Packet Analysis

Tom Peterson Seminar on Analyzing Honeypot Traffic at SharkFest Virtual 2020

2 min read

SharkFest is an annual event where experts from around the world converge to teach and collaborate on cybersecurity, networking, and all of the ways that packet captures can be used to improve analysis of complex problems.

This year’s SharkFest event has gone virtual, and our own Tom Peterson is a featured instructor. You may have caught his talk last year on How TCP reassembly can be used to hide attacks. This time he’s giving a seminar titled, “Analyzing Honeypot Traffic”. From the abstract:

Securing a network starts with configuring a minimal set of services and only accepting the traffic required for those services. A honeypot is configured to attract the opposite and can be used to detect and analyze potential threats.

In this session we will discuss the different types of honeypots and what each type is designed for. Next we’ll look at how to deploy a TCP honeypot to accept all of the traffic sent to a server on the internet and how to analyze a capture file of this. We’ll examine how to use Wireshark for this as well as tools including Suricata and Zeek. What do you think will happen when we listen to all of the traffic being sent?

This seminar includes lessons we learned running honeypots of our own and analyzing network captures of the activity. It’s interesting and exciting stuff, and shows how packet captures combined with CloudShark tools like Threat Assessment Zeek logs can reveal all kinds of helpful details.

Tom will be featured alongside other experts including Sake Blok, Betty DuBois, Chris Greer, and Jasper Bongertz, who are also presenting and giving pre-conference classes on a number of topics. You can see the full agenda here.

SharkFest fills up quickly, but if you can’t get into the virtual event, don’t worry! Tom’s seminar and the majority of the events at SharkFest will be featured in the SharkFest Retrospective after the event.

News, packet analysis, and other goodies delivered to your inbox: