Join us at hack.lu 2025 — Info & Registration
Duration: 120 min
Type: Training
Speakers: Peter
Abstract
Working with netflow data has a big advantage, as it reduces the data size remarkably. This comes at the cost of loosing package payload information. What if we try to combine the best of both worlds and have a tool that does that approach?
The workshop explains this approach and gives the students real life hands-on examples. The workshop introduces a new type of network forensics with netflow and pcap.
Description
This workshop explains the approach to merge netflow and pcap data and presents the advantages.
The student will have the option for a hands-on experience to work with real data.
It is expected that students have basic skills with Linux and the command line.
Topics:
- Theory and usage of netflow.
- Working with pcaps.
- Using the nfdump toolset to prepare and process large pcaps.
- Enrich the netflow data with 3rd party information
- Search for network artefacts.