How to create a model of malicious traffic on a LAN?

S

Saijon Turaev2019-01-15 00:00:58

Python

Saijon Turaev, 2019-01-15 00:00:58

How can you filter malicious and normal traffic in a real-time network to see how they look. How is it possible to give this malicious traffic on vertical machines. Is it possible to do in the Python programming system if yes then how? Are there ready programs?

Reply

Answer the question

In order to leave comments, you need to log in

4 answer(s)

J

Johnny Smith, 2019-01-15
@Olek1

Ports to pick up

F

fara_ib, 2019-01-15
@fara_ib

You make a virtual machine with snort / meerkat, start services on it, open a couple of dozen popular ports, and try to scan ports, pentest utilities on the victim, collect all the traffic along the way and then look at the snort logs and analyze the traffic. Or put a victim on the Internet, there will be a lot of different traffic ...

C

cssman, 2019-01-15
@cssman

Mill, how much is in this word?
If you just analyze - at least turn on tcpdump and see the traffic with your eyes (wireshark, of course, will be more comfortable with filters and gui). If you need some triggers, then write scripts, or use a ready-made siem and ids / ips. Not necessarily for the money, here they advised a free meerkat and a shareware snort, how you can cheat splunk.
To generate malicious traffic - port scanning is not enough, use metasploit, kali. On the Internet, it’s quite such a decision to put the car at the mercy of. It won't be very representative.

S

Sergey Sashkin, 2019-01-15
@LexPex

you take nmap and scan aggressively (for all ports) subnet, here's the traffic for you