You've all heard of the great Malware PCAPs made public by Malware Traffic Analysis.NET Here is a short recipe that explains how you can use the TrisulNSM Docker Image to setup an analysis platform.

Host : Ubuntu 16.04 LTS on Amazon

First install docker and start it

sudo apt update sudo apt install docker.io sudo systemctl start docker

Next Run the trisulnsm/trisul6 image available on DockerHub - Notice that we are not starting a live capture, because we intend to read the PCAPs

sudo docker run –name=trisul1a –net=host \

1. v /opt/trisul6_root:/trisulroot \
   1. d trisulnsm/trisul6