Network Traffic Analysis with SiLK, Analyst's Handbook for SiLK Version 3.12.0 and Later
Abstract
This handbook is an introduction to methods of analyzing network traffic, illustrated by commands from the SiLK tool suite. The focus is on learning to identify traffic features important to the security of information on the network. The handbook moves from a basic understanding of network flow and the SiLK tool suite through a series of examples that illustrate how to use SiLK to analyze network behavior. The examples in this handbook are mainly command sequences that illustrate specific analysis concepts. Examples are commonly discussed on a line-by-line basis in the text and presented as command and output listings. In general, examples are also associated with a specific task (or tasks), indicated in the section and in the example caption. Case studies take a deeper dive into specific topics for analysis. For readers already familiar with SiLK, the explanations of SiLK commands in the text of this handbook are kept short enough not to be redundant. More complete discussion of the commands and their parameters are provided in the appendices of this guide, the SiLK Reference Guide, and the man pages for the SiLK commands. Readers who are interested in analyzing network flow records with other tools than SiLK are encouraged to read the overall description of the analysis approaches, then use the description of commands to find parallels using the tool suite of their choice.
Document Details
- Document Type
- Technical Report
- Publication Date
- Aug 01, 2018
- Accession Number
- AD1090411
Entities
People
- Geoffrey Sanders
- Nancy M. Ott
- Paul Krystosek
- Timothy Shimeall
Organizations
- Carnegie Mellon University