It was a rainy weekend in southern Maine and I really didn’t feel like doing chores, so I was skimming through RSS feeds and noticed a link to a PacketMaze challenge in the latest This Week In 4n6.
Since it’s also been a while since I’ve done any serious content delivery (on the personal side, anyway), I thought it’d be fun to solve the challenge with some tools I like — namely Zeek, tshark, and R (links to those in the e-book I’m linking to below), craft some real expository around each solution, and bundle it all up into an e-book and lighter-weight GitHub repo.
There are 11 “quests” in the challenge, requiring sifting through a packet capture (PCAP) and looking for various odds and ends (some are very windy maze passages). The challenge ranges from extracting images and image metadata from FTP sessions to pulling out precise elements in TLS sessions, to dealing with IPv6.
This is far from an expert challenge, and anyone can likely work through it with a little bit of elbow grease.
As it says on the tin, not all data is ‘big’ nor do all data-driven cybersecurity projects require advanced modeling capabilities. Sometimes you just need to dissect some network packet capture (PCAP) data and don’t want to click through a GUI to get the job done. This short book works through the questions in CyberDefenders Lab #68 to show how you can get the Zeek open source network security tool, tshark
command-line PCAP analysis Swiss army knife, and R (via RStudio) working together.
FIN
If you find the resource helpful or have other feedback, drop a note on Twitter (@hrbrmstr), in a comment here, or as a GitHub issue.
7 Trackbacks/Pingbacks
[…] *** This is a Security Bloggers Network syndicated blog from rud.is authored by hrbrmstr. Read the original post at: https://rud.is/b/2021/07/20/packet-maze-solving-a-cyberdefenders-pcap-puzzle-with-r-zeek-and-tshark/ […]
[…] by data_admin [This article was first published on R – rud.is, and kindly contributed to R-bloggers]. (You can report issue about the content on this page […]
[…] *** It is a Safety Bloggers Community syndicated weblog from rud.is authored by hrbrmstr. Learn the unique publish at: https://rud.is/b/2021/07/20/packet-maze-solving-a-cyberdefenders-pcap-puzzle-with-r-zeek-and-tshark/ […]
[…] article was first published on R – rud.is, and kindly contributed to R-bloggers]. (You can report issue about the content on this page here) […]
[…] on the heels of the previous CyberDefenders Challenge Solution comes this noisy installment which solves their Acoustic […]
[…] on the heels of the previous CyberDefenders Challenge Solution comes this noisy installment which solves their Acoustic […]
[…] Packet Maze: Solving a CyberDefenders PCAP Puzzle with R, Zeek, and tshark […]