I published the following diary on isc.sans.org: “The easy way to analyze huge amounts of PCAP data“.
When you are investigating aÂ security incident, there are chances that, at a certain point, you will have to dive into network traffic analysis. If youâ€™re lucky, youâ€™ll have access to a network capture. Approximatively one year ago, I wrote a quick diary to explain how to implement a simple FPC or â€œFull Packet Captureâ€ solution based on a Docker container. Itâ€™s nice to capture all the traffic in PCAP files but then? PCAP files are not convenient to process and they consume a lot of disk space (depending on the captured traffic of course)… [Read more]