search menu icon-carat-right cmu-wordmark

Network Traffic Analysis - SiLK

January 2016 Presentation
Paul Krystosek, Matthew Heckathorn

This presentation, given at FloCon 2016, introduces you to network flow analysis using the CERT open source SiLK tool suite.

Abstract

This course introduces you to network flow analysis using the CERT open source SiLK tool suite. Network flow analysis enables retrospective analysis of a network's traffic to help with forensic analysis, passive network profiling, and threat discovery.

Network flow analysis benefits from the very long retention of flow data due to the extremely small size of flow records, allowing examination of traffic going back much further in time than is possible with analysis of full-packet capture. Network flow analysis also helps you solve many privacy issues inherent in packet analysis.  The SiLK tool suite is uniquely suited to analyzing extremely large networks with massive amounts of traffic.