1,775
edits
Forensic pcap Analysis: Difference between revisions
Jump to navigation
Jump to search
no edit summary
(Created page with "== ''' Problem''' == ------- How can you use the *Allegro Network Multimeter* for forensic analysis? As an example, you would like to process a recorded Pcap file with the *A...") |
No edit summary |
||
| Line 1: | Line 1: | ||
== ''' Problem''' == | == ''' Problem''' == | ||
How can you use the *Allegro Network Multimeter* for forensic analysis? | How can you use the *Allegro Network Multimeter* for forensic analysis? | ||
As an example, you would like to process a recorded Pcap file with the | As an example, you would like to process a recorded Pcap file with the | ||
*Allegro Network Multimeter* in the lab. | *Allegro Network Multimeter* in the lab. | ||
<br> | |||
== ''' Warning''' == | == ''' Warning''' == | ||
The *Allegro Network Multimeter* will NOT forward, receive or analyze | The *Allegro Network Multimeter* will NOT forward, receive or analyze | ||
any packets while analyzing pcap files. Traffic forwarding in bridge | any packets while analyzing pcap files. Traffic forwarding in bridge | ||
| Line 16: | Line 11: | ||
and the normal operation mode is restored. | and the normal operation mode is restored. | ||
<br> | |||
== ''' Preparation''' == | == ''' Preparation''' == | ||
The preparation of the *Allegro Network Multimeter* is very simple. | The preparation of the *Allegro Network Multimeter* is very simple. | ||
We recommend to use this feature with an activated ring buffer to | We recommend to use this feature with an activated ring buffer to | ||
| Line 26: | Line 20: | ||
will guide you to format the disk and to set up the ring buffer. | will guide you to format the disk and to set up the ring buffer. | ||
<br> | |||
== ''' Pcap upload''' == | == ''' Pcap upload''' == | ||
To use the *Allegro Network Multimeter* as a forensic analysis tool, navigate | To use the *Allegro Network Multimeter* as a forensic analysis tool, navigate | ||
to "Generic" -> "Pcap analysis" and press pcap upload. | to "Generic" -> "Pcap analysis" and press pcap upload. | ||
{| class="wikitable" | |||
| | |||
[[File:Pcap-upload-1.png|600px|thumb|right]] | |||
|} | |||
Here, you can select the pcap file you want to analyze by either dragging it | Here, you can select the pcap file you want to analyze by either dragging it | ||
| Line 41: | Line 38: | ||
modal dialog will open: | modal dialog will open: | ||
{| class="wikitable" | |||
| | |||
[[File:Pcap-upload-2.png|600px|thumb|right]] | |||
|} | |||
Please carefully read the warnings and consider if you want to use the capture | Please carefully read the warnings and consider if you want to use the capture | ||
| Line 60: | Line 53: | ||
After starting confirming the dialog, the upload will start | After starting confirming the dialog, the upload will start | ||
{| class="wikitable" | |||
| | |||
[[File:Pcap-upload-3.png|600px|thumb|right]] | |||
|} | |||
The table at the bottom of the page will show you the upload progress. Even with | The table at the bottom of the page will show you the upload progress. Even with | ||
upload still in progress, you can switch to some measurement module and | upload still in progress, you can switch to some measurement module and | ||
investigate the contents of the pcap file. | investigate the contents of the pcap file. | ||