all InfoSec news
Network Data Collector Placement Makes a Difference, (Tue, Mar 28th)
Malware Analysis, News and Indicators - Latest topics malware.news
A previous diary [1] described processing some local PCAP data with Zeek. This data was collected using tcpdump on a DShield Honeypot. When looking at the Zeek connection logs, the connection state information was unexpected. To help understand why, we will compare data from different locations on the network and process the data in a similar way. This will help narrow down where the discrepancies might be coming from, or at least where they are not coming from. Some initial …
coming data data collector down honeypot information local logs network pcap process state tcpdump understand zeek