Analyze snort or pcap data from a public wifi hotspot, Computer Networking

Assignment Help:

The project idea is: Analyze Snort or PCAP data from a public WIFI hotspot (describe traffice seen and what it is, protocols, ports, etc).

This is what is expected. Initially runt the PCAP data into snort. Analyze the results (how many alerts, what type of alerts) Further analyze each alert (if alerts are redundant you don't have to reanalyze) to determine if it is a false positive or a real attack detected. If real why. List what resources you used to come up with that determination. Also to help with analysis you can send the same PCAP file to Netwitness to get another view...for instance what was the bad client doing 1-2 minutes BEFORE the alert went off? Is it related to the alert, can you map out a drive-by web attack for instance. Wireshark can also help in this space as SNORT will only tell you bad things...and not always the root CAUSE of the alert. Documenting the analysis and outcomes of alerts should reach the paper minimums...

Anyway I went to Starbucks and I captured PCAP data from their public WIFI by using Wireshark, so you will work on it. I have uploaded it.

Then, you need to use Backtrack 4 to analyze this data and you will get 12unique alerts (I am going to show how to do this).

First step after start backtrack is the following:

Go to start menu in backtrack, choose  Services , Snot then click on Setup and Initialise Snort 

2042_Analyze Snort or PCAP data from a Public WIFI Hotspot.png

Then The following window will appear.


Related Discussions:- Analyze snort or pcap data from a public wifi hotspot

Explain about twisted-pair cable, Q. Explain about Twisted-Pair Cable? ...

Q. Explain about Twisted-Pair Cable? - Two conductors surrounded by insulating material - One wire utilize to carry signals and other used as a ground reference - Twistin

Transport protocols - udp and tcp, Most real-life applications are built on...

Most real-life applications are built on top of the UDP and TCP transport protocols. UDP, which stands for User Datagram Protocol, provides the capability of delivering individual

the default settings of ipx delay number, The "ipx delay number" command w...

The "ipx delay number" command will permit an administrator to alter the default settings. Explain the default settings? Ans) For LAN interfaces, one tick; for WAN interfaces, s

Determine the switch in a physical ring, Switch In a physical ring ...

Switch In a physical ring configuration any disabled or else disconnected node can disable the entire network Use of a switch can permit the ring to bypass an inactive

What are the features of star and ring topology, What are the features of s...

What are the features of star and ring topology The three networks have following features: star: best case is = 2, average case is = 2, worst case is = 2 ring: best case

Describe the tcp/ip reference model, Computer Networks 1. Differentiate...

Computer Networks 1. Differentiate WAN and LAN. 2. Describe the TCP/IP Reference Model with diagram. 3. Explain Circuit switching and message switching. 4. List the fu

What is clipper, Clipper is a compiler that was well recognized at the time...

Clipper is a compiler that was well recognized at the time of80's and early times of 90's. We can build DOS based applications (even large applications too) using clipper. There is

Write Your Message!

Captcha
Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd