From the course: Network Forensics
Join today to access over 22,500 courses taught by industry experts or purchase this course individually.
Splunk hands-on
- [Lecturer] Before analyzing network data with Splunk, in this case raw network traffic, let's take a moment to capture the data first. Open Wireshark, type sudo space wireshark press Enter provide the password, press Enter again click on the capture button, let it run for a while and let's save the traffic as a tcpdump pcap file. Stop capturing, go to File, choose Save as use sample as your file name, select tcpdump pcap and save. Now, we are ready to analyze the traffic in Splunk. As you can see, Splunk is a web application. We need an app called PCAP Analyzer for Splunk but you don't see it here, so let's find it by clicking on Find More Apps. Type pcap in the searchbox, press Enter, PCAP Analyzer for Splunk shows up, click on Install, type your username and password, click on Login and Install, and then we will restart Splunk. Now let's go back in by clicking on Sign in. Note that there are also many other apps available which indicates the comprehensive nature of Splunk…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.