====== Analysis of popular PCAP dumps  ======

Using Trisul NSM to analyze popular PCAP (Packet Capture) dumps made publicly available.

===== Merge PCAPs =====

[[pcaps:ixmgtool|Using the ''trisul_ixmgtool'' to squish many thin PCAPs into a single thick PCAP file]]


===== DEFCON 26 PCAP Dump =====

[[offline:defcon26ctf|Processing the  DEFCON26 CTF Competition PCAP dump]].  This article explains how you can use the free //trisulnsm/trisul6// docker image to process the 50GB+ PCAP and to view the results. 

Credits : [[https://www.defcon.org/html/links/dc-ctf.html|DEFCON 26 CTF Competition]] Thanks to the good folks at DEFCON26 for making the PCAP public. 

===== Offline analysis with the WRCCDC PCAP dump =====

In this three part series, we explain techniques and show how to analyze the [[https://archive.wrccdc.org/|2018 WRCCDC PCAP]] dump using TrisulNSM. We appreciate the kind folks at WRCCDC for making this publicly accessible. 

[[offline:wrccdc_pcaps|Part 1: Strategy to analyze large PCAP dumps without getting overwhelmed]]

[[offline:wrccdc_pcaps_trisulnsm|Part 2: How to use the free TrisulNSM Docker image to process the PCAPs]]

[[offline:wrccdc_pcaps_results|Part 3: Screenshots and vids showing some of the results and techniques]]