O slideshow foi denunciado.
Utilizamos seu perfil e dados de atividades no LinkedIn para personalizar e exibir anúncios mais relevantes. Altere suas preferências de anúncios quando desejar.

CapAnalysis - Deep Packet Inspection

CapAnalysis is a great tool that performs deep packet inspection and can easily be used for cyber investigations. This guide demonstrates it's capabilities and features. The advanced reporting and presentation features allows all audiences to understand the information being presented. The advanced filters also provides easy identification and analysis.

  • Entre para ver os comentários

  • Seja a primeira pessoa a gostar disto

CapAnalysis - Deep Packet Inspection

  1. 1. For wireless investigations User guide for capture analysis TCP & UDP Flows – deep packet inspection By Chris Harrington
  2. 2.  CapAnalysis runs in Linux OS (x32/x64) ◦ Debian based  Pcap viewer  Analyze TCP & UDP streams  Supports multiple datasets  Performs deep packet inspection  Reporting and presentation capabilities  Using Kali Linux running in VMware workstation for this guide
  3. 3.  Two packages need to be installed ◦ php5-sqlite ◦ php-mdb2-driver-pgsql Command: apt-get install php5-sqlite apt-get install php-mdb2-driver-pgsql  Restart apache service  Start CapAnalysis and Postgresql
  4. 4.  URL: localhost:9877
  5. 5.  Create a dataset for suspect’s case
  6. 6.  Example: SuspectX
  7. 7.  Add capture files to analyze
  8. 8.  Via browser
  9. 9.  Via netcat Command: cat <pcapfile> | nc ::1 30001
  10. 10.  Click on dataset name to enter analysis
  11. 11.  Powerful filters are available for quick analysis. Use them for refined analysis
  12. 12. Filter elements Filter files Filter IP/Ports Filter protocols Filter country Filter data size Filter date or time Filter elements Filter files Filter protocols Filter IP/Ports Filter country Filter data size Filter date or time
  13. 13.  Displays all UDP & TCP streams
  14. 14.  Displays protocols used in dataset flows ◦ by country or by data type
  15. 15.  Statistics overview of dataset ◦ Quickly identify key information
  16. 16.  Timeline view of distribution of data  Intervals can be set (minimum 5 minutes)
  17. 17.  Map view of flows, data received and sent ◦ Interactive map
  18. 18.  Displaying all source and destination IPs  clicking on an IP will give detailed overview of that IP
  19. 19.  Chart view of protocols identification from dataset Click here for different data types Mouse over
  20. 20.  Timeline display from dataset Remember to use filters
  21. 21.  Use advanced filters for refining analysis  Reporting and presentation capabilities ◦ Easy to understand for non technical stakeholders  Timelines  Dissecting TCP and UDP streams  Time saving  Cost effective  Geolocation of all connections  Upload datasets with NetCat (scripting possibilities?)
  22. 22.  My contact details  C.k.harrington@gmail.com

×