Go with the flow

•

0 gostou•657 visualizações

Using Netflow Analysis for forensic investigations

@Rathaur_Kamal

 Infosec Enthusiast
 Incident Response/Digital Forensics Analyst
 Speaker/Volunteer at Null and OWASP
chapters
 AM – IT Security (Just a position, for the
records) 
 Travelling, Trekking, Infosec brainstorming
 GCFA Certified, SANS Lethal Forensicator
Award

 A series of packets on a network that have common attributes
 Just metadata – No contents
 Much like a phone bill – You know, who called who but not
what was said
 Is not a replacement for full packet capture

 Exporter – Uses UDP (Standard port 2055) for sending
packets to Collectors
 Collectors – Positioning is the key
 Storage – Understand the requirements and the size of
storage based on the need
 Analysis Console – usually a thin client – browser
based. Performance hungry

 Identify the critical data
 Understand the network diagram
 Identify choke and critical nodes
 Identify critical datacenters
 Plan Netflow exporters and packet capture
points
 Confirm legal and regulatory compliance
 Security teams may prefer to use their own
Netflow server and storage solution

nfcapd - netflow capture daemon
nfdump - netflow dump
nfprofile - netflow profiler
nfreplay - netflow replay
nfclean.pl - cleanup old data
ft2nfdump - optional binary

 A set of tools to collect and process netflow data
 Supports netflow versions v1, v5, v7, v9 and IPFIX
 Fully IPv6 compatible
 Stores netflow data in time sliced files – rotates typically every
5 minutes i.e. 288 files per day in nfcapd.YYYYMmddhhmm
format
 Command line based tool compatible to tcpdump
 Top N statistics for packets, bytes, IP addresses, ports…
Date flow start Duration Proto Src IP Addr:Port Dst IP Addr:Port Packets Bytes Flows
2005-08-30 06:59:52.338 0.001 UDP 36.249.80.226:3040 -> 92.98.219.116:1434 1 404 1

Demo Time

 Understand the netflow basics
 Netflow Analysis with open source tools
 Ideas for setting up test lab
 Testing and Deployment in VM
 Replicate to Production environment

Thank You!

Mais conteúdo relacionado

Mais procurados

Berkeley Packet Filter is an old friend for most people that deal with network under Linux. But its extended version eBPF is completely redefining the scope of usage and interaction with the kernel. It can indeed be used to instrument most parts of the kernel. This goes from network tracing to process or I/O monitoring. This talk will provide an overview of eBPF, from concept to tools like BCC. It will then focus on XDP for eXtreme Data Path and the possible applications in term of networking provided by this new framework. Eric Leblond, Stamus Network

Kernel Recipes 2017 - EBPF and XDP - Eric Leblond

Kernel Recipes 2017 - EBPF and XDP - Eric Leblond

Kernel Recipes 2017 - EBPF and XDP - Eric Leblond

File carving is the name of the technique of pulling files out of a stream of bytes without the use of a particular file system; much like finding a word in a word search puzzle. Network based file carving is used to extract files from saved network traffic data that has been collected from tools such as Wireshark or TCPdump. This is useful for extracting viruses to be analyzed, identifying exfiltration, and forensic investigations. GTKlondike (Twitter: @GTKlondike) GTKlondike is a hacker/independent security researcher who has a passion for network security, both attack and defense. He has several years experience working in the industry as an network infrastructure and security consultant mainly dealing with switching, routing, firewalls, and servers. Currently attending graduate school, he is constantly studying and learning new techniques to better defend or bypass network security mechanisms.

Network based file carving

Network based file carving

Network based file carving

Dpdk – IoT packet analyzer

Dpdk – IoT packet analyzer

Dpdk – IoT packet analyzer

While XDP is less complex to offload than other forms of kernel functionality due to the fact that it sits at the bottom of the stack, there are a number of items that lead to complexity when dealing with XDP offload. This talk will explore some of the ideas around how to implement these concepts as well as share some of the results we have seen while implementing offload on a 32 bit architecture.

Comprehensive XDP Off‌load-handling the Edge Cases

Comprehensive XDP Off‌load-handling the Edge Cases

Comprehensive XDP Off‌load-handling the Edge Cases

Forensic Analysis - Empower Tech Days 2013

Forensic Analysis - Empower Tech Days 2013

Forensic Analysis - Empower Tech Days 2013

Islam Azeddine Mennouchi

LF_DPDK17_DPDK support for new hardware offloads

LF_DPDK17_DPDK support for new hardware offloads

LF_DPDK17_DPDK support for new hardware offloads

Compiling P4 to XDP, IOVISOR Summit 2017

Compiling P4 to XDP, IOVISOR Summit 2017

Compiling P4 to XDP, IOVISOR Summit 2017

Cheng-Chun William Tu

Telco junho cost-effective approach for telco network analysis in 5_g_final

Telco junho cost-effective approach for telco network analysis in 5_g_final

Telco junho cost-effective approach for telco network analysis in 5_g_final

Group meeting: TaintPipe - Pipelined Symbolic Taint Analysis

Group meeting: TaintPipe - Pipelined Symbolic Taint Analysis

Group meeting: TaintPipe - Pipelined Symbolic Taint Analysis

In this talk we discuss the mechanisms of utilizing the eBPF language to perform hardware accelerated network packet manipulation and filtering. P4 programs can be compiled into eBPF scripts for offload in the Linux kernel using the Traffic Classifier (TC) subsystem. We demonstrate how, using eBPF as an intermediate language, it has been possible to extend the TC to either Just In Time (JIT) compile eBPF code to x86 assembler for software offload or to IXP byte code for execution in a trusted hardware environment within the Netronome Agilio intelligent server adapter. We finish by encouraging the audience to experiment with their own eBPF applications within the TC hardware accelerated system. The TC kernel patches are available on the Linux Kernel Networking mailing list as a Request For Comment (RFC) contribution. Dinan Gunawardena, Director, Software Engineering, Netronome Dinan Gunawardena is a Software Director focusing on running the driver team at Netronome. Previously, Dinan founded a software startup and was a Senior Research Engineer within the Operating Systems and Networking Group at Microsoft Research for 12 years, shipping technology in several versions of Microsoft Windows and the Bing Search Engine. Dinan has received over 20 patents and is a Chartered Software Engineer. Dinan has a Masters in Computer Science from University of Cambridge and a M.B.A. from WBS. Jakub Kicinski, Software Engineering, Netronome Jakub Kicinski is a Software Engineer specializing in the Linux Kernel drivers for Netronome SmartNICs. Jakub has previously worked as an intern for Intel Corporation. Jakub is also a researcher with expertise in Linux kernel. Experience in application development on complex multi-CPU and FPGA platforms. He is interested in high-performance software exploiting hardware capabilities and is passionate about networking. Jakub has a Masters in Computer Science from Gdansk University of Technology.

P4, EPBF, and Linux TC Offload

P4, EPBF, and Linux TC Offload

P4, EPBF, and Linux TC Offload

Network measurement has been playing a crucial role in network operations since it cannot only detect the anomalies, but also facilitate traffic engineering. With the recent development of P4 language, network measurement is one of the data plane applications that can benefit from the programmability enabled by P4. However, P4 does not support general purpose language structures such as for-loop, and the if-statement can only be used in its control block, and it has only a limited set of primitive actions. Hence, the current P4 has its limitations to support complicated measurement functions. In this webinar, we implement and evaluate the Count-Min sketch (used for heavy hitter detection) using the combination of P4 and C on a Netronome NFP NIC. We plan to demonstrate the flexibility and performance of the design and the C plug-in feature of Netronome NFP.

Network Measurement with P4 and C on Netronome Agilio

Network Measurement with P4 and C on Netronome Agilio

Network Measurement with P4 and C on Netronome Agilio

Robinhood is democratizing the financial systems by offering commission-free investing and trading with the use of your phone or desktop. As exciting as that sounds to the outside world, internally, the team at Robinhood must understand the different risk vectors and build engineering solutions to mitigate these risks. In this talk, Allison will talk about how they build a real-time risk monitoring system with InfluxDB and Faust, an open-source Python stream processing library. She will review the architecture behind the system which will involve both the time series anomaly detection part (InfluxDB) and the real-time stream processing part (Faust/Kafka).

How Robinhood Built a Real-Time Anomaly Detection System to Monitor and Mitig...

How Robinhood Built a Real-Time Anomaly Detection System to Monitor and Mitig...

How Robinhood Built a Real-Time Anomaly Detection System to Monitor and Mitig...

As microservices grow, traditional firewall rules based on network ACLs are no longer scalable and fall short of providing fine-grained enforcement. Group Based Policy (GBP) is a flexible policy language that allows users to specify policy enforcement based on intent, independent of network infrastructure and IP addressing. Using micro-segmented virtual domains, administrators can define policies at a centralized location and use IO Visor technology for distributed enforcement. This provides infrastructure independent rules, template-based policy definitions, and scale-out policy enforcement for a solution that secures and scales with microservices. This session will be presented by members of the IO Visor community and will cover how IO Visor technology can be used to define and enforce GBP. The discussion will also cover using GBP for cloud foundry application spaces where microservices are deployed and need scalable, efficient security policies.

Using IO Visor to Secure Microservices Running on CloudFoundry [OpenStack Sum...

Using IO Visor to Secure Microservices Running on CloudFoundry [OpenStack Sum...

Using IO Visor to Secure Microservices Running on CloudFoundry [OpenStack Sum...

IO Visor Project

Apache Solr as a compressed, scalable, and high performance time series database

Apache Solr as a compressed, scalable, and high performance time series database

Apache Solr as a compressed, scalable, and high performance time series database

Florian Lautenschlager

Iptables and Netfilter were introduced in 2001 along with Linux 2.4 as the full layer for firewall. The functionalities and the codes changed quite a lot during this decade, but nothing like what has been done with nftables. The motivation for this change is to overcome the limitations of iptables that was beginning to date both foncionnal level and in the code design: problem with the system update rules (very expensive when the number of rules increases which has become a problem to manage not static rules), code duplication, problematic for code maintenance and users. Nftables is a replacement for iptables that has been developed since 2008 by Patri ck McHardy who is the head of the Netfilter project. After a period of sleep, the developments around the project resumed in 2012 and a team of developers was formed and is working on the project. Nftables solves the problem of updates performance using a communication message between the kernel and user space. Infrastructure Netlink was used because it is the basis of the latest major Netfilter developments. The most notable changes: incremental update and atomic rules guaranteeing the performance and consistency of the set of rules expression of the rules using a pseudo machine for avoiding complex operations of writing core modules and additional extensions Nftables exceeds the limitations of iptables and brings news that should resolve elegant and efficient way many problems. The work is already significant and only the high-level library has not yet been developed. Given the remaining work, the first official release is planned for late 2013.

Kernel Recipes 2013 - Nftables, what motivations and what solutions

Kernel Recipes 2013 - Nftables, what motivations and what solutions

Kernel Recipes 2013 - Nftables, what motivations and what solutions

With the introduction of FPGAs in the cloud, there is an increasing need for solutions able to accelerate traditional CPU code with minimum burden on the user, while retaining competitive performance. In this presentation, we illustrate OXiGen, a tool for the acceleration of dataflow-oriented C applications on FPGA-based systems. The tool offers a complete design flow to optimize C functions into dataflow accelerated kernels and an automated frequency-aware design-space exploration that selects an optimal set of optimizations for the given function. It allows to automatically simulate the resulting function by generating a testbench for the function. We compare the generated hardware designs against both the respective software implementations and state-of-the-art dataflow designs, reaching comparable performance with a hardware design generated in a few seconds.

OXiGen: Automated FPGA design flow from C applications to dataflow kernels - ...

OXiGen: Automated FPGA design flow from C applications to dataflow kernels - ...

OXiGen: Automated FPGA design flow from C applications to dataflow kernels - ...

NECST Lab @ Politecnico di Milano

Debug generic process

Debug generic process

Debug generic process

Container runtimes cause Linux to return to its original purpose: to serve applications interacting directly with the kernel. At the same time, the Linux kernel is traditionally difficult to change and its development process is full of myths. A new efficient in-kernel programming language called eBPF is changing this and allows everyone to extend existing kernel components or glue them together in new forms without requiring to change the kernel itself.

BPF & Cilium - Turning Linux into a Microservices-aware Operating System

BPF & Cilium - Turning Linux into a Microservices-aware Operating System

BPF & Cilium - Turning Linux into a Microservices-aware Operating System

Monitoring and Alerting with InfluxDB 2.0 | Deniz Kusefoglu & Nate Isley | In...

Monitoring and Alerting with InfluxDB 2.0 | Deniz Kusefoglu & Nate Isley | In...

Monitoring and Alerting with InfluxDB 2.0 | Deniz Kusefoglu & Nate Isley | In...

Ceph Day Shanghai - On the Productization Practice of Ceph

Ceph Day Shanghai - On the Productization Practice of Ceph

Ceph Day Shanghai - On the Productization Practice of Ceph

Mais procurados (20)

Kernel Recipes 2017 - EBPF and XDP - Eric Leblond

Kernel Recipes 2017 - EBPF and XDP - Eric Leblond

Kernel Recipes 2017 - EBPF and XDP - Eric Leblond

Network based file carving

Network based file carving

Network based file carving

Dpdk – IoT packet analyzer

Dpdk – IoT packet analyzer

Dpdk – IoT packet analyzer

Comprehensive XDP Off‌load-handling the Edge Cases

Comprehensive XDP Off‌load-handling the Edge Cases

Comprehensive XDP Off‌load-handling the Edge Cases

Forensic Analysis - Empower Tech Days 2013

Forensic Analysis - Empower Tech Days 2013

Forensic Analysis - Empower Tech Days 2013

LF_DPDK17_DPDK support for new hardware offloads

LF_DPDK17_DPDK support for new hardware offloads

LF_DPDK17_DPDK support for new hardware offloads

Compiling P4 to XDP, IOVISOR Summit 2017

Compiling P4 to XDP, IOVISOR Summit 2017

Compiling P4 to XDP, IOVISOR Summit 2017

Telco junho cost-effective approach for telco network analysis in 5_g_final

Telco junho cost-effective approach for telco network analysis in 5_g_final

Telco junho cost-effective approach for telco network analysis in 5_g_final

Group meeting: TaintPipe - Pipelined Symbolic Taint Analysis

Group meeting: TaintPipe - Pipelined Symbolic Taint Analysis

Group meeting: TaintPipe - Pipelined Symbolic Taint Analysis

P4, EPBF, and Linux TC Offload

P4, EPBF, and Linux TC Offload

P4, EPBF, and Linux TC Offload

Network Measurement with P4 and C on Netronome Agilio

Network Measurement with P4 and C on Netronome Agilio

Network Measurement with P4 and C on Netronome Agilio

How Robinhood Built a Real-Time Anomaly Detection System to Monitor and Mitig...

How Robinhood Built a Real-Time Anomaly Detection System to Monitor and Mitig...

How Robinhood Built a Real-Time Anomaly Detection System to Monitor and Mitig...

Using IO Visor to Secure Microservices Running on CloudFoundry [OpenStack Sum...

Using IO Visor to Secure Microservices Running on CloudFoundry [OpenStack Sum...

Using IO Visor to Secure Microservices Running on CloudFoundry [OpenStack Sum...

Apache Solr as a compressed, scalable, and high performance time series database

Apache Solr as a compressed, scalable, and high performance time series database

Apache Solr as a compressed, scalable, and high performance time series database

Kernel Recipes 2013 - Nftables, what motivations and what solutions

Kernel Recipes 2013 - Nftables, what motivations and what solutions

Kernel Recipes 2013 - Nftables, what motivations and what solutions

OXiGen: Automated FPGA design flow from C applications to dataflow kernels - ...

OXiGen: Automated FPGA design flow from C applications to dataflow kernels - ...

OXiGen: Automated FPGA design flow from C applications to dataflow kernels - ...

Debug generic process

Debug generic process

Debug generic process

BPF & Cilium - Turning Linux into a Microservices-aware Operating System

BPF & Cilium - Turning Linux into a Microservices-aware Operating System

BPF & Cilium - Turning Linux into a Microservices-aware Operating System

Monitoring and Alerting with InfluxDB 2.0 | Deniz Kusefoglu & Nate Isley | In...

Monitoring and Alerting with InfluxDB 2.0 | Deniz Kusefoglu & Nate Isley | In...

Monitoring and Alerting with InfluxDB 2.0 | Deniz Kusefoglu & Nate Isley | In...

Ceph Day Shanghai - On the Productization Practice of Ceph

Ceph Day Shanghai - On the Productization Practice of Ceph

Ceph Day Shanghai - On the Productization Practice of Ceph

Destaque

We'd like to share our experience building a scalable solution using Graphite, Grafana, Collectd, Nagios, Logstash, Elasticsearch and Kibana, among others. We believe that it is easy to collect metrics from any one system, and to define alerts on single metrics. We already have this capability in place. However, in complex systems, the real operational challenges arise from the way system components interact. Some of these components live inside our data center, some live outside our data center, and all are updating on differing timelines. The functionality and performance of every component has the potential to change every day. Our challenge is to identify patterns and correlations across multiple systems in our stack. We need to integrate top-down and bottom-up analysis, so we can see, for example, that trial subscription signups (a user metric) fell off at the same time that an internal API call began to fail (an application metric), and it was caused by a database host falling offline (a system metric). When collecting so much data, there is a risk of being overwhelmed and not being able to make sense of it all. In essence, a risk of collecting data but not producing intelligence. We combat this risk by converting our accumulated data into the most visually information-dense format available: graphs. Then we make graphs easy to compare and easy to share. We make them informative at a glance and easy for the team to keep watching. Finally, once we are regularly identifying patterns across our graphs, we should have an automated way to "watch the graphs" in our absence. It is not an AI or a pattern recognition "black box", it should just automate patterns that humans have first validated to be meaningful.

Scalable Monitoring & Alerting

Scalable Monitoring & Alerting

Scalable Monitoring & Alerting

Franklin Angulo

Managing Tech Teams (Dev StackUp)

Managing Tech Teams (Dev StackUp)

Managing Tech Teams (Dev StackUp)

Franklin Angulo

An Introduction to Rearview - Time Series Based Monitoring

An Introduction to Rearview - Time Series Based Monitoring

An Introduction to Rearview - Time Series Based Monitoring

Graphite

Stop pulling the plug

Stop pulling the plug

Stop pulling the plug

Osint

Do you gather metrics from your application? Can you combine them and easily generate custom graphs out of them? Can your developers measure whatever they want at any point of your application without breaking it or making it slower? In our next itnig friday, Víctor Martínez will show us how easy it is to roll on your own Graphite installation and how to use Etsy's statsd collector to flush your metrics. You will learn what Graphite is, how all of its components work, how to get your real time&historic metrics into Carbon, Graphite's database, and how to plot them in different manners. Víctor will show us some Graphite dashboards, alternative statds implementations, detailed common Graphite configuration gotchas, design limitations and how to deal with them. <a>Visit details</a>

Collecting metrics with Graphite and StatsD

Collecting metrics with Graphite and StatsD

Collecting metrics with Graphite and StatsD

Destaque (7)

Scalable Monitoring & Alerting

Scalable Monitoring & Alerting

Scalable Monitoring & Alerting

Managing Tech Teams (Dev StackUp)

Managing Tech Teams (Dev StackUp)

Managing Tech Teams (Dev StackUp)

An Introduction to Rearview - Time Series Based Monitoring

An Introduction to Rearview - Time Series Based Monitoring

An Introduction to Rearview - Time Series Based Monitoring

Graphite

Stop pulling the plug

Stop pulling the plug

Stop pulling the plug

Osint

Collecting metrics with Graphite and StatsD

Collecting metrics with Graphite and StatsD

Collecting metrics with Graphite and StatsD

Semelhante a Go with the flow

With the rise of disruptive forces such as cloud computing and mobile technology, the enterprise network has become larger and more complex than ever before. Meanwhile, sophisticated cyber-attackers are taking advantage of the expanded attack surface to gain access to internal networks and steal sensitive data. Perimeter security is no longer enough to keep threat actors out, and organizations need to be able to detect and mitigate threats operating inside the network. NetFlow, a context-rich and common source of network traffic metadata, can be utilized for heightened visibility to identify attackers and accelerate incident response. Join Richard Laval to discuss the security applications of NetFlow using StealthWatch. This session will cover: - An overview of NetFlow, what it is, how it works, and how it benefits security - Design, deployment, and operational best practices for NetFlow security monitoring - How to best utilize NetFlow and identity services for security telemetry - How to investigate and identify threats using statistical analysis of NetFlow telemetry

Network Security and Visibility through NetFlow

Network Security and Visibility through NetFlow

Network Security and Visibility through NetFlow

Speaker: GTKlondike There is a lot of information freely available out on the internet to get network administrators and security professionals started with network analysis tools such as Wireshark. However, there is a well defined limit on how in depth the topic is covered. This intermediate level talk aims to bridge the gap between a basic understanding of protocol analyzers (I.e. Wireshark and TCPdump), and practical real world usage. Things that will be covered include: network file carving, statistical flow analysis, GeoIP, exfiltration, limitations of Wireshark, and other network based attacks. It is assumed the audience has working knowledge of protocol analysis tools (I.e. Wireshark and TCPdump), OSI and TCP/IP model, and major protocols (I.e. DNS, HTTP(s), TCP, UDP, DHCP, ARP, IP, etc.). Bio GTKlondike is a local hacker/independent security researcher who has a passion for network security, both attack and defense. He has several years experience working as an network infrastructure and security consultant mainly dealing with switching, routing, firewalls, and servers. Currently attending graduate school, he is constantly studying and learning new techniques to better defend or bypass network security mechanisms.

Open source network forensics and advanced pcap analysis

Open source network forensics and advanced pcap analysis

Open source network forensics and advanced pcap analysis

Applied Detection and Analysis Using Flow Data - MIRCon 2014

Applied Detection and Analysis Using Flow Data - MIRCon 2014

Applied Detection and Analysis Using Flow Data - MIRCon 2014

Security defined routing_cybergamut_v1_1

Security defined routing_cybergamut_v1_1

Security defined routing_cybergamut_v1_1

In this talk we will show how Hadoop Ecosystem tools like Apache Kafka, Spark, and MLLib can be used in various real-time architectures and how they can be used to perform real-time detection of a DDOS attack. We will explain some of the challenges in building real-time architectures, followed by walking through the DDOS detection example and a live demo. This talk is appropriate for anyone interested in Security, IoT, Apache Kafka, Spark, or Hadoop. Presenter Ryan Bosshart is a Systems Engineer at Cloudera and is the first 3 time presenter at BigDataMadison!

Realtime Detection of DDOS attacks using Apache Spark and MLLib

Realtime Detection of DDOS attacks using Apache Spark and MLLib

Realtime Detection of DDOS attacks using Apache Spark and MLLib

NetFlow Monitoring for Cyber Threat Defense

NetFlow Monitoring for Cyber Threat Defense

NetFlow Monitoring for Cyber Threat Defense

Logging : How much is too much? Network Security Monitoring Talk @ hasgeek

Logging : How much is too much? Network Security Monitoring Talk @ hasgeek

Logging : How much is too much? Network Security Monitoring Talk @ hasgeek

Low cost multi-sensor IDS system

Low cost multi-sensor IDS system

Low cost multi-sensor IDS system

Tim eberhard bajug3_talk

Tim eberhard bajug3_talk

Tim eberhard bajug3_talk

Orion NTA Customer Training

Orion NTA Customer Training

Orion NTA Customer Training

The Swiss ISP SWITCH has developed a scalable IPFIX exporter built using Snabb. In 2022 the application gained many new features, and was upstreamed into the main Snabb repository. We will showcase a production-grade Snabb application, and discuss implementation challenges and how Snabb helps you deal with them. (c) FOSDEM 2023 4 & 5 February 2023 https://fosdem.org/2023/schedule/event/network_snabbflow_ipfix/

Snabbflow: A Scalable IPFIX exporter

Snabbflow: A Scalable IPFIX exporter

Snabbflow: A Scalable IPFIX exporter

Network Situational Awareness with d00gle

Network Situational Awareness with d00gle

Network Situational Awareness with d00gle

Wireshark, Tcpdump and Network Performance tools

Wireshark, Tcpdump and Network Performance tools

Wireshark, Tcpdump and Network Performance tools

Sachidananda Sahu

MMIX Peering Forum and MMNOG 2020: Packet Analysis for Network Security

MMIX Peering Forum and MMNOG 2020: Packet Analysis for Network Security

MMIX Peering Forum and MMNOG 2020: Packet Analysis for Network Security

hakin9_6-2006_str22-33_snort_EN

hakin9_6-2006_str22-33_snort_EN

hakin9_6-2006_str22-33_snort_EN

Pierpaolo Palazzoli

FD.io Vector Packet Processing (VPP)

FD.io Vector Packet Processing (VPP)

FD.io Vector Packet Processing (VPP)

Kirill Tsym discusses Vector Packet Processing: * Linux Kernel data path (in short), initial design, today's situation, optimization initiatives * Brief overview of DPDK, Netmap, etc. * Userspace Networking projects comparison: OpenFastPath, OpenSwitch, VPP. * Introduction to VPP: architecture, capabilities and optimization techniques. * Basic Data Flow and introduction to vectors. * VPP Single and Multi-thread modes. * Router and switch for namespaces example. * VPP L4 protocol processing - Transport Layer Development Kit. * VPP Plugins. Kiril is a software developer at Check Point Software Technologies, part of Next Generation Gateway and Architecture team, developing proof of concept around DPDK and FD.IO VPP. He has years of experience in software, Linux kernel and networking development and has worked for Polycom, Broadcom and Qualcomm before joining Check Point.

FD.IO Vector Packet Processing

FD.IO Vector Packet Processing

FD.IO Vector Packet Processing

Packet Analysis - Course Technology Computing Conference Presenter: Lisa Bock - Pennsylvania College of Technology Most network administrators are well-versed in hardware, applications, operating systems, and network analysis tools. However, many are not trained in analyzing network traffic. Network administrators should be able to identify normal network traffic in order to determine unusual or suspicious activity. Network packet analysis is important in order to troubleshoot congestion issues, create firewall and intrusion detection system rules, and perform incident and threat detection. This hands-on presentation will review fundamental concepts necessary to analyze network traffic, beginning with an overview of network analysis, then a review the TCP/IP protocol suite and LAN operations. Participants will examine packet captures and understand the field values of the protocols and as to what is considered normal behavior, and then examine captures that show exploits, network reconnaissance, and signatures of common network attacks. The program will use Wireshark, a network protocol analyzer for Unix and Windows, to study network packets, look at basic features such as display and capture filters, and examine common protocols such as TCP, HTTP, DNS, and FTP. Time permitting, the presentation will provide suggestions on how to troubleshoot performance problems, conduct a network baseline, and how to follow a TCP or UDP stream and see HTTP artifacts. Participants should have a basic knowledge of computer networking and an interest in the subject.

Packet Analysis - Course Technology Computing Conference

Packet Analysis - Course Technology Computing Conference

Packet Analysis - Course Technology Computing Conference

Cengage Learning

breed_python_tx_redacted

breed_python_tx_redacted

breed_python_tx_redacted

an_introduction_to_network_analyzers_new.ppt

an_introduction_to_network_analyzers_new.ppt

an_introduction_to_network_analyzers_new.ppt

Semelhante a Go with the flow (20)

Network Security and Visibility through NetFlow

Network Security and Visibility through NetFlow

Network Security and Visibility through NetFlow

Open source network forensics and advanced pcap analysis

Open source network forensics and advanced pcap analysis

Open source network forensics and advanced pcap analysis

Applied Detection and Analysis Using Flow Data - MIRCon 2014

Applied Detection and Analysis Using Flow Data - MIRCon 2014

Applied Detection and Analysis Using Flow Data - MIRCon 2014

Security defined routing_cybergamut_v1_1

Security defined routing_cybergamut_v1_1

Security defined routing_cybergamut_v1_1

Realtime Detection of DDOS attacks using Apache Spark and MLLib

Realtime Detection of DDOS attacks using Apache Spark and MLLib

Realtime Detection of DDOS attacks using Apache Spark and MLLib

NetFlow Monitoring for Cyber Threat Defense

NetFlow Monitoring for Cyber Threat Defense

NetFlow Monitoring for Cyber Threat Defense

Logging : How much is too much? Network Security Monitoring Talk @ hasgeek

Logging : How much is too much? Network Security Monitoring Talk @ hasgeek

Logging : How much is too much? Network Security Monitoring Talk @ hasgeek

Low cost multi-sensor IDS system

Low cost multi-sensor IDS system

Low cost multi-sensor IDS system

Tim eberhard bajug3_talk

Tim eberhard bajug3_talk

Tim eberhard bajug3_talk

Orion NTA Customer Training

Orion NTA Customer Training

Orion NTA Customer Training

Snabbflow: A Scalable IPFIX exporter

Snabbflow: A Scalable IPFIX exporter

Snabbflow: A Scalable IPFIX exporter

Network Situational Awareness with d00gle

Network Situational Awareness with d00gle

Network Situational Awareness with d00gle

Wireshark, Tcpdump and Network Performance tools

Wireshark, Tcpdump and Network Performance tools

Wireshark, Tcpdump and Network Performance tools

MMIX Peering Forum and MMNOG 2020: Packet Analysis for Network Security

MMIX Peering Forum and MMNOG 2020: Packet Analysis for Network Security

MMIX Peering Forum and MMNOG 2020: Packet Analysis for Network Security

hakin9_6-2006_str22-33_snort_EN

hakin9_6-2006_str22-33_snort_EN

hakin9_6-2006_str22-33_snort_EN

FD.io Vector Packet Processing (VPP)

FD.io Vector Packet Processing (VPP)

FD.io Vector Packet Processing (VPP)

FD.IO Vector Packet Processing

FD.IO Vector Packet Processing

FD.IO Vector Packet Processing

Packet Analysis - Course Technology Computing Conference

Packet Analysis - Course Technology Computing Conference

Packet Analysis - Course Technology Computing Conference

breed_python_tx_redacted

breed_python_tx_redacted

breed_python_tx_redacted

an_introduction_to_network_analyzers_new.ppt

an_introduction_to_network_analyzers_new.ppt

an_introduction_to_network_analyzers_new.ppt

Último

Effective data discovery is crucial for maintaining compliance and mitigating risks in today's rapidly evolving privacy landscape. However, traditional manual approaches often struggle to keep pace with the growing volume and complexity of data. Join us for an insightful webinar where industry leaders from TrustArc and Privya will share their expertise on leveraging AI-powered solutions to revolutionize data discovery. You'll learn how to: - Effortlessly maintain a comprehensive, up-to-date data inventory - Harness code scanning insights to gain complete visibility into data flows leveraging the advantages of code scanning over DB scanning - Simplify compliance by leveraging Privya's integration with TrustArc - Implement proven strategies to mitigate third-party risks Our panel of experts will discuss real-world case studies and share practical strategies for overcoming common data discovery challenges. They'll also explore the latest trends and innovations in AI-driven data management, and how these technologies can help organizations stay ahead of the curve in an ever-changing privacy landscape.

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery

"I see eyes in my soup": How Delivery Hero implemented the safety system for ...

"I see eyes in my soup": How Delivery Hero implemented the safety system for ...

"I see eyes in my soup": How Delivery Hero implemented the safety system for ...

Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving

Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving

Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving

💥 You’re lucky! We’ve found two different (lead) developers that are willing to share their valuable lessons learned about using UiPath Document Understanding! Based on recent implementations in appealing use cases at Partou and SPIE. Don’t expect fancy videos or slide decks, but real and practical experiences that will help you with your own implementations. 📕 Topics that will be addressed: • Training the ML-model by humans: do or don't? • Rule-based versus AI extractors • Tips for finding use cases • How to start 👨‍🏫👨‍💻 Speakers: o Dion Morskieft, RPA Product Owner @Partou o Jack Klein-Schiphorst, Automation Developer @Tacstone Technology

DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam

DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam

DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam

UiPathCommunity

2024: Domino Containers - The Next Step. News from the Domino Container commu...

2024: Domino Containers - The Next Step. News from the Domino Container commu...

2024: Domino Containers - The Next Step. News from the Domino Container commu...

Martijn de Jong

Scaling API-first – The story of a global engineering organization Ian Reasor, Senior Computer Scientist - Adobe Radu Cotescu, Senior Computer Scientist - Adobe Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe

Boost Fertility New Invention Ups Success Rates.pdf

Boost Fertility New Invention Ups Success Rates.pdf

Boost Fertility New Invention Ups Success Rates.pdf

sudhanshuwaghmare1

Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood

Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood

Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood

Juan lago vázquez

FWD Group - Insurer Innovation Award 2024

FWD Group - Insurer Innovation Award 2024

FWD Group - Insurer Innovation Award 2024

The Digital Insurer

Architecting Cloud Native Applications

Architecting Cloud Native Applications

Architecting Cloud Native Applications

Artificial Intelligence Chap.5 : Uncertainty

Artificial Intelligence Chap.5 : Uncertainty

Artificial Intelligence Chap.5 : Uncertainty

Khushali Kathiriya

presentation ICT roal in 21st century education

presentation ICT roal in 21st century education

presentation ICT roal in 21st century education

Angeliki Cooney has spent over twenty years at the forefront of the life sciences industry, working out of Wynantskill, NY. She is highly regarded for her dedication to advancing the development and accessibility of innovative treatments for chronic diseases, rare disorders, and cancer. Her professional journey has centered on strategic consulting for biopharmaceutical companies, facilitating digital transformation, enhancing omnichannel engagement, and refining strategic commercial practices. Angeliki's innovative contributions include pioneering several software-as-a-service (SaaS) products for the life sciences sector, earning her three patents. As the Senior Vice President of Life Sciences at Avenga, Angeliki orchestrated the firm's strategic entry into the U.S. market. Avenga, a renowned digital engineering and consulting firm, partners with significant entities in the pharmaceutical and biotechnology fields. Her leadership was instrumental in expanding Avenga's client base and establishing its presence in the competitive U.S. market.

Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...

Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...

Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...

Angeliki Cooney

AWS Community Day CPH - Three problems of Terraform

AWS Community Day CPH - Three problems of Terraform

AWS Community Day CPH - Three problems of Terraform

Andrey Devyatkin

MINDCTI Revenue Release Quarter One 2024

MINDCTI Revenue Release Quarter One 2024

MINDCTI Revenue Release Quarter One 2024

Following the popularity of “Cloud Revolution: Exploring the New Wave of Serverless Spatial Data,” we’re thrilled to announce this much-anticipated encore webinar. In this sequel, we’ll dive deeper into the Cloud-Native realm by uncovering practical applications and FME support for these new formats, including COGs, COPC, FlatGeoBuf, GeoParquet, STAC, and ZARR. Building on the foundation laid by industry leaders Michelle Roby of Radiant Earth and Chris Holmes of Planet in the first webinar, this second part offers an in-depth look at the real-world application and behind-the-scenes dynamics of these cutting-edge formats. We will spotlight specific use-cases and workflows, showcasing their efficiency and relevance in practical scenarios. Discover the vast possibilities each format holds, highlighted through detailed discussions and demonstrations. Our expert speakers will dissect the key aspects and provide critical takeaways for effective use, ensuring attendees leave with a thorough understanding of how to apply these formats in their own projects. Elevate your understanding of how FME supports these cutting-edge technologies, enhancing your ability to manage, share, and analyze spatial data. Whether you’re building on knowledge from our initial session or are new to the serverless spatial data landscape, this webinar is your gateway to mastering cloud-native formats in your workflows.

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

[BuildWithAI] Introduction to Gemini.pdf

[BuildWithAI] Introduction to Gemini.pdf

[BuildWithAI] Introduction to Gemini.pdf

Abhishek Deb(1), Mr Abdul Kalam(2) M. Des (UX) , School of Design, DIT University , Dehradun. This paper explores the future potential of AI-enabled smartphone processors, aiming to investigate the advancements, capabilities, and implications of integrating artificial intelligence (AI) into smartphone technology. The research study goals consist of evaluating the development of AI in mobile phone processors, analyzing the existing state as well as abilities of AI-enabled cpus determining future patterns as well as chances together with reviewing obstacles as well as factors to consider for more growth.

Exploring the Future Potential of AI-Enabled Smartphone Processors

Exploring the Future Potential of AI-Enabled Smartphone Processors

Exploring the Future Potential of AI-Enabled Smartphone Processors

Strategies for Landing an Oracle DBA Job as a Fresher

Strategies for Landing an Oracle DBA Job as a Fresher

Strategies for Landing an Oracle DBA Job as a Fresher

Remote DBA Services

Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows. We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases. This video focuses on the deployment of external web forms using Jotform for Bonterra Impact Management. This solution can be customized to your organization’s needs and deployed to support the common use cases below: - Intake and consent - Assessments - Surveys - Applications - Program registration Interested in deploying web form automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.

Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...

Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...

Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...

Jeffrey Haguewood

Último (20)

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery

"I see eyes in my soup": How Delivery Hero implemented the safety system for ...

"I see eyes in my soup": How Delivery Hero implemented the safety system for ...

"I see eyes in my soup": How Delivery Hero implemented the safety system for ...

Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving

Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving

Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving

DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam

DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam

DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam

2024: Domino Containers - The Next Step. News from the Domino Container commu...

2024: Domino Containers - The Next Step. News from the Domino Container commu...

2024: Domino Containers - The Next Step. News from the Domino Container commu...

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe

Boost Fertility New Invention Ups Success Rates.pdf

Boost Fertility New Invention Ups Success Rates.pdf

Boost Fertility New Invention Ups Success Rates.pdf

Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood

Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood

Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood

FWD Group - Insurer Innovation Award 2024

FWD Group - Insurer Innovation Award 2024

FWD Group - Insurer Innovation Award 2024

Architecting Cloud Native Applications

Architecting Cloud Native Applications

Architecting Cloud Native Applications

Artificial Intelligence Chap.5 : Uncertainty

Artificial Intelligence Chap.5 : Uncertainty

Artificial Intelligence Chap.5 : Uncertainty

presentation ICT roal in 21st century education

presentation ICT roal in 21st century education

presentation ICT roal in 21st century education

Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...

Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...

Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...

AWS Community Day CPH - Three problems of Terraform

AWS Community Day CPH - Three problems of Terraform

AWS Community Day CPH - Three problems of Terraform

MINDCTI Revenue Release Quarter One 2024

MINDCTI Revenue Release Quarter One 2024

MINDCTI Revenue Release Quarter One 2024

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME

[BuildWithAI] Introduction to Gemini.pdf

[BuildWithAI] Introduction to Gemini.pdf

[BuildWithAI] Introduction to Gemini.pdf

Exploring the Future Potential of AI-Enabled Smartphone Processors

Exploring the Future Potential of AI-Enabled Smartphone Processors

Exploring the Future Potential of AI-Enabled Smartphone Processors

Strategies for Landing an Oracle DBA Job as a Fresher

Strategies for Landing an Oracle DBA Job as a Fresher

Strategies for Landing an Oracle DBA Job as a Fresher

Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...

Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...

Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...

Go with the flow

1. @Rathaur_Kamal

2.  Infosec Enthusiast  Incident Response/Digital Forensics Analyst  Speaker/Volunteer at Null and OWASP chapters  AM – IT Security (Just a position, for the records)   Travelling, Trekking, Infosec brainstorming  GCFA Certified, SANS Lethal Forensicator Award

3.  A series of packets on a network that have common attributes  Just metadata – No contents  Much like a phone bill – You know, who called who but not what was said  Is not a replacement for full packet capture

4.

5.

6.  Exporter – Uses UDP (Standard port 2055) for sending packets to Collectors  Collectors – Positioning is the key  Storage – Understand the requirements and the size of storage based on the need  Analysis Console – usually a thin client – browser based. Performance hungry

7.  Identify the critical data  Understand the network diagram  Identify choke and critical nodes  Identify critical datacenters  Plan Netflow exporters and packet capture points  Confirm legal and regulatory compliance  Security teams may prefer to use their own Netflow server and storage solution

8. nfcapd - netflow capture daemon nfdump - netflow dump nfprofile - netflow profiler nfreplay - netflow replay nfclean.pl - cleanup old data ft2nfdump - optional binary

9.  A set of tools to collect and process netflow data  Supports netflow versions v1, v5, v7, v9 and IPFIX  Fully IPv6 compatible  Stores netflow data in time sliced files – rotates typically every 5 minutes i.e. 288 files per day in nfcapd.YYYYMmddhhmm format  Command line based tool compatible to tcpdump  Top N statistics for packets, bytes, IP addresses, ports… Date flow start Duration Proto Src IP Addr:Port Dst IP Addr:Port Packets Bytes Flows 2005-08-30 06:59:52.338 0.001 UDP 36.249.80.226:3040 -> 92.98.219.116:1434 1 404 1

10.

11.  NfSen is a graphical web based front end for the Nfdump netflow tools  Graph specific profiles • Track hosts, ports etc. from live data • Profile hosts involved in incidents from history data  Analyze a specific time window  Web based  Automatic alerting  Flexible extensions using plugins

12.

14.  Understand the netflow basics  Netflow Analysis with open source tools  Ideas for setting up test lab  Testing and Deployment in VM  Replicate to Production environment

15.