Capturing Live Network Traffic for Analysis

idaholab / Malcolm

Malcolm is a powerful, easily deployable network traffic analysis tool suite for full packet capture artifacts (PCAP files), Zeek logs and Suricata alerts.

https://idaholab.github.io/Malcolm/

Other

326 stars 53 forks source link

Capturing Live Network Traffic for Analysis #353

Open mmguero opened 5 months ago

mmguero commented 5 months ago

For what topic would you like to see training developed? Describe the ways Malcolm can analyze live network traffic: via a sensor device (Hedgehog Linux) or by monitoring local network interfaces.

What format would be best suited for this training? A video

Is there existing Malcolm documentation that could be improved by including this topic? Live analysis

mmguero commented 4 months ago

Some notes for consideration:

time zones / time filters
sensors vs. Malcolm time in sync
differences in live vs. PCAP-uploaded traffic