This is a video walkthrough of Day 17 for the Advent of Cyber 2023 event. In today's task, we look at the SiLK suite, and how it can be used to identify network behaviour, patterns, and anomalies.
Launch Advent of Cyber: [ Ссылка ]
0:00 - Introduction and Story
1:25 - Accessing the Machine
2:52 - Network Traffic Data
7:00 - PCAPs vs Network Flows
9:13 - How to Collect and Process Network Data
10:54 - SiLK Suite Overview
12:02 - Listing the SiLK version
13:41 - rwfileinfo
15:07 - rwcut
20:18 - rwfilter
23:57 - rwstats
26:17 - Top IP Addresses
27:39 - Top Communication Pairs
28:49 - DNS Traffic
30:07 - Frequency Analysis
31:29 - Remaining Connection Pairs
33:46 - Analyze HTTP Traffic
35:00 - TCP Flags
36:39 - Three Way Handshake
40:05 - Question 6
40:28 - Question 7
41:00 - Question 8
42:08 - Question 9
42:37 - Question 10
