An Overview of PcapDB: Full Network Packet Capture Solution

Friday, January 12, 2018
10:00 am to 11:00

Capture your network packets so that your network doesn’t capture you!

PcapDB is a highly scalable, network flow and packet capture system. The software suite is designed to store, index, and search full network packet captures (pcap files), as well as manage system users, disk space and more. Pcap files are ideal for network forensics; they enable reconstruction of data and files, such as uploaded malware, exfiltrated files, and network communications including malware command and control (C2) channels.

Due to the inherently large data sizes, efficiency is key. PcapDB has been built targeting optimizations for: 1) capture, 2) processing, 3) indexing and querying, 4) storage and retrieval, and 5) multi-site communication.

One of the unique capabilities of PcapDB is its ability to support geographically distributed capture locations. Multi-site institutions can capture network traffic locally at each site with a PcapDB Capture Node. The Capture Nodes are managed and searchable through a single PcapDB Search Head.

The PcapDB team is happy to announce that PcapDB went live in 2017 and has been released as open source software. The code and documentation are available online at https://github.com/dirtbags/pcapdb.

Interested in using or developing PcapDB? Great! We’re building a community of users and developers via github and the PcapDB@lanl.gov mailing list.

Speaker Bios

Shannon Steinfadt, Los Alamos National Laboratory

A patented computer scientist and recent member of the CSIRT operations team, Dr. Steinfadt currently works with the Advanced Research in Cyber Systems group. In addition to applying bioinformatics techniques for malware classification, Shannon is a co-developer for PcapDB, the network packet capture tool developed at Los Alamos National Laboratory.

Paul Ferrell, Los Alamos National Laboratory

Paul Ferrell’s primary role is to develop and support software for the network security teams. This often includes researching and developing new techniques and approaches to the novel problems faced by a national laboratory in cyber security. Primary developer and thought leader for the PcapDB open source software.