Home
Search results “Network traffic analysis open source”
Using Netflow & Open Source Tools for Network Behavioral Analysis
 
43:36
Yves Desharnais will explain what the Netflow protocol is, how it works, and how to use open source tools (fluentd, nmap, etc.) to parse this data flow information and create a comparison engine that will match network traffic to defined rules. This approach was used successfully to reduce PCI DSS server scope size to under 20% in mid-2016 on a medium-sized network, and to apply firewall rules live without any business disruption.
Views: 664 BSides-Calgary
The top 10 free Network Monitoring and Analysis Tools for Networks I System Admin
 
06:11
This Video Include top freeware Network Monitoring Tools free. GFI LanGuard, Microsoft Network Monitor, Nagios, OpenNMS, Advanced IP Scanner, Capsa Free, Fiddler, NetworkMiner, Pandora FMS
Views: 11762 Network Shield
Top 10 free tools for network monitoring and analysis
 
02:44
Read the full report here: http://www.gfi.com/blog/top-10-free-tools-for-network-monitoring-and-analysis-video/ As a system admin, we know you're turning over every stone to find tools that make your life easier. Help is at hand with our guide to the top 10 free network monitoring and analysis tools! http://www.wireshark.com Wireshark kicks off our list, being a network protocol analyzer and capture utility. Captured data can easily be sent to another application for analysis, or filtered within WireShark itself. http://pandorafms.com/?lng=en If you want to keep an eye on your servers, applications and communications, look no further than Pandora FMS. It can be configured to create alerts based on specific events,nd send notifications to administrators. http://angryip.org Angry IP Scanner Scans IP addresses and ports, finding live hosts and providing you with information about them. http://microsoft-network-monitor.en.softonic.com When you're looking to capture packet data to analyze network traffic, turn to Microsoft Network Monitor. It has support for over three hundred public and Microsoft propriety protocols, as well as a wireless Monitor Mode. http://www.telerik.com/fiddler Fiddler captures HTTP between computers and the Internet to help with debugging. You see incoming and outgoing data, including encrypted HTTPS traffic, allowing you to test your website performance, or the security of your web applications. http://www.netresec.com/?page=NetworkMiner Network Miner is classed as a Network Forensic Analysis Tool, and is used to capture packets. It then extracts files and images from that data, allowing you to reconstruct your users actions. http://www.colasoft.com/capsa-free/ Another tool for monitoring, troubleshooting and analysing network traffic is Capsa Free. Not only does it have over 300 protocols, and the ability to create and customise them, but it's dashboard also allows you to see a summary of traffic stays, TCP/UDP conversations, and packet analysis. http://www.softinventive.com/products/total-network-monitor/ Total Network Monitor watches over your hosts and services, notifying you when something requires your attention.t's colorful interface lets you see what's wrong at a glance. http://www.xirrus.com/Products/Network-Management-and-Software/Network-Management/Wi-Fi-Inspector And don't miss Xirrus Wi-Fi Inspector which manages connections, locates devices, detects rogue access points, and has connection and speed quality tests. http://www.zenoss.org Lastly, Zenoss Core keeps an eye on your applications, servers, storage, networking and virtualization giving you performance and availability stats. It also has an advanced notification system. With so much pressure on IT departments, can you afford not to take advantage of any free help you can get?
Views: 147988 GFI Software
What is open-source Bro?
 
01:56
Open-source Bro Network Security Monitor creates comprehensive, protocol-specific traffic logs, extracts files, and automates custom traffic analysis tasks. To understand how Corelight makes Bro easy and enterprise grade, watch part 2: https://www.youtube.com/watch?v=PXn506T46e0
Views: 2351 Corelight, Inc
RITA - Finding Bad Things on Your Network Using Free and Open Source Tools
 
01:08:13
Want to get started on a hunt team and discover "bad things" on your network? In this webcast, we will walk through the installation and usage of Real Intelligence Threat Analytics (RITA). RITA is an open-source framework from the folks at Black Hills Information Security and Offensive CounterMeasures. RITA ingests Bro logs and seeks out malicious payload beaconing and scanning behavior. It also determines which systems in your environment are talking with known bad IP addresses and domains. In less than an hour, you will learn how to collect and analyze network traffic for hunt teaming analysis. We will also provide some sample Bro logs for you to play with and give RITA a test drive. Want to use your own Bro logs? Great! Just make sure your logs come from an egress pre-NAT point where we can see the internal RFC 1918 IP addresses talking to external IP addresses. We'll cover the different types of math used in our analysis, including: - Connection intervals - Data sizes - Connection times As a bonus, our sponsor, LogRhythm, will be showing off a completely free network monitoring tool called Network Monitor Freemium — a free tool for network monitoring, application detection, and detecting suspicious network activity (including lateral movement)! RITA webpage: https://www.activecountermeasures.com/rita/ Get the slides here: https://blackhillsinformationsecurity.shootproof.com/gallery/7912248
Network Traffic Analysis using Deep Packet Inspection and Data Visualization (SHA2017)
 
25:12
Eventpad: the Sublime editor for network traffic For the protection of (critical) infrastructures against complex virus attacks, deep packet inspection is unavoidable. In our project SpySpot we are developing new tools and techniques to assist analysts in gaining insight and reverse engineering WireShark PCAP files. In this talk we present and demo a new data visualization system Eventpad to study PCAP traffic by visualizing patterns according to user-defined rules. We illustrate the effectiveness of the system on real-world traffic including VoIP communication and Ransomware activity in file systems. #NetworkSecurity #DeviceSecurity ArrayX
Views: 1561 SHA2017
A White-Hat Hacker Demonstrates How to Monitor Traffic on Routers (Livestream Archive)
 
30:54
Video starts: 5:30 Today we're going to hack a router with client-side authentication using http traffic inspector (e.g. BURP Suite) and a browser. Many commercially available small-office and home routers perform authentication on the client-browser, which is weak and may be breached easily. This can be easily abused by attackers who can bypass the authentication and then attack the rest of the devices on the router's network.  An adversary can reverse engineer the authentication mechanism by going through the source code in the browser. Being able to bypass the authentication on the router will allow an adversary to traverse the rest of the network, manipulate network configurations, and open up other access points including ports to direct traffic in and out of the network. Using BURP lets the user see and edit the requests and responses sent to and from the router's web interface.
Views: 70237 Motherboard
3.5 Network monitoring tools – Open source
 
06:01
Module 3 – Network scanning. Section 3.5: Network monitoring tools – Open source Network monitoring is an application that constantly monitors a network against performance factors like slowness or failures and notifies the admins (via email, SMS or otherwise). Monitoring is done through polling periodically - Send http request to determine the status of a web server - Send test message for email servers - Ping/telnet/ssh/snmp check hosts/server for liveliness status, link uptime etc. Network monitoring tools – Open source • Nagios, OpenNMS, Cacti • Check MK • Icinga • NeDi • Shinken (software) • Vigilo NMS • Zabbix Nagios is a powerful network monitoring tool. • It is the Industry Standard In IT Infrastructure Monitoring • Features include alerting, event handling and reporting • There are two versions of Nagios. • Nagios Core is open source and free • Nagios XI is a commercial tool based on the Nagios Core with added features OpenNMS is a carrier-grade, highly integrated, open source platform designed for building network monitoring solutions. • There are two distributions of OpenNMS: Meridian and Horizon. Cacti is a complete open-source network graphing solution designed to harness the power of RRDTool's data storage and graphing functionality.  RRDtool is the OpenSource industry standard, high performance data logging and graphing system for time series data. RRDtool can be easily integrated in shell scripts, perl, python, ruby, lua or tcl applications. Check_MK is an extension to the Nagios monitoring system that allows creating rule-based configuration using Python and offloading work from the Nagios core to make it scale better, allowing more systems to be monitored from a single Nagios server. Icinga is an open source network monitoring application. It was originally created as a fork of the Nagios system monitoring application in 2009. NeDi is an open source software tool which discovers, maps and inventories your network devices and tracks connected end-nodes. Shinken is an open source network monitoring software application compatible with Nagios. Shinken is a monitoring framework. It's a Python Nagios® Core total rewrite enhancing flexibility and large environment management. Vigilo NMS is a performance monitoring software for medium to large-sized enterprises Zabbix is the ultimate enterprise-level software designed for real-time monitoring of millions of metrics collected from tens of thousands of servers, virtual machines and network devices. Zabbix is Open Source and comes at no cost. https://www.zabbix.com/
Views: 2465 CBTUniversity
Top 10 Open Source Cyber Security Tools
 
07:39
Top 10 Open Source Hacking Tools 1. Nmap Security Scanner 2. OSSEC 3. OpenVAS 4. Security Onion 5. Metasploit Framework 6. OpenSSH 7. Wireshark 8. Backtrack 9. ZED Attack Proxy (ZAP) 10. SQLmap Website: www.allabouttesting.org Please share and subscribe fore more updates Disclaimer: This video is for education purpose only. Copyright Disclaimer Under Section 107 of the Copyright Act 1976, allowance is made for "fair use" for purposes such as criticism, comment, news reporting, teaching, scholarship, and research. Fair use is a use permitted by copyright statute that might otherwise be infringing. Non-profit, educational or personal use tips the balance in favor of fair use.
Views: 12290 All About Testing
Wireshark Advanced Malware Traffic Analysis
 
07:41
Please check out my Udemy courses! Coupon code applied to the following links.... https://www.udemy.com/hands-on-penetration-testing-labs-20/?couponCode=NINE99 https://www.udemy.com/kali-linux-web-app-pentesting-labs/?couponCode=NINE99 https://www.udemy.com/kali-linux-hands-on-penetration-testing-labs/?couponCode=NINE99 https://www.udemy.com/network-security-analysis-using-wireshark-snort-and-so/?couponCode=NINE99 https://www.udemy.com/snort-intrusion-detection-rule-writing-and-pcap-analysis/?couponCode=NINE99 Description: This video will cover how to replay a PCAP with malicious traffic from Malware-Traffic-Analysis.net. I will demonstrate how to perform advanced network security analysis of Neutrino Exploit Kit and malware traffic analysis of CrypMIC RansomWare using Security Onion and Wireshark.
Views: 20634 Jesse Kurrus
Network Flow Analysis using Netflow protocols and tflow2 (GPN17)
 
01:06:18
https://media.ccc.de/v/gpn17-8533-network_flow_analysis_using_netflow_protocols_and_tflow2 How to know what your network does Introduction into network flow analysis and implementation of tflow2 takt
Views: 805 media.ccc.de
Collecting and analysing network flow data with Elastic Stack by Robert Cowart
 
01:09:42
Network Flows offer a rich source of data, detailing the communications between systems in today's ever expanding and increasingly complex digital infrastructures. As commercial solutions struggle to provide the features and scale necessary to provide the information that users desire, Elastic Stack provides the perfect foundation for such a solution. Rob will explain how to use Elasticsearch, Logstash and Kibana to help users extract valuable insights from their network flow data, as well as other data sources. He will finish with an introduction to Elastic’s Machine Learning technology including a demo! Presented at the Elastic{Meetup} #24 - Zurich: https://www.meetup.com/elasticsearch-switzerland/events/237550817/
Views: 30072 Nicolas Ruflin
Open Source PCAP warehouse with dependency mapping.
 
08:14
If you're like me, you probably have terabytes of PCAP files filling up your hard drive.  In previous articles I have reviewed one of my favorite "big trace file" tools Packet Analyzer from Riverbed.  I absolutely love using this tool for quickly searching through a big trace looking for that needle in the haystack. What happens when you have 100s of haystacks (PCAP files) and you still want to find that needle?   In this short video we will look at a way to take that hard drive full of PCAPs, index them, and allow you to very quickly sort through terabytes of data.    Questions? [email protected]
Views: 654 Microseconds Matter
Why It’s Time to Make Network Traffic Analysis A First-Class Citizen
 
59:53
Since nearly all cyberattacks must cross the network it’s an essential source of truth for threat hunters and incident responders, yet many organizations today have limited network traffic analysis capabilities. Why? The root of the problem lies in common sources of network data, which are difficult to analyze at scale. Security operators often find themselves stuck between the unwieldy firehose of full traffic capture and the frustrating information desert of network logs like Netflow that offer only a minimal amount of detail. Simply put, it’s either too much, or too little network data. A goldilocks alternative exists, however, in the Bro Network Security Monitor. This open source framework transforms network traffic into high-fidelity logs that summarize activity on the wire at less than 1% the size of full traffic capture and can automate traffic analysis tasks via Bro’s unique scripting language. Thousands of organizations rely on Bro to achieve comprehensive, scalable network traffic analysis and Corelight makes Bro easy and ready to deploy at enterprise scale. In this webinar, Eric Ogren, Senior Analyst at 451 Research, and Brian Dye, CPO at Corelight, will demonstrate how Bro can help organizations achieve comprehensive, scalable network traffic analysis and accelerate their threat hunting and incident response workflows.
Views: 77 Corelight, Inc
DEFCON 16: Malware Detection through Network Flow Analysis
 
50:29
Speaker: Bruce Potter, Founder, The Shmoo Group Over the last several years, we've seen a decrease in effectiveness of "classical" security tools. The nature of the present day attacks is very different from what the security community has been used to in the past. Rather than wide-spread worms and viruses that cause general havoc, attackers are directly targeting their victims in order to achieve monetary or military gain. These attacks are blowing right past firewalls and anti-virus and placing malware deep in the enterprise. Ideally, we could fix this problem at its roots; fixing the software that is making us vulnerable. Unfortunately that's going to take a while, and in the interim security engineers and operators need new, advanced tools that allow deeper visibility into systems and networks while being easy and efficient to use. This talk will focus on using network flows to detect advanced malware. Network flows, made popular by Cisco's NetFlow implementation available on almost all their routers, has been used for years for network engineering purposes. And while there has been some capability for security analysis against these flows, there has been little interest until recently. This talk will describe NetFlow and how to implement it in your network. It will also examine advanced statistical analysis techniques that make finding malware and attackers easier. I will release a new version of Psyche, an open source flow analysis tool, and show specific examples of how to detect malware on live networks. I will also release a tool designed to craft and spoof netflow records for injection into netflow collectors. For more information visit: http://bit.ly/defcon16_information To download the video visit: http://bit.ly/defcon16_videos
Views: 3687 Christiaan008
Finding Bad Things on Your Network Using Free and Open-Source Tools Webcast
 
01:08:13
This webcast is for the threat hunter on a budget. Rob McGovern, LogRhythm security expert, joined John Strand, of Security Weekly and SANS, to teach you how to collect and analyze network traffic for hunt teaming analysis. The duo also utilized only free and open-source tools. You’ll learn about Real Intelligence Threat Analytics (RITA) and the free network monitoring tool, NetMon Freemium. Download Freemium now: https://logrhythm.com/network-monitor-freemium/
Views: 1076 LogRhythm
Wireshark Tutorial for Beginners
 
14:22
A Wireshark tutorial for beginners that shows users how to track network activity, view specific frame, tcp, ip and http information, view specific packets being sent and received on the network, view information within those packets and spot malicious or suspicious network behavior. For behind the scenes and exclusive content: https://www.instagram.com/ansonalex.c0m/ Published by Anson Alexander from http://AnsonAlex.com.
Views: 760705 Anson Alexander
KaTaLyzer - network traffic monitoring tool
 
05:35
students at Institute of computer systems and networks of FIIT STUBA have been working on open source network traffic monitoring tool KaTaLyzer. It offers long term full network traffic monitoring. Data are displayed in graphs which can be displayed based on protocol as well as communicating nodes. It supports widely used protocols (Ethernet, IP, TCP, UDP, HTTP, SSH, SIP, etc.). Features: - packet-by-packet network monitoring tool - network utilization graphs - graphs for each IP address and port - geoip functionality - pcap based Enjoy :)
Views: 4842 Ngnlab Eu
OpenNMS||Step by Step Configuration||Monitoring Tool||Open Source||Rhel 7||Centos 7-Part-1
 
15:11
#OpenNMS (Open Network Management System) is the first enterprise-grade network management platform developed under the open source model. It was designed to manage tens of thousands of devices from a single server as well as manage unlimited devices using a cluster of servers. Steps to install OPEN-NMS on Rhel 7.x / Centos 7 ...see video Extensive Network Analysis Network Analyzer provides an in-depth look at all network traffic sources and potential security threats allowing system admins to quickly gather high-level information regarding the health of the network as well as highly granular data for complete and thorough network analysis. Network Clarity Network Analyzer provides a central view of your network traffic and bandwidth data as well as potential network compromises. The powerful home dashboard provides an at-a-glance view of critical netflow or sflow data sources, server system metrics, and abnormal network behavior for quick assessment of network health. Users can easily drill down to see specific information on individual IPs, source port, destination port, or any combination thereof. Adaptability Create a Network Analyzer environment that reflects your network’s identity. Source groups allow Admins to organize similar sources as well as apply views and queries to multiple sources simultaneously, and to your exact specifications. Additional add-on capabilities allow Network Analyzer users to push SNMP notifications to monitoring and SNMP trap management systems. Network Analyzer adapts to your existing environment for a pain-free implementation process that takes only minutes to get up and running. Bandwidth Utilization Calculator A fully customizable bandwidth utilization calculator is included allowing reports to be created to summarize bandwidth utilization per source, IP, or any combination the user desires. In-Depth Insight Network Analyzer’s advanced alerting and reporting capabilities provide IT staff with superior awareness of their network. Highly granular, down-to-the-packet data can be accessed and archived for further tracking and analysis. When critical thresholds are exceeded, abnormal network activity occurs, or bandwidth restrictions are met, Network Analyzer can trigger alerts allowing Admins to start resolving issues immediately.
Webinar: A Technical Introduction to Bro, Network Security's Best Kept Secret
 
54:21
The open-source Bro Network Security Monitor is a powerful network traffic analysis tool that offers deep, actionable traffic insight that can accelerate incident response times and unlock new threat hunting capabilities. Bro is widely used by the world’s largest, most sophisticated organizations to protect their networks, yet few security practitioners today have a deep understanding of Bro’s technical underpinnings and how to fully leverage its insight and power. Learn how Bro works under the hood, how to integrate it in your security stack, and how its rich network logs and analytical capabilities differentiate it from common sources of network data like PCAP and Netflow and common security tools like IDS/IPS solutions. This webinar will cover: - A technical understanding of how the Bro Network Security monitor works and its security functions - How to apply Bro’s unique network traffic analysis capabilities in your environment and integrate them into your security stack - How Bro's network logs differ from PCAP, Netflow records, and common server logs like DNS logs - How Bro’s network data and insight can accelerate incident response times and unlock new threat hunting ground Related blog: https://blog.pentesteracademy.com/corelight-bro-based-network-visibility-2bbd7aa24e59 Webinar live date: August 16, 2018
TRex   An Open Source Traffic Generator
 
47:35
A classroom session from the DevNet Zone at Cisco Live Berlin 2017. TRex is an open source, low cost, stateful and stateless traffic generator fuelled by DPDK. It generates L4-7 traffic based on pre-processing and smart replay of real traffic templates. TRex amplifies both client and server side traffic and can scale to 200Gb/sec with one UCS using Intel XL710. Watch this video for an overview of the tool. Join DevNet today! It's free, easy, and gives you access to useful resources and tools. Come learn, code, inspire, and connect. https://developer.cisco.com/site/devnet/overview/index.gsp
Views: 9453 Cisco DevNet
PRTG Network Monitor - Bandwidth Monitoring with Flows and Packet Sniffing
 
19:04
In this tutorial you get to know everything about bandwidth monitoring with flows and paket sniffing with our network monitoring solution PRTG Network Monitor. KNOWLEDGE BASE ARTICLE Configuration Tips for Cisco Routers and PRTG https://kb.paessler.com/en/topic/563-do-you-have-any-configuration-tips-for-cisco-routers-and-prtg LEARN MORE ABOUT PRTG http://www.paessler.com/ and sign up for our newsletter to get free tips and tricks! https://www.paessler.com/company/newsletter SUBSCRIBE TO OUR BLOG https://blog.paessler.com/ Stay on top of your IT game with the Paessler blog SOCIAL MEDIA Follow us on Facebook https://www.facebook.com/PRTG.Network.Monitor/ We are also on instagram https://www.instagram.com/paesslerag/
Views: 188450 PaesslerAG
Network Traffic Analysis
 
04:08
KDD KNN K-Means
Views: 114 JC
network traffic analysis software
 
01:06
scrutinizer netflow analyzer, netflow snmp, netflow monitoring tools, network traffic analysis software,
Views: 43 huda fatima
HowTo: Monitor and Log Network Traffic on Linux / Unix Using vnStat
 
08:24
http://www.cyberciti.biz/faq/?p=12931 - A quick video demo explains how to log and monitor network traffic and using vnstat utility for Linux or Unix like operating systems. Also, see how to install vnstat php frontend http://www.cyberciti.biz/faq/?p=12931 *** Software used *** [1] vnstat (http://humdi.net/vnstat/) is a free and open source software. It is is licensed under GPL http://www.gnu.org/licenses/gpl.html [2] vnstat PHP frontend (http://www.sqweek.com/sqweek/index.php?p=1) is a free and open source software and licensed under terms of the GPL http://www.gnu.org/licenses/gpl.html *** Sound track credit ** [1] Easy Lemon by Kevin MacLeod is licensed under a CC Attribution 3.0. http://incompetech.com/music/royalty-free/index.html?isrc=USUAN1200076 [2] Tea Roots by Kevin MacLeod is licensed under a CC Attribution 3.0. http://incompetech.com/music/royalty-free/index.html?isrc=USUAN1100472
Views: 18175 nixcraftcom
OSMC 2013 | Luca Deri: Monitoring network traffic using ntopng (ENG)
 
01:01:29
ntop is a open-source network monitoring project aimed at network traffic monitoring. With the advent of modern computing architectures and high-speed networks many components had to be redesigned to address the new challenging issues. Monitoring 10G networks require high-speed packet capture/transmission and efficient monitoring applications. Over the past 10 years ntop has created several open-source tools, kernel modules, flow-based applications for making high-speed traffic monitoring feasible on commodity hardware. This talk will give an overview of the various ntop monitoring components including the latest version of ntop named ntopng. It will also highlight some use cases where these tools have been used successfully.
Views: 48 NETWAYS
DEF CON 16 - Bruce Potter: Malware Detection through Network Flow Analysis
 
50:29
DEF CON 16 - Bruce Potter: Malware Detection through Network Flow Analysis Over the last several years, we've seen a decrease in effectiveness of "classical" security tools. The nature of the present day attacks is very different from what the security community has been used to in the past. Rather than wide-spread worms and viruses that cause general havoc, attackers are directly targeting their victims in order to achieve monetary or military gain. These attacks are blowing right past firewalls and anti-virus and placing malware deep in the enterprise. Ideally, we could fix this problem at its roots; fixing the software that is making us vulnerable. Unfortunately that's going to take a while, and in the interim security engineers and operators need new, advanced tools that allow deeper visibility into systems and networks while being easy and efficient to use. This talk will focus on using network flows to detect advanced malware. Network flows, made popular by Cisco's NetFlow implementation available on almost all their routers, has been used for years for network engineering purposes. And while there has been some capability for security analysis against these flows, there has been little interest until recently. This talk will describe NetFlow and how to implement it in your network. It will also examine advanced statistical analysis techniques that make finding malware and attackers easier. I will release a new version of Psyche, an open source flow analysis tool, and show specific examples of how to detect malware on live networks. I will also release a tool designed to craft and spoof netflow records for injection into netflow collectors. Bruce Potter is the founder of the Shmoo Group of security, crypto, and privacy professionals. He is also the co-founder and CTO of Ponte Technologies, a company focused on developing and deploying advanced IT defensive technologies. His areas of expertise include wireless security, network analysis, trusted computing, pirate songs, and restoring hopeless vehicles. Mr. Potter has co-authored several books including "802.11 Security" and "Mastering FreeBSD and OpenBSD Security" published by O'Reilly and "Mac OS X Security" by New Riders. For copies of the slides and additional materials please see the DEF CON 16 Archive here: https://defcon.org/html/links/dc-archives/dc-16-archive.html
Views: 809 DEFCONConference
How to use Ntopng using Squid proxy server
 
06:40
This video covers the ground on the installation procedure of Ntopng using Squid proxy server.The Ntopng is an open-source network traffic monitoring system that provides a web interface for real-time network monitoring. For more explanation on this video: https://www.linuxhelp.com/how-to-use-ntopng-using-squid-proxy-server/
Views: 5683 Linux Help
Open Source Malware Lab - Robert Simmons
 
49:41
The landscape of open source malware analysis tools improves every day. A malware analysis lab can be thought of as a set of entry points into a tool chain. The main entry points are a file, a URL, a network traffic capture, and a memory image. This talk is an examination of the major open source tools that satisfy the analysis requirements for each of these entry points. Each tool’s output can potentially feed into another tool for further analysis. The linking of one tool to the next in a tool chain allows one to build a comprehensive automated malware analysis lab using open source software. For file analysis, the three major versions of Cuckoo Sandbox will be examined. To analyze a potentially malicious URL, the low-interaction honeyclient, Thug, will be covered. Next, if one has a network capture (PCAP) to analyze, the Bro Network Security Monitor is a great option, and will be covered. Finally, if the analysis target is a memory image, the Volatility Framework will be examined. Each of the inputs and outputs of the tools will be reviewed to expose ways that they can be chained together for the purpose of automation.
Network Traffic Analysis of Hadoop Clusters Understand the common usage patterns and identify typic…
 
29:07
Network Traffic Analysis of Hadoop Clusters Understand the common usage patterns and identify typical / atypical workloads. by Mirko Kämpf At: FOSDEM 2017 Cybersecurity is a broad topic and many commercial products are related to it.We demonstrate a fundamental concept in network analysis: re-construction andvisualization of temporal networks. Furthermore, we apply the method todescribe operational conditions of a Hadoop cluster. Our experiments providefirst results and allow a classification of the cluster state related tocurrent workloads. The temporal networks show significant differences fordifferent operation modes. In reallity we would expect mixed workloads. Ifsuch workload parameters are known, we are able to handle a-typical eventsaccordingly - which means, we are able to create alerts based on contextinformation, rather than only the package content. We show an end-to-endexample: (1) Data collection is done via python, using the sniffer script; (2)using Apache Hive and Apache Spark we analyze the network traffic data andcreate the temporary network. Finally, we are able to visualize the resultsusing Gephi in step (3). In a next step, we plan to contribute to the ApacheSpot project. # Expected prior knowledge / intended audience: No special skills required, but minimal exposure to the Hadoop ecosystem ishelpful. # Speaker bio: Márton Balassi is a Solution Architect at Cloudera and a PMC member at ApacheFlink. He focuses on Big Data application development, especially in thestreaming space. Marton is a regular contributor to open source and has been aspeaker of a number of open source Big Data related conferences includingHadoop Summit and Apache Big Data and meetups recently. Mirko Kämpf is a Solution Architect at Cloudera and the initiator of theEtosha project. He holds a Diploma in Physics and worked on several projectsrelated to complex systems analysis. His focus is on time dependent networkanalysis and time series analysis, using tools from the Hadoop ecosystem, andespecially on the related metadata management. Mirko is actively using opensource tools, author of several blog articles in the Cloudera engineeringblog, and a speaker in Big Data related conferences and meetups. https://de.linkedin.com/in/kamir # Links to previous talks by the speaker ## Marton: Hadoop Summit, Dublin, 2016 https://www.youtube.com/watch?v=mRhCpp-p11E Flink Meetup, Berlin, 2016 https://www.youtube.com/watch?v=Rk8mVtGumPc&t=462s Flink Forward, Berlin, 2016 https://www.youtube.com/watch?v=FtzXOLhZ-2c ## Mirko: Cloudera Technical Summit, Las Vegas, 2016http://www.slideshare.net/mirkokaempf/from-events-to-networks-time-series-analysis-on-scale?qid=a3a3f939-19e4-4127-81a7-e963114d4110&v=&b=&from_search=1 GridKA, Karlsruhe, 2015 http://www.slideshare.net/mirkokaempf/apache-spark-in-scientific-applications?qid=b82c1d59-2098-409c-8b84-5570504c5546&v=&b=&from_search=4 GridKA, Karlsruhe, 2014 http://www.slideshare.net/mirkokaempf/hadoop-complex-systems-research?qid=a0eebdd3-b042-453d-9b65-a2e2301d09f8&v=&b=&from_search=6 Hadoop meetup, Munich, 2013 http://www.slideshare.net/mirkokaempf/munich-hug-20130522v2?qid=72841b48-efbf-442a-8b7f-0ea0db3b3ad4&v=&b=&from_search=5 Room: H.2214 Scheduled start: 2017-02-04 16:50:00
Views: 77 FOSDEM
Deep Packet Inspection with open source Hyperscan regexp library network security at massive scale
 
20:11
Deep Packet Inspection (DPI) technologies are an essential aspect of many network and system security implementations. To keep up with ever-growing threat and traffic trends, performance is a critical component of DPI. In this talk, we will outline the Hyperscan project: an Intel open source regular expression and literal matcher library used in many DPI systems both commercial and open-source (including Snort and Suricata).  We will discuss how this approach could work together with OpenStack
Find out what users are doing on your network
 
06:00
https://www.netfort.com/languardian-from-netfort/how-it-works/ :: Using the LANGuardian to track and report on user network activity.
Views: 400558 NetFort
Debian / Ubuntu Linux: Monitor Network Traffic Load Over SSH Session With Slurm
 
02:28
http://www.cyberciti.biz/faq/?p=13037 slurm - yet another network load monitor. Simple and easy to use. *** Software used *** slurm (https://github.com/mattthias/slurm) is a free and open source software. It is licensed under GPL http://www.gnu.org/licenses/gpl.html *** Music / song track used *** Cattails (http://incompetech.com/music/royalty-free/index.html?isrc=USUAN1100743) by Kevin MacLeod is licensed under a CC Attribution 3.0 http://creativecommons.org/licenses/by/3.0/deed.en_US
Views: 14638 nixcraftcom
PLNOG 13: Running a 2 Tbps global IP network using Open Source tools (B.van der Sloot)
 
22:23
Bart van der Sloot and Samer Abdel-Hafez (FiberRing): "FiberRing operates one of the largest content networks in the world, peaking at over 2 Tb/s. In order to facilitate troubleshooting, detect attacks and saving important data as router configurations, we implement a series of tools mostly implemented in house or open source. The key point of this presentation is to describe how FiberRing is using these tools for: monitoring: FiberRing makes extensive use of Opsview (Nagios) and NMIS. We utilise Opsview for alerts and reporting and NMIS for detailed traffic analysis. capacity planning: FiberRing choose PMACCT as netflow collector software and implemented an in house front-end solution that helps us locate strategic peering partners and explore ways to reduce the costs to deliver our content. DDOS attacks detection: As every large hosting provider, we are regularly target of DDoS attacks. We implement a set of linux boxes running running nfcapd to collect traffic flows with 1 minute/per host granularity. This gives us great flexibility and incredibly valuable data to quick detect attacks and take corrective actions. routers’ configuration backups: FiberRing is actively involved in the development of Oxidized, an innovative configuration backup tool which poses itself as rancid replacement".
Views: 1138 PROIDEA Events
Wireshark and Recognizing Exploits, HakTip 138
 
06:07
This week on HakTip, Shannon pinpoints an exploitation using Wireshark. Working on the shoulders of last week's episode, this week we'll discuss what exploits look like in Wireshark. The example I'm sharing is from Practical Packet Analysis, a book by Chris Sanders about Wireshark. Our example packet shows what happens when a user visits a malicious site using a bad version of IE. This is called spear phishing. First, we have HTTP traffic on port 80. We notice there is a 302 moved response from the malicious site and the location is all sorts of weird. Then a bunch of data gets transferred from the new site to the user. Click Follow TCP Stream. If you scroll down, you see some weird gibberish that doesn't make sense and an iframe script. In this case, it's the exploit being sent to the user. Scroll down to packet 21 and take a look at the .gif GET request. Lastly, Follow packet 25's TCP Stream. This shows us a windows command shell, and the attacker gaining admin priveledges to view our user's files. FREAKY. But now a network admin could use their intrusion detection system to set up a new alarm whenever an attack of this nature is seen. If someone is trying to do a MITM attack on a user, it might look like our next example packet. 54 and 55 are just ARP packets being sent back and forth, but in packet 56 the attacker sends another ARP packet with a different MAC address for the router, thereby sending the user's data to the attacker then to the router. Compare 57 to 40, and you see the same IP address, but different macs for the destination. This is ARP cache Poisoning. Let me know what you think. Send me a comment below or email us at [email protected] And be sure to check out our sister show, Hak5 for more great stuff just like this. I'll be there, reminding you to trust your technolust. -~-~~-~~~-~~-~- Please watch: "Bash Bunny Primer - Hak5 2225" https://www.youtube.com/watch?v=8j6hrjSrJaM -~-~~-~~~-~~-~-
Views: 44745 Hak5
Graphical Network Monitor | EtherApe | KALI 2018
 
03:21
EtherApe is a packet sniffer/network traffic monitoring tool, developed for Unix. EtherApe is free, open source software developed under the GNU General Public License.
Views: 3005 XOR
TekTip ep24 - Moloch
 
18:40
In this episode of TekTip we demo Moloch From https://github.com/aol/moloch : "Moloch is an open source, large scale IPv4 packet capturing (PCAP), indexing and database system. A simple web interface is provided for PCAP browsing, searching, and exporting. APIs are exposed that allow PCAP data and JSON-formatted session data to be downloaded directly. Simple security is implemented by using HTTPS and HTTP digest password support or by using apache in front. Moloch is not meant to replace IDS engines but instead work along side them to store and index all the network traffic in standard PCAP format, providing fast access. Moloch is built to be deployed across many systems and can scale to handle multiple gigabits/sec of traffic." Big thanks to the Securabit.com team for letting me use their instance of Moloch. www.TekDefense.com @TekDefense
Views: 6432 TekDefense
How to Use Open Source Tools to Improve Network Security
 
24:47
How to Use Open Source Tools to Improve Network Security, for both windows and linux environment, with Adoption guideline for these tools. https://mhmd.io/Must-Have-Open-Source-Security-Tools/ Table of Contents: 00:01 - How to Use Open Source Tools to Improve Network Security 00:16 - How to Get Resources 00:29 - Salam! 00:44 - Contribution to Open Source Security Projects 01:20 - FOSS security tools 01:29 - 02:15 - Five-Stage Process for DIY Network Security 03:27 - 03:40 - Five-Stage Process for DIY Network Security 03:43 - 03:45 - Vulnerability Analysis 03:49 - Vulnerability Analysis Solutions 07:01 - Vulnerability Analysis 07:01 - Five-Stage Process for DIY Network Security 07:02 - 07:02 - Five-Stage Process for DIY Network Security 07:02 - 07:07 - Vulnerability Analysis 07:08 - Vulnerability Analysis Solutions 07:08 - Configuration Analysis 07:08 - Vulnerability Analysis Solutions 07:23 - Configuration Analysis 07:28 - Configuration Analysis 08:33 - Log Analysis 08:38 - 10:56 - Log Analysis 10:57 - Configuration Analysis 10:57 - Configuration Analysis 10:57 - Vulnerability Analysis Solutions 10:57 - Vulnerability Analysis 10:57 - 10:58 - Five-Stage Process for DIY Network Security 10:58 - 11:26 - Vulnerability Analysis 11:27 - Vulnerability Analysis Solutions 11:27 - Configuration Analysis 11:27 - Configuration Analysis 11:27 - Log Analysis 11:28 - 11:28 - Logs Customized Dashboards 11:44 - Monitoring and Alerting 12:31 - Logs Customized Dashboards 12:32 - 12:32 - Log Analysis 12:33 - 12:38 - Logs Customized Dashboards 12:39 - Monitoring and Alerting 12:39 - Monitoring/Metrics 13:15 - Collect metrics from every device 13:20 - Monitoring/Metrics 13:29 - Collect metrics from every device 13:46 - Dashing Important Check 14:07 - Intrusion Detection Systems 14:13 - Intrusion Detection System 16:29 - 16:51 - Collect Logs from every device 16:55 - Summary 16:55 - All-in-One Tool ? SMB 16:56 - Summary 16:56 - All-in-One Tool ? SMB 16:57 - Summary 16:57 - Collect Logs from every device 17:39 - Summary 18:56 - All-in-One Tool ? SMB 20:55 - How to Deploy 21:02 - Deployment Plan
Views: 281 Mohammed Yahya
Correlating Network and Host Activity
 
01:10:31
In this webinar, Randy Franklin Smith (UWS) and Liam Mayron (LogRhythm) discuss network monitoring and analysis, particularly alarms based on network traffic that can provide starting points for host attribution. Network traffic analysis can be the first sign of misuse or even compromised systems. You'll see how a network monitoring tool can be configured to alert on relevant events — particularly those that can correlate to host information for an investigation. The team captures network packets and shows you how to correlate that data to the appropriate Windows system. You'll also get a look at the logs from that system to figure out exactly who and what (program) sent that packet. You'll learn how to do this with both Security Log events from Windows Firewall and with LogRhythm SysMon. Watch the webinar now to see LogRhythm’s powerful NetMon tool in action, and learn more about the LogRhythm NetMon Freemium version that you can use to follow along and for monitoring your own network.
Views: 354 LogRhythm
Sharkfest 2013 - Wireshark Network Forensics (Laura Chappell)
 
01:16:39
This session was recorded at Sharkfest 2013, UC Berkeley, CA Join Laura Chappell in this session as she examines a slew of malicious traffic, customizes Wireshark to detect these problems faster, and extracts relevant information using command-line tools. You'll learn how Wireshark can be used as network forensic software and how it helped detect various successful/unsuccessful breaches in a recent project. Laura Chappell is the founder of Chappell University and the co-founder of Wireshark University with Gerald Combs. Long-time, well-known Wireshark evangelist and author of the best-selling "Wireshark Network Analysis: Official Wireshark Certified Network Analyst Study Guide" and numerous other industry books, Ms. Chappell began her career as a network analyst in 1991 when Novell acquired the LANalyzer product. She has worked with numerous analyzer products since then but, in 1999, decided to focus her analysis time working exclusively with the open source Ethereal (now known as Wireshark) network and protocol analysis tool. Laura developed the Wireshark Certified Network Analyst Program and manages the Wireshark University Authorized Training Partner Program and the Wireshark University Authorized Instructor Program.
Views: 84218 Chris Greer
Merging System and Network Monitoring with BPF
 
23:44
Network traffic monitoring is traditionally based on packet analysis. While this approach still makes sense in many contexts, it is unable to provide detailed visibility when containers or virtual systems are used. This talk describes how the advent of eBPF enables the creation of monitor rich applications that can provide both network and application monitoring information to provide detailed information for both monitoring and troubleshooting. It shows how eBPF has been used in ntopng, an opensource monitoring application, and what are the challenges and pitfalls when integrating packets with system monitoring events. This talk describes how packet monitoring and system-based event monitoring work and how they could be merged together to provide increased visibility. From the network administrator perspective the advantage is that monitoring does not stop at network level but it can also identify the application/username that has generated traffic. From a security standpoint this enables to identify suspicious network traffic and bind it to applications, for network administrators it allows faulty applications misbehaving users to be identified and tracked. System visibility is yet another layer of observability on top of traditional packet traffic monitoring and deep-packet-inspection. https://fosdem.org/2019/schedule/event/merging_system_and_network_monitoring_with_bpf/
Views: 162 ntop
Visualizing Network Topologies and Traffic (Cloud Next '18)
 
38:12
Traditional Network Monitoring Systems are limited by protocols and cannot easily ingest data from Cloud deployments. In this session, we will look at which use cases in the field of network monitoring and management are relevant in a cloud environment and which data Google Cloud Platform provides to gain insights. We will then demo how to visualize traffic flows and topologies using a mix of Google and Open Source tools. DEV213 Event schedule → http://g.co/next18 Watch more Application Development sessions here → http://bit.ly/2zMcTJc Next ‘18 All Sessions playlist → http://bit.ly/Allsessions Subscribe to the Google Cloud channel! → http://bit.ly/NextSub
Views: 1463 Google Cloud Platform
Michal Kuffa - Building Netflow based NIDS out of open source components
 
23:08
Netflow exporters provide extremely important information about what is going on in your network almost in real time. As the network grows, to store and analyze collected flow information starts to be a tedious task. The purpose of this talk is to outline how to use open source technologies to move from RRD files as a mean of storage of flow data and take full advantage of Netflow's (almost) real time nature to create NIDS with all the related data right at hand, visualized and ready to be diagnosed.
Views: 168 PyCon SK
Wireshark Best Network Analyzer Freeware
 
05:20
Best network analyzer freeware tool Wireshark. It is an open source packet analyzer. This tool is able to capture and read information from applications like Microsoft network monitor, Snoop, and Sniffer. For Text Article Visit :- http://www.hackbs.com/pentesting-tools/wireshark-best-network-analyzer-freeware/ Admin :- https://www.facebook.com/royalhacks01 Website :- http://www.hackbs.com
Views: 1311 Nix Hero
Threat Hunting: Monitoring Packets
 
08:46
Welcome to the first video in my series, Threat Hunting: With Open Source Software: Suricata and Elasticsearch. Throughout this video series, we’ll work our way through low level network details, through higher level application protocols. We’ll also use a suite of tools that can help capture and analyze traffic on a real network. These skills can be used in research or the workplace, with permission of course. https://fauie.com
Views: 226 Chris Fauerbach
netflow monitoring tools
 
01:02
scrutinizer netflow analyzer, netflow snmp, netflow monitoring tools, network traffic analysis software,
Views: 43 arman khan
Flow Analysis Part 3: Silk
 
29:12
Get the class materials to follow along at http://OpenSecurityTraining.info/Flow.html Follow us on Twitter for class news @OpenSecTraining. The playlist for this class is here: http://bit.ly/14CUt4p This course by Mike McFail & Ben Actis focuses on network analysis and hunting of malicious activity from a security operations center perspective. We will dive into the netflow strengths, operational limitations of netflow, recommended sensor placement, netflow tools, visualization of network data, analytic trade craft for network situational awareness and networking hunting scenarios. Course Objectives: * Provide an understanding of the netflow data format * Describe common netflow collection, analysis, and visualization tools * Cover situational awareness and hunting analytic tradecraft * Fuse netflow with other data sources
Views: 7703 Open SecurityTraining
Lightning Talk  PCAP BGP Parser
 
11:18
Speakers: Christoph Dietzel Network operations increasingly relies on tools and features to perform in-depth analysis of Internet routing behavior to optimize traffic flows or dissect DDoS attacks. In particular, IXPs commonly operate software routers such as BIRD or Quagga as BGP route servers. However, the implemented data processing features and tools are somewhat limited. BIRD does not support continues BGP exports, MRT dumps allow a post-best-path-selection view only, and the tshark BGP filtering capabilities are limited, just to name a few. In this talk we present a TCP dump BGP parser to overcome these limitations. The raw packets can be captured with tcpdump at the network interface of any software router and either be processed as a live-stream or stored and analyzed subsequently. For a post mortem analysis the BGP parser comes with a rich set of filters and export formats to meet the desired level of granularity. The presentation will showcase some compelling examples. Moreover, the tool can be extended as favored since it is available as open source project at GitHub.
Views: 605 TeamNANOG
Topogram -Open Source Network Analysis Quick Start
 
06:19
A basic tutorial to show how to use Topogram, an open source toolkit for network analysis . http://topogram.github.io More information at : http://github.com/topogram
Views: 156 Clément Renaud
The Eleventh HOPE (2016): Open Source Malware Lab
 
54:05
Saturday, July 23, 2016: 9:00 pm (Noether): The landscape of open-source malware analysis tools improves every day. A malware analysis lab can be thought of as a set of entry points into a tool chain. The main entry points are a file, a URL, a network traffic capture, and a memory image. This talk is an examination of the major open-source tools that satisfy the analysis requirements for each of these entry points. Each tool’s output can potentially feed into another tool for further analysis. The linking of one tool to the next in a tool chain allows one to build a comprehensive automated malware analysis lab using open-source software. Robert Simmons
Views: 402 Channel2600