Analyze snort or pcap data from a public wifi hotspot, Computer Networking

The project idea is: Analyze Snort or PCAP data from a public WIFI hotspot (describe traffice seen and what it is, protocols, ports, etc).

This is what is expected. Initially runt the PCAP data into snort. Analyze the results (how many alerts, what type of alerts) Further analyze each alert (if alerts are redundant you don't have to reanalyze) to determine if it is a false positive or a real attack detected. If real why. List what resources you used to come up with that determination. Also to help with analysis you can send the same PCAP file to Netwitness to get another view...for instance what was the bad client doing 1-2 minutes BEFORE the alert went off? Is it related to the alert, can you map out a drive-by web attack for instance. Wireshark can also help in this space as SNORT will only tell you bad things...and not always the root CAUSE of the alert. Documenting the analysis and outcomes of alerts should reach the paper minimums...

Anyway I went to Starbucks and I captured PCAP data from their public WIFI by using Wireshark, so you will work on it. I have uploaded it.

Then, you need to use Backtrack 4 to analyze this data and you will get 12unique alerts (I am going to show how to do this).

First step after start backtrack is the following:

Go to start menu in backtrack, choose  Services , Snot then click on Setup and Initialise Snort 

2042_Analyze Snort or PCAP data from a Public WIFI Hotspot.png

Then The following window will appear.

Posted Date: 3/5/2013 8:25:10 AM | Location : United States







Related Discussions:- Analyze snort or pcap data from a public wifi hotspot, Assignment Help, Ask Question on Analyze snort or pcap data from a public wifi hotspot, Get Answer, Expert's Help, Analyze snort or pcap data from a public wifi hotspot Discussions

Write discussion on Analyze snort or pcap data from a public wifi hotspot
Your posts are moderated
Related Questions
Speed Up:- Speed up is the ratio of the time required to implement a given program using a definite algorithm on a machine with one processor (i.e. T (1) (where n=1)) to the ti

Operating System - Server and Client Various operating systems that support Intranets are all variants of Windows and Unix. In addition to these, certain other software releva

Q Illustrate Return to Zero encoding? - In NRZ-I long strings of 0s may still be a problem - May comprise synchronization as part of the signal for both 1s and 0s - How?

OSI Reference  Model Normal 0 false false false EN-IN X-NONE X-NONE

What is the command to copy the IOS image to a TFTP server? Ans) Copy flash tftp

State the statements about PPP and SLIP for WAN communications?  Ans)    a) PPP uses its Network Control Programs (NCPs) component to encapsulate many protocols.  b) SLIP

PING - Packet Internet Gopher A utility that shows connections to one or more remote hosts. The ping command uses the ICMP echo request and echo reply packets to verify whether

Question: Wireless Access points have been known to have various security vulnerabilities that can lead to breach of Secured wired networks. IEEE 802.11 standards have identifi

Example of transport layer are:- a) TCP is connection oriented. b) UDP is connectionless

Parallel Computer Architecture The two key parametric concerns in designing parallel computer architecture are: 1) executing many numbers of instructions concurrently, and