Analyze snort or pcap data from a public wifi hotspot, Computer Networking

The project idea is: Analyze Snort or PCAP data from a public WIFI hotspot (describe traffice seen and what it is, protocols, ports, etc).

This is what is expected. Initially runt the PCAP data into snort. Analyze the results (how many alerts, what type of alerts) Further analyze each alert (if alerts are redundant you don't have to reanalyze) to determine if it is a false positive or a real attack detected. If real why. List what resources you used to come up with that determination. Also to help with analysis you can send the same PCAP file to Netwitness to get another view...for instance what was the bad client doing 1-2 minutes BEFORE the alert went off? Is it related to the alert, can you map out a drive-by web attack for instance. Wireshark can also help in this space as SNORT will only tell you bad things...and not always the root CAUSE of the alert. Documenting the analysis and outcomes of alerts should reach the paper minimums...

Anyway I went to Starbucks and I captured PCAP data from their public WIFI by using Wireshark, so you will work on it. I have uploaded it.

Then, you need to use Backtrack 4 to analyze this data and you will get 12unique alerts (I am going to show how to do this).

First step after start backtrack is the following:

Go to start menu in backtrack, choose  Services , Snot then click on Setup and Initialise Snort 

2042_Analyze Snort or PCAP data from a Public WIFI Hotspot.png

Then The following window will appear.

Posted Date: 3/5/2013 8:25:10 AM | Location : United States

Related Discussions:- Analyze snort or pcap data from a public wifi hotspot, Assignment Help, Ask Question on Analyze snort or pcap data from a public wifi hotspot, Get Answer, Expert's Help, Analyze snort or pcap data from a public wifi hotspot Discussions

Write discussion on Analyze snort or pcap data from a public wifi hotspot
Your posts are moderated
Related Questions
As in PRAM, there was no direct communication medium among the processors, therefore another model called as interconnection networks have been designed. In the interconnection net

What is OLTP? In the transaction server, the client component usually contains GUI and the server components usually having of SQL transactions against a database. These applic

Vector-Distance algorithm illustrated in more detail below: Packet switches wait for next update message and they goes by entries in packet. If entry has least path to destinat

This new model of Client/Server having of thin, portable, "universal" clients that talks to superfast servers. In the simple form, a web server returns documents when clients ask f

Control Frames for Lost Tokens If station goes down ... token lost Predecessor listens for data frame or token Noticing none, retransmits token Sends whofoll

Question 1 List 10 common ActiveX controls Question 2 Discuss Network Interface using any OS Question 3 Explain BGP components and its working Question 4 G

What are the benefits of Intranet applications The benefits of successful Intranet applications can be enumerated as follows: Cheaper: Use of client browsers with one

Q. Describe Differential Manchester? - Inversion at middle of bit interval is utilized for synchronization - Presence or else absence of additional transition at beginning o

Unguided Media: Wireless - A Wireless communication transporting electromagnetic waves without a physical conductor Wireless Propagation Methods - Ground - radio

Hardware requirement for an intranet To setup a WAN, one would need to have some type of communication between different sites. National ISDN, Very Small Aperture Terminal (VSA