P:\CRCS\2012_0178_Redesign_loga_a_JVS\PPT_prezentace\sablona\pracovni\normalni.jpg
| PA197 Labs
LAB
•
1
D:\Documents\Obrázky\services_icon_full_bw5.jpg

P:\CRCS\2012_0178_Redesign_loga_a_JVS\PPT_prezentace\sablona\pracovni\normalni.jpg
Compute the ratio of UDP packets and flows in the traffic
•nfdump -r flows.nfcapd -s proto
2
| PA197 Labs

P:\CRCS\2012_0178_Redesign_loga_a_JVS\PPT_prezentace\sablona\pracovni\normalni.jpg
Count the hosts actively communicating from MU network
•nfdump -r flows.nfcapd "src net 83.187.0.0/16 " -A srcip -q | wc –l
•7781
3
| PA197 Labs

P:\CRCS\2012_0178_Redesign_loga_a_JVS\PPT_prezentace\sablona\pracovni\normalni.jpg
Find most the web server most visited by users from MU network
•nfdump –r flows.nfcapd “src net 83.187.0.0/16 and (dst port 443 or dst port 80)” –s dstip/flows
4
| PA197 Labs

P:\CRCS\2012_0178_Redesign_loga_a_JVS\PPT_prezentace\sablona\pracovni\normalni.jpg
Find how many hosts from MU network has accessed the web on 60.182.41.219:80
•nfdump -r flows.nfcapd “src net 83.187.0.0/16 and dst ip 60.182.41.219 and dst port 80” –A srcip
–q | wc –l
•225
5
| PA197 Labs

P:\CRCS\2012_0178_Redesign_loga_a_JVS\PPT_prezentace\sablona\pracovni\normalni.jpg
Find a horizontal scan
•nfdump –r flows.nfcapd “dst port 22” –s srcip/flows
6
| PA197 Labs

P:\CRCS\2012_0178_Redesign_loga_a_JVS\PPT_prezentace\sablona\pracovni\normalni.jpg
7
| PA197 Labs

P:\CRCS\2012_0178_Redesign_loga_a_JVS\PPT_prezentace\sablona\pracovni\normalni.jpg
Find vertical scan
•nfdump –r flows.nfcapd “flags S and not flags F” –A srcip,dstip –s record/flows
8
| PA197 Labs

P:\CRCS\2012_0178_Redesign_loga_a_JVS\PPT_prezentace\sablona\pracovni\normalni.jpg
9
| PA197 Labs