This two-part workshop is literally defined by the title: using your brain and Tranalyzer you will do a hands on job of an analyst trying to find anomalies in real IP traffic. You might get stuck in a foxhole and have to learn how to dig yourself out. Nothing is like it initially seems, or maybe it is.
The workshop is adressed at anyone who is willing to learn a bit more detail about IP traffic and the way of flow based TM. A linux laptop and working knowledge of command line bash is required, rudimentary knowledge of AWK and gnuplot is nice to have.
- Short introduction to the most important IP protocols and header features
- Exercise: Tell me everything about THIS packet
- Introduction to Tranalyzer
- Philosophy, configuration and compilation ops
- Most important plugins including config constants
- Flows and global reports
- How to write your own plugin in C
- Hands-on exercises in groups or alone on several PCAPS
Attendees will receive related data via memory stick.