Big Data Security Part Two: Introduction to PacketPig by Michael Baker.
From the post:
Packetpig is the tool behind Packetloop. In Part One of the Introduction to Packetpig I discussed the background and motivation behind the Packetpig project and problems Big Data Security Analytics can solve. In this post I want to focus on the code and teach you how to use our building blocks to start writing your own jobs.
The ‘building blocks’ are the Packetpig custom loaders that allow you to access specific information in packet captures. There are a number of them but two I will focus in this post are;
- Packetloader() allows you to access protocol information (Layer-3 and Layer-4) from packet captures.
- SnortLoader() inspects traffic using Snort Intrusion Detection software.
Just in case you get bored with holiday guests, you can spend some quality time looking around on the other side of your cable router. 😉
Or deciding how you would model such traffic using a topic map.
Both would be a lot of fun.