can someone please tell me how can we download malware pcap in ubuntu VM in microsoft azure?

I tried to download malware pcap on ubuntu VM in microsoft azure from the putty but it is not allowing me to do so .It gives following output: Permission denied Cannot write to ‘’

can someone please tell me how can we download malware pcap in ubuntu VM in microsoft azure?

Is there any chance of local PC getting infected when you analyse PCAP malware file in cloud server through putty?

Is there any chance of local PC getting infected when you analyse PCAP malware file in cloud server through putty?I want to run pcap malware to test snort in my cloud server.I want to know on doing so if it will affect my local machine.

Publicly Available PCAP dumps that associate IP addresses with Operating System?

I am currently working on a machine learning module to detect Operating Systems based on existing packet traffic in pcap file format. So far, I have generated some traffic of popular Operating Systems available. However, this process is very tedious.

I would like to know if there is any publicly available pcap files that associates data generated from a particular Operating System (e.g. pcap file that have a lot of traffic from Windows XP). I am aware that there are other similar questions asked regarding publicly available pcap files, however none of them seem to be focused on Operating Systems.

Thank you.

How to import json (pcap) data from TShark to Elasticsearch and Kibana [closed]

I am currently trying to setup my own little SIEM, but cannot seem to transfer the files how I want them.

I am capturing the data with tshark:

tshark -i eth0 -T ek > cap.pcap.json 

This outputs a json file that is suited for ElasticSearch.

I have (at least I think so) managed to upload the data to my ElasticSearch by using curl.

curl -H "Content-Type: application/json" -XPOST "localhost:9200/_bulk?pretty" --data-binary @cap.pcap.json 

This seems to work, I get an output (json) at the console that shows me where the data is located in Elastic-Search (_index,_type,_version, _shards, …).

But here, I am stuck. I’d like to import the data to Kibana (full ELK-Stack is installed), but cannot seem to find the right setting anywhere…

At the Dashboard (kibana), it is possible to “Add Data to Kibana” for a SIEM, but I don’t find a JSON option, “merely” zeek and auditbeat (…). Can anyone help me or point me to a site where it is explained. I searched, but found just things like: And once you have it in Elastic-Search, it is in Kibana…


Public Availability of a good Dataset in PCAP (TCPDUMP) format for IDS/IPS testing

I am trying to pass good reputable malicious traffic from an IPS. There are several sources on internet to explore datasets like the oldest I think DARPA set (not available in pcap format and not that efficient for modern day use ) or NSL-KDD dataset etc. Here is a good link I found about options that I can look into. However none of them has dataset available in pcap format. Is there any reputable dataset available in PCAP or TCPDUMP or convertable to PCAP?

Thank you.

PCAP persmission problems

I want to run a c++ program that use pcap as no root.

Because it isn’t possible to run it as sudo.

I found this possible solution.

I executed the commands:

sudo chgrp pcap /usr/sbin/tcpdump sudo chmod 750 /usr/sbin/tcpdump 

This is my result:

-rwxr-x--- 1 root pcap 1138288  �  13  2017 /usr/sbin/tcpdump* 

This command: getcap /usr/sbin/tcpdump

gives this as result:

/usr/sbin/tcpdump = cap_net_admin,cap_net_raw+ep

But I still get the error:

Could not open enp4s0 - enp4s0: You don't have permission to capture on that device (socket: Operation not permitted) 

How to analyze .pcap file to write a generic snort rule to detect c&c activity

I am diving into snort and trying to figure out what everything does but I’m having a little trouble. I have a .pcap file I want to analyse and I know there is malicious c&c traffic on it. (Practice exercise for an online course)

The goal of the exercise is to write a snort rule(s) that is not restricted by IP address or port number (source or destination) to detect the c&c traffic.

What should I be looking for in the .pcap file to base my rules off of? (if possible please provide plenty of details in this area) Are there any specific options I should almost always include in my snort rule and why? I also want to try to mitigate false positives as well because the file is rather large and there are only a handful of malicious connections in it.