Analyze snort or pcap data from a public wifi hotspot, Computer Networking

The project idea is: Analyze Snort or PCAP data from a public WIFI hotspot (describe traffice seen and what it is, protocols, ports, etc).

This is what is expected. Initially runt the PCAP data into snort. Analyze the results (how many alerts, what type of alerts) Further analyze each alert (if alerts are redundant you don't have to reanalyze) to determine if it is a false positive or a real attack detected. If real why. List what resources you used to come up with that determination. Also to help with analysis you can send the same PCAP file to Netwitness to get another view...for instance what was the bad client doing 1-2 minutes BEFORE the alert went off? Is it related to the alert, can you map out a drive-by web attack for instance. Wireshark can also help in this space as SNORT will only tell you bad things...and not always the root CAUSE of the alert. Documenting the analysis and outcomes of alerts should reach the paper minimums...

Anyway I went to Starbucks and I captured PCAP data from their public WIFI by using Wireshark, so you will work on it. I have uploaded it.

Then, you need to use Backtrack 4 to analyze this data and you will get 12unique alerts (I am going to show how to do this).

First step after start backtrack is the following:

Go to start menu in backtrack, choose  Services , Snot then click on Setup and Initialise Snort 

2042_Analyze Snort or PCAP data from a Public WIFI Hotspot.png

Then The following window will appear.

Posted Date: 3/5/2013 8:25:10 AM | Location : United States







Related Discussions:- Analyze snort or pcap data from a public wifi hotspot, Assignment Help, Ask Question on Analyze snort or pcap data from a public wifi hotspot, Get Answer, Expert's Help, Analyze snort or pcap data from a public wifi hotspot Discussions

Write discussion on Analyze snort or pcap data from a public wifi hotspot
Your posts are moderated
Related Questions

Networking Concepts Q1  What are the main features of TCP connections? Why is it said that TCP provides full-duplex service? Q2  What are the differences between TCP conne

Processor Arrangements It is a very frequent event in data parallel programming to group a number of processors to perform definite tasks. To reach this goal, HPF gives a direc

(i)  Suppose N stations are connected to an extended Ethernet LAN, as shown below shown in Figure operating at the rate of 10 Mbps. Assume that the efficiency of each Ethernet is 8

a)  Assume that the time required to transmit one packet (i.e. the packet length divided by link data rate) is 10ms and the Round Trip Time (from Source to Destination and back) is

Question 1: Describe the following terms in your own words: a. Internet b. WWW c. Intranet

Write the definition of SAN A SAN is a separate network to handle storage requirements. The SAN detaches storage tasks from specific servers and makes a shared storage facility

Torus The mesh network with enclose around connections is called Tours Network.

Q. What is Boundary Level Masking? If mask numbers are either 255 or 0: Bytes in the IP address that correspond to 255 in the mask will be repeated in the subnet ma

Explain about star topology This topology, obviously, needs a great deal of cabling. This design gives an excellent platform for reconfiguration and trouble-shooting. Changes t