October 2018
Beginner to intermediate
496 pages
16h 24m
English
This chapter provides an introduction to data plane analysis using a data set of over 8 million packets loaded from a standard pcap file format. A publicly available data set is used to build the use case in this chapter. Much of the analysis here focuses on ports and addresses, which is very similar to the type of analysis you do with NetFlow data. It is straightforward to create a similar data set from native NetFlow data. The data inside the packet payloads is not examined in this chapter. A few common scenarios are covered:
Discovering what you have on the network and learning what it is doing
Combining your SME knowledge about network traffic with some machine learning and data ...