Questions tagged [pcap]
5 questions
5
votes
2 answers
How to recognize Tor traffic
Having a PCAP file with Tor traffic, is there a way fast enough to recognize if any of the packets are part of Tor traffic/sessions?
Some tools speak about "protocol identification via statistical analysis", but I'm wondering if there are any…
CDominik
- 157
- 2
- 6
2
votes
1 answer
What is the best way to create a PCAP file containing malicious traffic?
I'm in my last year of university and for my honour's project I am tasked with comparing two intrusion detection systems, snort and suricata, hosted on a virtual machine on my PC.
As I have no access to networking devices such as switches etc, I was…
Conor
- 21
- 2
1
vote
1 answer
SIEM-like tool for pcaps
Is there any tool that accepts a packet capture file as input and displays all the network traffic in a similar way to how a SIEM displays log information? I'm looking for a summary of the ports and IPs to get a good overview of a packet capture.
john doe
- 648
- 4
- 15
0
votes
1 answer
Application ip control
My goal is to analyze the traffic of an Android application, to check if it contacts any unofficial IPs.
Using PCAPRemote I created a connection log file and transferred it to the PC, where I am analyzing it with WireShark.
My problem is that there…
Momoa
- 1
- 1
0
votes
0 answers
Snort does not detect attacks when running in offline mode
When I run Snort on a pcap file (that contains malicious traffic), it does not detect anything.
I uncommented the rules path in Step #7 at snort.conf. Nothing is changed.
How to let Snort detect attacks from test.pcap and generate a log file?
I used…
Mimi
- 1
- 1