Analyze snort or pcap data from a public wifi hotspot, Computer Networking

The project idea is: Analyze Snort or PCAP data from a public WIFI hotspot (describe traffice seen and what it is, protocols, ports, etc).

This is what is expected. Initially runt the PCAP data into snort. Analyze the results (how many alerts, what type of alerts) Further analyze each alert (if alerts are redundant you don't have to reanalyze) to determine if it is a false positive or a real attack detected. If real why. List what resources you used to come up with that determination. Also to help with analysis you can send the same PCAP file to Netwitness to get another view...for instance what was the bad client doing 1-2 minutes BEFORE the alert went off? Is it related to the alert, can you map out a drive-by web attack for instance. Wireshark can also help in this space as SNORT will only tell you bad things...and not always the root CAUSE of the alert. Documenting the analysis and outcomes of alerts should reach the paper minimums...

Anyway I went to Starbucks and I captured PCAP data from their public WIFI by using Wireshark, so you will work on it. I have uploaded it.

Then, you need to use Backtrack 4 to analyze this data and you will get 12unique alerts (I am going to show how to do this).

First step after start backtrack is the following:

Go to start menu in backtrack, choose  Services , Snot then click on Setup and Initialise Snort 

2042_Analyze Snort or PCAP data from a Public WIFI Hotspot.png

Then The following window will appear.

Posted Date: 3/5/2013 8:25:10 AM | Location : United States







Related Discussions:- Analyze snort or pcap data from a public wifi hotspot, Assignment Help, Ask Question on Analyze snort or pcap data from a public wifi hotspot, Get Answer, Expert's Help, Analyze snort or pcap data from a public wifi hotspot Discussions

Write discussion on Analyze snort or pcap data from a public wifi hotspot
Your posts are moderated
Related Questions
I have a research in this topic " Mitigating DoS Attacks against Broadcast Authentication in Wireless Sensor Networks " with simulation

FDDI Media Access Control Unlike CSMA/CD networks such like Ethernet token-passing networks are deterministic--you are able to calculate the maximum time that will pass before

Gigabit Ethernet Data rate of 1000 Mbps or else 1 Gbps Typically implemented as full-duplex with no CSMA/CD 1000Base-X utilizes long-wave optical fiber (1000Base-

Explain about the Browser A program that allows the user to access and read information on the World Wide Web. Netscape® Navigator and Microsoft Explorer® are the best known

Which command saves the configuration stored in RAM to NVRAM Ans) copy running-config startup-config is the command which saves the configuration stored in RAM to NVRAM

a. If a password to a cipher is exactly 8 characters long, and each character can be selected from [0-9], [a-z], and [A-Z], how many different passwords are possible? b. Suppose

Multiplexing Multiplexing is the set of techniques that allows simultaneous transmission of multiple signals across a single  data like. It  is methods  for efficient utiliza

Determine about unique least-cost path If there is a unique least-cost path, the two algorithms will yield the similar result because they are both guaranteed to search the lea

1) The school has implemented a pilot MPLS VPN which is being evaluated to replace the Bell South Frame Relay solution that provides connectivity to the Bascom Palmer Eye-Institute

Question 1 What is bandwidth?                         >>What is the bandwidth of                            a) Telephone signal                            b) Commercial radio broa