The project idea is: Analyze Snort or PCAP data from a public WIFI hotspot (describe traffice seen and what it is, protocols, ports, etc).

This is what is expected. Initially runt the PCAP data into snort. Analyze the results (how many alerts, what type of alerts) Further analyze each alert (if alerts are redundant you don't have to reanalyze) to determine if it is a false positive or a real attack detected. If real why. List what resources you used to come up with that determination. Also to help with analysis you can send the same PCAP file to Netwitness to get another view...for instance what was the bad client doing 1-2 minutes BEFORE the alert went off? Is it related to the alert, can you map out a drive-by web attack for instance. Wireshark can also help in this space as SNORT will only tell you bad things...and not always the root CAUSE of the alert. Documenting the analysis and outcomes of alerts should reach the paper minimums...

Anyway I went to Starbucks and I captured PCAP data from their public WIFI by using Wireshark, so you will work on it. I have uploaded it.

Then, you need to use Backtrack 4 to analyze this data and you will get 12unique alerts (I am going to show how to do this).

First step after start backtrack is the following:

Go to start menu in backtrack, choose  Services , Snot then click on Setup and Initialise Snort 

Then The following window will appear.

Posted Date: 3/5/2013 8:25:10 AM | Location : United States

Ask an Expert

Related Discussions:- Analyze snort or pcap data from a public wifi hotspot, Assignment Help, Ask Question on Analyze snort or pcap data from a public wifi hotspot, Get Answer, Expert's Help, Analyze snort or pcap data from a public wifi hotspot Discussions

Write discussion on Analyze snort or pcap data from a public wifi hotspot
Your posts are moderated

Write your message here..

Related Questions

Explain about bandwidth – delay product, Q. Explain about Bandwidth – delay... Q. Explain about Bandwidth – delay product? Bandwidth - delay product - A measure of competence of ARQ system = bandwidth (bits per second) * round-trip delay (in seco

What is feasibility condition (fc), What is Feasibility condition (FC)? What is Feasibility condition (FC)?

Identify the purpose of the dlci, DLCI stands for Data Link Connection Iden... DLCI stands for Data Link Connection Identifier. It identifies the local PVC.

Describe flow and error control mechanisms, Q. Describe Flow and Error Cont... Q. Describe Flow and Error Control Mechanisms? Flow and Error Control Mechanisms - Stop and Wait ARQ - Go-Back ARQ - Selective Repeat ARQ

frames along with the rtp, For VOIP, first you need to consider the codec ... For VOIP, first you need to consider the codec to use. Although there are many voice codecs, MyCo wants the safest bet and suggests that you design with the most known and oldest c

Explain the building blocks of client/server, The client side building bloc... The client side building block moves towards the client side of the application. The server side building block moves towards the server side of the application.

Network infrastructure upgrade, Network Infrastructure: This project will r... Network Infrastructure: This project will require replacement of major networking components throughout the office. Virtualization will result in increased speed and reliability fo

Show the crc-performance, Q. Show the CRC-Performance ? CRC-Performanc... Q. Show the CRC-Performance ? CRC-Performance CRC is able to detect all burst errors that affect an odd number of bits CRC is able to detect all burst errors of

Set up to use pvm run and complie, PVM uses two environment variables when ... PVM uses two environment variables when starting and running. Every PVM user needs to set these two variables to use PVM. The initial variable is PVM_ROOT, which is set to the loca

Authentication mechanism in vpn, What are the dissimilar ways authenticatio... What are the dissimilar ways authentication mechanism in VPN?