So you collect about a Gigabyte of traffic metadata each hour and want to filter out anomalies, such as a spike in TCP RST or a host, that is surprisingly chatty with foreign hosts. A simple yet relatively performant approach is to use Python and the DPKT library. This will be a quick start tutorial and some experience with using it.
None
Speakers: Adam Kalisz