• Home
  • Blog
  • Help Needed w/ Anomaly Detection using SiLK

Help Needed w/ Anomaly Detection using SiLK


Need help with this assignment

if you could help me by showing me or helping with a step-by step of the commands needed for this


Explore the TM dataset using SiLK and answer the following questions about the data set. Include both the command you used and a screenshot of the output. Be sure to answer the question in your own words after interpreting the output of the command. Do not just include the screenshot as your answer. The address space of is our internal network, all other addresses should be considered external.

  1. First we will need to convert the pcap file into a SiLK format file. Use the command rwp2yaf2silk to convert the file. Give the input pcap in the --in parameter and the output file in the --out parameter.
  2. Identify any web servers on our network.
  3. What other common server ports are also available on these machine(s) identified in the previous question.
  4. What services are normally associated with these port(s) identified in the previous question.
  5. What hosts are likely client machines in our network based on their general behavior. You may want to evaluate machines that have user behavior as an indicator (Think about the types of things people do on their computers on a regular basis, like web browsing and checking email). If a machine has only responded to requests from outside our network (and has not initiated its own sessions) then this is likely not a user machine.
  6. You should now have identified a single machine from the previous question. Target this client machine you found (in the previous question) and identify what hosts outside our network it has talked with. (To say that two hosts have talked implies that data has either been sent or received by one or both of the hosts.)
  7. Identify any machines that are initiating connections to our client machine. (Remember that you need to identify who is starting the session, possibly using some sort of flag.)
  8. Do you suspect the traffic identified in the previous question is malicious or a misconfiguration. Explain why you do or do not think so in paragraph form. Use supporting evidence and information from the capture to backup your reasoning. You may need to lookup information about a port/protocol/service to understand what it is or how it is normally used. You would then compare it to the behaviour you are seeing.

For the next part i would need a list of commands or procedures to help me with this our data with afterglow.

  1. Extract afterglow into your working directory.
  2. Use the example commands in the book to create a data file containing the source and destination IP address pairs. Create a data file that shows incoming connections and one that shows outgoing connections.
  3. Create a network map for each of the data files and include your images with your submission.
  4. Bonus (+5): Adjust the afterglow configuration to show our local nodes in green and remote nodes in red.


About the Author

Follow me

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}