyze snort or pcap data from a public wifi hotspot, Computer Networking

Assignment Help:

The project idea is: Analyze Snort or PCAP data from a public WIFI hotspot (describe traffice seen and what it is, protocols, ports, etc).

This is what is expected. Initially runt the PCAP data into snort. Analyze the results (how many alerts, what type of alerts) Further analyze each alert (if alerts are redundant you don't have to reanalyze) to determine if it is a false positive or a real attack detected. If real why. List what resources you used to come up with that determination. Also to help with analysis you can send the same PCAP file to Netwitness to get another view...for instance what was the bad client doing 1-2 minutes BEFORE the alert went off? Is it related to the alert, can you map out a drive-by web attack for instance. Wireshark can also help in this space as SNORT will only tell you bad things...and not always the root CAUSE of the alert. Documenting the analysis and outcomes of alerts should reach the paper minimums...

Anyway I went to Starbucks and I captured PCAP data from their public WIFI by using Wireshark, so you will work on it. I have uploaded it.

Then, you need to use Backtrack 4 to analyze this data and you will get 12unique alerts (I am going to show how to do this).

First step after start backtrack is the following:

Go to start menu in backtrack, choose  Services , Snot then click on Setup and Initialise Snort 

2042_Analyze Snort or PCAP data from a Public WIFI Hotspot.png

Then The following window will appear.


Related Discussions:- Analyze snort or pcap data from a public wifi hotspot

What is the full form of FDM and TDM, What is the full form of FDM and TDM ...

What is the full form of FDM and TDM It is both. Each of the 100 channels is possess its own frequency band (FDM), and on every channel two logical streams are intermixed by th

Telecoms, What is a Multiplexor

What is a Multiplexor

The transport layer - fundamentals of networks, The transport Layer Co...

The transport Layer Communication  between  computers is handled by the transport layer which  is comprised of transmission control  protocol (TCP) and the users  datagram pro

Explain about the middleware support, Explain about the Middleware support ...

Explain about the Middleware support All the connectivity interface related tools come under the category of middleware. Middleware provides the link for data exchange between

Why we use numbering frames, Q. Why we use numbering frames? Why numbe...

Q. Why we use numbering frames? Why numbering frames? Stop--and-wait ARQ, 1. Numbering Frames prevents the retaining of duplicate frames.. 2. Numbered acknowled

Show vpns security and the internet model, Q. Show VPNs Security and the In...

Q. Show VPNs Security and the Internet Model? - VPN's Security and the Internet Model - Application layer - provide for each application protocol (other layers may be left v

Cipher password guess-cryptography, a. If a password to a cipher is exactly...

a. If a password to a cipher is exactly 8 characters long, and each character can be selected from [0-9], [a-z], and [A-Z], how many different passwords are possible? b. Suppose

what is sad, In IPSec what is SAD, SPD and SA's

In IPSec what is SAD, SPD and SA's?

Determine about unique least-cost path, Determine about unique least-cost p...

Determine about unique least-cost path If there is a unique least-cost path, the two algorithms will yield the similar result because they are both guaranteed to search the lea

Write Your Message!

Captcha
Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd