Skip to content

Lynverted/filter_project

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

51 Commits
backends
backends
 
 
haris
haris
 
 
scripts
scripts
 
 
suricata
suricata
 
 
wanproxy
wanproxy
 
 
NAT.cl
NAT.cl
 
 
NAT2.cl
NAT2.cl
 
 
README.md
README.md
 
 
driver.sh
driver.sh
 
 
filter.cl
filter.cl
 
 
server.py
server.py
 
 
test-topology.py
test-topology.py
 
 

Repository files navigation

filter_project

Traffic filter state recreation experiment

To use the suricata branch testing:

  1. Run the topology (sudo python topo.py)
  2. Once it has started and both instances of suricata are running, run the following command: r1 tcpreplay-edit -i r1-eth1 --enet-dmac 00:00:00:00:01:02 -C --mtu-trunc --mbps 1000 pcaps/2017-X.pcap"
  3. Change the chosen pcap day to monday to thursday, depending on the chosen CICID2017 dataset you're testing
  4. When the stream is complete, tear down the mininet with "exit"
  5. Run the total jq map for overall numbered results (./jq-sum.sh)
  6. Run the jq maps individually for specific alerts (jq -s -f map.jq log/suriX/eve.json) changing the suri number to 1 or 2 for the primary or redundant respectively
  7. Delete both sets of logs to ensure clean results when finished (sudio rm log/suriX/*)
  8. Run the failure command to initiate network failures (./network.sh X) with up or down respectively

About

Traffic filter state recreation experiment

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages