![]() In some cases, the packet analysis may yield further conditions to pull other network flow records, completing an iterative cycle. Starting from network flow records allows the analyst to more closely focus the examination of packets, and to improve the efficiency of analysis. Specific packet-by-packet detail provides more evidence and more surety of analysis results. These features allow YAF to support a variety of analyses that move from analysis of network flow records and drill down into the packets that are generated from those flows. Both tutorials assume you are using the most recent release of YAF. A companion tutorial, Rolling Packet Capture (PCAP) Export with YAF, will discuss how to enable YAF to create a rolling buffer of PCAPs and index the PCAPs by flows. This tutorial makes use of two additional tools that are installed with YAF, yafMeta2Pcap and getFlowKeyHash. ![]() It will discuss the various approaches to indexing PCAP and isolating PCAP for a particular flow. This tutorial describes how to use YAF's features that support use of packet capture (PCAP) files. Indexing the PCAP file using the Capture Meta File.Indexing Packet Capture Files (PCAP) with YAF
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |