hunter

This blog post shows how you can be “The Hunter” with tcpdump, Linux utilities, BPFs, and Python to rip through pcap.  I share some of my experience digging through loads of pcap to find evil.

Presentation:

Slideshare: