The project idea is: Analyze Snort or PCAP data from a public WIFI hotspot (describe traffice seen and what it is, protocols, ports, etc).

This is what is expected. Initially runt the PCAP data into snort. Analyze the results (how many alerts, what type of alerts) Further analyze each alert (if alerts are redundant you don't have to reanalyze) to determine if it is a false positive or a real attack detected. If real why. List what resources you used to come up with that determination. Also to help with analysis you can send the same PCAP file to Netwitness to get another view...for instance what was the bad client doing 1-2 minutes BEFORE the alert went off? Is it related to the alert, can you map out a drive-by web attack for instance. Wireshark can also help in this space as SNORT will only tell you bad things...and not always the root CAUSE of the alert. Documenting the analysis and outcomes of alerts should reach the paper minimums...

Anyway I went to Starbucks and I captured PCAP data from their public WIFI by using Wireshark, so you will work on it. I have uploaded it.

Then, you need to use Backtrack 4 to analyze this data and you will get 12unique alerts (I am going to show how to do this).

First step after start backtrack is the following:

Go to start menu in backtrack, choose  Services , Snot then click on Setup and Initialise Snort 

Then The following window will appear.

Posted Date: 3/5/2013 8:25:10 AM | Location : United States

Ask an Expert

Related Discussions:- Analyze snort or pcap data from a public wifi hotspot, Assignment Help, Ask Question on Analyze snort or pcap data from a public wifi hotspot, Get Answer, Expert's Help, Analyze snort or pcap data from a public wifi hotspot Discussions

Write discussion on Analyze snort or pcap data from a public wifi hotspot
Your posts are moderated

Write your message here..

Related Questions

R-sat networks for pstn and stm v-sat network, S t d "B" 9 m C-BAND EARTH... S t d "B" 9 m C-BAND EARTH STATION (2001)   This  Earth  Station  is  aligned  with  INTEL  SAT  IOR  66°  and  provide domestic connectivity. R-Sat (Regional Satellite) i

Cidr presentation, Inside a device, every address mask is stored as a 32-bi... Inside a device, every address mask is stored as a 32-bit number. When we submit a prefix and an address mask they use a changed form of dotted decimal addressing known CIDR addres

Describe ethernet, Describe Ethernet. Ethernet is one of the well-liked... Describe Ethernet. Ethernet is one of the well-liked networking technologies used these days. It was developed during the early 1970s and is based on specifications as stated i

Determine 10base5 - thicknet, 10Base5 - Thicknet A rigid coaxial c... 10Base5 - Thicknet A rigid coaxial cable (RG-8) approx 0.4 in' thick used in the original Ethernet networks Bus topology LAN utilize base signalling with a maximum se

Steps to configure dhcp, Write the steps to configure DHCP? Write the steps to configure DHCP?

How does pptp express the data, how does PPTP express the data? how does PPTP express the data?

Determine the objectives of computer security, Determine the Objectives of ... Determine the Objectives of computer security Though computerisation helps a lot in proper organisation of experience, it also opens a Pandora's Box simultaneously. On one

Tcp segment structure - transport layer, TCP Segment Structure Figure ... TCP Segment Structure Figure shows the format of the TCP segment. The  header consists  of a 20 bytes  fixed  part  plus a variable size  options fields. The description  o

What are the compression protocols for ppp, The compression protocols for P... The compression protocols for PPP are:- A. Stac   B. Predictor

Categories of networks, Distance covered, Based on size, ownership and phys... Distance covered, Based on size, ownership and physical architecture - LAN (Local Area Network) - Suitable for smaller geographical area - MAN (Metropolitan Area Network) - S