Netcap consists of several commandline tools:
- net capture (capture audit records live or from dumpfiles)
- net dump (dump with audit records in various formats)
- net label (tool for creating labeled CSV datasets from netcap data)
- net collect (collection server for distributed collection)
- net agent (sensor agent for distributed collection)
- net proxy (http reverse proxy for capturing traffic from web services)
- net util (utility tool for validating audit records and converting timestamps)
- net export (exporter for prometheus metrics)
Watch a quick demo of the deep neural network for classification of malicious behavior, on a small PCAP dump file with traffic from the LOKI Bot. First, the PCAP file is parsed with netcap, in order to get audit records that will be labeled afterwards with the netlabel tool. The labeled CSV data for the TCP audit record type is then used for training (75%) and evaluation (25%) of the classification accuracy provided by the deep neural network.
Read more about them in the Documentation.