TryHackme’s Advent of Cyber 2023 — Day 17 Writeup

Traffic analysis I Tawt I Taw A C2 Tat!

Learning Objectives

- Gain knowledge of the network traffic data format

- Understand the differences between full packet captures and network flows

- Learn how to process network flow data

- Discover the SiLK tool suite

- Gain hands-on experience in network flow analysis with SiLK

Network Traffic Data

Network traffic varies in data types and formats. The Packet Capture (PCAP) format, or full packet captures, offers a detailed, unfiltered view of network traffic — an essential tool for network-level operations.

However, the intensive nature of PCAP requires substantial storage, processing, and analysis capabilities. While useful for detailed analysis, PCAPs prove impractical for quick analysis due to encapsulated payload, especially when dealing with large data sets.

The richness of data in PCAP comes from its payload. Speeding up the process involves analyzing data without enclosing payload information. This allows for faster processing with fewer resources, allocating more time for analysis and decision-making.