Abnormal Behavior Analysis Case of Traffic Monitoring - Code World

Abnormal Behavior Analysis Case of Traffic Monitoring

News 2023-09-03 10:52:39 views: null

Analysis principle

Normal TCP-based network traffic is to establish a TCP connection first, then transmit data, and then disconnect.

However, problems such as system poisoning and configuration errors often exist in the network, resulting in one-way requests in the network, and this information will also be reflected in network traffic.

NetInside automatically discovers a large number of connection requests, but the other party does not respond, and the statistics are the number of failures.

Abnormal Behavior Discovery

The IP 172.17.254.243 sends an average of 6480 requests per hour, 3600 of which fail.

Abnormal Analysis

All abnormal behaviors will leave network traces, download the original packets of 172.17.254.243 through the system, and analyze the traffic at that time.

Through the analysis of the downloaded data packets, it was found that a large number of requests were rejected.

suggestion

Based on the abnormal hosts found by the NetInside analysis system, improve the network or device-related rules of these hosts with failed request behavior, or go deep into the host to check the process.

Guess you like

Origin blog.csdn.net/NetInside_/article/details/131662897

Abnormal Behavior Analysis Case of Traffic Monitoring

Network-wide IPv6 traffic monitoring analysis case

Case sharing | Abnormal CPU monitoring

[Branch] to abnormal network behavior analysis study notes

Linux server traffic monitoring and analysis

Wireshark analysis traffic packet case

spark-wide project combat scenes, real-time user behavior analysis, real-time traffic monitoring systems, real-time movie recommendation system

P2P traffic monitoring and analysis

Full traffic security analysis to quickly locate abnormal hosts

Hadoop detailed notes (10) traffic case of mapreduce data analysis case

A Case Study of Library Flow Monitoring Performance Analysis

python case: campaign finance fraud user behavior analysis

Practical case! Python+SQL JD user behavior analysis

Listener 4: Comprehensive case: request traffic analysis (important!!!)

Oracle Database Management-Abnormal IO traffic, IO busy% 100% analysis and processing

Traffic Analysis

Chuangyu Lieyou APT traffic monitoring system won the CSTC annual network security excellent case

Summary of video cloud storage/security monitoring/AI analysis/video AI intelligent analysis gateway behavior analysis algorithm application scenarios

tcpdump dns traffic monitoring

360 standalone traffic monitoring

Traffic monitoring, install ntopng

Traffic Monitoring Script

Android program traffic monitoring

traffic monitoring-ntopng

Linux, CPU and GPU Behavior Monitoring

What is an employee behavior monitoring system?

SSH with OSSIM visual display abnormal behavior

MATLAB video human abnormal behavior recognition

Carbon trading abnormal behavior/transaction detection research

Solve the problem of unauthorized access to port 3389 after the bastion host is deployed through network traffic monitoring and analysis

Recommended

Ranking

ElasticSearch-- data modeling best practices

Permission Maintenance - Shadow User Backdoor

Refactor the code using MVP mode

Quantitative investment-fundamental model-PVC multi-factor model

Spark Big Data Processing Lecture Notes 3.2 Mastering RDD Operators

Blazor page components (2)

Erlernen von Kenntnissen zur Android-Entwicklung – Kodierung, Verschlüsselung, Hash, Serialisierung und Zeichensätze

About Qi high in JAVA study notes SORM summary detailed personal explanation

Will you calculate the accuracy of the rope displacement sensor in the measurement?

OPENJTAG debugging learning (3): debugging using the gdb command line

Daily

More

2024-05-01(4)

2024-04-30(36)

2024-04-29(5)

2024-04-28(12)

2024-04-27(29)

2024-04-26(22)

2024-04-25(32)

2024-04-24(30)

2024-04-23(30)

2024-04-22(5)