Analyze snort or pcap data from a public wifi hotspot, Computer Networking

The project idea is: Analyze Snort or PCAP data from a public WIFI hotspot (describe traffice seen and what it is, protocols, ports, etc).

This is what is expected. Initially runt the PCAP data into snort. Analyze the results (how many alerts, what type of alerts) Further analyze each alert (if alerts are redundant you don't have to reanalyze) to determine if it is a false positive or a real attack detected. If real why. List what resources you used to come up with that determination. Also to help with analysis you can send the same PCAP file to Netwitness to get another view...for instance what was the bad client doing 1-2 minutes BEFORE the alert went off? Is it related to the alert, can you map out a drive-by web attack for instance. Wireshark can also help in this space as SNORT will only tell you bad things...and not always the root CAUSE of the alert. Documenting the analysis and outcomes of alerts should reach the paper minimums...

Anyway I went to Starbucks and I captured PCAP data from their public WIFI by using Wireshark, so you will work on it. I have uploaded it.

Then, you need to use Backtrack 4 to analyze this data and you will get 12unique alerts (I am going to show how to do this).

First step after start backtrack is the following:

Go to start menu in backtrack, choose  Services , Snot then click on Setup and Initialise Snort 

2042_Analyze Snort or PCAP data from a Public WIFI Hotspot.png

Then The following window will appear.

Posted Date: 3/5/2013 8:25:10 AM | Location : United States







Related Discussions:- Analyze snort or pcap data from a public wifi hotspot, Assignment Help, Ask Question on Analyze snort or pcap data from a public wifi hotspot, Get Answer, Expert's Help, Analyze snort or pcap data from a public wifi hotspot Discussions

Write discussion on Analyze snort or pcap data from a public wifi hotspot
Your posts are moderated
Related Questions
Network Allocation Vector Timer which shows how much time must pass before a station is allowed to check the channel

Q. Define transport layer of osi model? - The transport layer regulates information flow to makes sure end-to-end connectivity between host applications reliably and accurately

An FDDI frame or Token Ring frames those points to serious problem with the ring, like a broken cable. The beacon frame carries the address of the station thought to be down.

differntiate between error control and flow control in data link layer

Overview Create a prototype web site for the "Computer Superstores" company. Your site should use effective navigation features and demonstrate good structure for  accessibility

Question: (a) Show by means of a diagram the Ethernet frame structure and describe the six fields of the Ethernet frame structure. (b) Explain the operation of the Carrier S

Q. Fiber-Optic Cable as transmission media? - Made of glass signals are transmit like light pulses from an LED or laser - Light is as well a form of electromagnetic energy

Computer Networking 1. Explain different network structures in use. 2. Elaborate the architecture and usage of ISDN. 3. Discuss the concept of framing in Data Link Layer

You have been asked to design a Banking Network with two primary types of locations.  Branches that will have 3 subnets, one /25 subnet one /26 subnet for ABMS and one /26 s

When we specifically block, single router update for other routers