offline:defcon26ctf
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
offline:defcon26ctf [2018/11/12 22:57] – [Edge Graph Analytics] veera | offline:defcon26ctf [2018/11/12 23:00] (current) – [Port connections over time] veera | ||
---|---|---|---|
Line 78: | Line 78: | ||
Click on //Retro > Retro Counters// to view a Timeline showing traffic bandwidth. Here we see between 10 and 100Mbps spanning a 3-day period of the competition. From here you can select any timewindow and drill down into Counters. | Click on //Retro > Retro Counters// to view a Timeline showing traffic bandwidth. Here we see between 10 and 100Mbps spanning a 3-day period of the competition. From here you can select any timewindow and drill down into Counters. | ||
- | {{: | + | {{: |
Line 87: | Line 87: | ||
- | {{: | + | {{: |
Line 94: | Line 94: | ||
Click on // | Click on // | ||
- | {{: | + | {{: |
Line 103: | Line 103: | ||
The PCAP Totals dashboard is an excellent place to start off your analysis. On a single dashboard you can see the traffic details, number of unique host, apps, VLANS, TLS Certificates, | The PCAP Totals dashboard is an excellent place to start off your analysis. On a single dashboard you can see the traffic details, number of unique host, apps, VLANS, TLS Certificates, | ||
- | {{: | + | {{: |
==== Edge Graph Analytics ==== | ==== Edge Graph Analytics ==== | ||
Line 118: | Line 118: | ||
Select //Alerts > Show All > IDS// to show the IDS alert categories seen. You can then click on an alert to drill down further or pull up PCAPs. | Select //Alerts > Show All > IDS// to show the IDS alert categories seen. You can then click on an alert to drill down further or pull up PCAPs. | ||
- | {{: | + | {{: |
Line 125: | Line 125: | ||
Trisul lets you seamlessly pivot from any analysis point to PCAPs. You can pull down entire PCAP or use the super nifty "PCAP Headers" | Trisul lets you seamlessly pivot from any analysis point to PCAPs. You can pull down entire PCAP or use the super nifty "PCAP Headers" | ||
- | {{: | + | {{: |
Line 133: | Line 133: | ||
- | {{: | + | {{: |
Line 140: | Line 140: | ||
The last one here is quite interesting. Go to Retro Counters > Select the entire Time interval and then select " | The last one here is quite interesting. Go to Retro Counters > Select the entire Time interval and then select " | ||
- | {{: | + | {{: |
+ | |||
+ | ===== Conclusion===== | ||
Hope network analysis enthusiasts find this useful. | Hope network analysis enthusiasts find this useful. |
offline/defcon26ctf.1542043668.txt.gz · Last modified: 2018/11/12 22:57 by veera