Analyze snort or pcap data from a public wifi hotspot, Computer Networking

The project idea is: Analyze Snort or PCAP data from a public WIFI hotspot (describe traffice seen and what it is, protocols, ports, etc).

This is what is expected. Initially runt the PCAP data into snort. Analyze the results (how many alerts, what type of alerts) Further analyze each alert (if alerts are redundant you don't have to reanalyze) to determine if it is a false positive or a real attack detected. If real why. List what resources you used to come up with that determination. Also to help with analysis you can send the same PCAP file to Netwitness to get another view...for instance what was the bad client doing 1-2 minutes BEFORE the alert went off? Is it related to the alert, can you map out a drive-by web attack for instance. Wireshark can also help in this space as SNORT will only tell you bad things...and not always the root CAUSE of the alert. Documenting the analysis and outcomes of alerts should reach the paper minimums...

Anyway I went to Starbucks and I captured PCAP data from their public WIFI by using Wireshark, so you will work on it. I have uploaded it.

Then, you need to use Backtrack 4 to analyze this data and you will get 12unique alerts (I am going to show how to do this).

First step after start backtrack is the following:

Go to start menu in backtrack, choose  Services , Snot then click on Setup and Initialise Snort 

2042_Analyze Snort or PCAP data from a Public WIFI Hotspot.png

Then The following window will appear.

Posted Date: 3/5/2013 8:25:10 AM | Location : United States







Related Discussions:- Analyze snort or pcap data from a public wifi hotspot, Assignment Help, Ask Question on Analyze snort or pcap data from a public wifi hotspot, Get Answer, Expert's Help, Analyze snort or pcap data from a public wifi hotspot Discussions

Write discussion on Analyze snort or pcap data from a public wifi hotspot
Your posts are moderated
Related Questions
Give the solutions to the threats In order to implement solutions to the threats, it is advisable that the company should maintain proper password protected hardware. Wherever

Question Approximately what is the low frequency cut-off of the band-pass filter shown in the figure?

Explain the cost of a path between two nodes Given a network of nodes linked by bidirectional links, where every link has a cost associated with it in each direction, explain t

Multicast An identifier for a set of interfaces (typically belonging to dissimilar nodes). A packet sent to a multicast address is delivered to all interfaces identified by tha

Discuss about the Software in detail Software contain a number of components such as SQL Server for database connectivity, Systems Management Server for easy Web management,

Determine the use of Icon A small picture or graphic used to represent a location in the inter- or Intranet (for example a flow-chart graphic to take the user to the departm

The diagram below offers an overall view on the methods use by both the OSI and TCP/IP model. ISO Approach - Occasionally called Horizontal Approach - OSI asse

Serialized data is not generally sent at a uniform rate by a channel. Instead, there is usually a burst of regularly spaced binary data bits followed by a pause, after which the da

Question: (a) Distinguish between Flow Control and Congestion Control. (b) Explain clearly how a URL is resolved by a computer. (c) List one application that uses TCP