You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
One of the challenges we have on the Poseidon team is gathering more data to train our ML models. A key part of that gathering is identifying (and labelling!) packet captures (pcaps) of specific device types. (e.g. X appears to be a TiVo, Y appears to be a Camera device, Z to be a Windows AD controller, etc.) One can of course achieve this using a combination of tools and approaches (including the use of p0f and Wireshark!), but there have been times when we have been sifting through pcaps that it hasn't been immediately obvious what a give node is.
We have found it useful to represent a node's communications as visual graph to help with identification. To-date we have done this manually using a a few steps:
Converting the PCAP to a basic graph using the "brassfork" tool (which outputs a nodes.csv and edges.csv)
Importing the two csv files from brassfork into Gephi
Saving the Graph
Being happy that it is now easier to figure out what you are looking at
What we would really like to do is take the above process, automate it, and replace Gephi with some generated graph visualization mechanism like Graphistry.
The text was updated successfully, but these errors were encountered:
One of the challenges we have on the Poseidon team is gathering more data to train our ML models. A key part of that gathering is identifying (and labelling!) packet captures (pcaps) of specific device types. (e.g. X appears to be a TiVo, Y appears to be a Camera device, Z to be a Windows AD controller, etc.) One can of course achieve this using a combination of tools and approaches (including the use of p0f and Wireshark!), but there have been times when we have been sifting through pcaps that it hasn't been immediately obvious what a give node is.
We have found it useful to represent a node's communications as visual graph to help with identification. To-date we have done this manually using a a few steps:
What we would really like to do is take the above process, automate it, and replace Gephi with some generated graph visualization mechanism like Graphistry.
The text was updated successfully, but these errors were encountered: