FloCon 2021

With a myriad of ways to collect flow data, it’s nice to have a network to test and compare different tool sets. A home lab can be perfect for this.

When you think of all the devices on a home network these days, there are usually plenty of traffic and logs bouncing around. This provides a rich data set to explore. With IoT devices, phones, game consoles, media streaming, and tablets as well as laptops and computers, it’s easy to have 50 or more devices talking to each other and/or the Internet in a modern household.

With a focus on network defense, this talk will review some of the ways that have been used to collect, collate, and analyze wire data and other data on the speaker’s home network. Using a variety of collectors, like nfdump, Suricata, tcpdump, bro and Splunk Stream App (mostly running on Raspberry Pis), the speaker has nearly a decade of practice collecting and testing various collectors in his lab. It’s amazing what you can find when you look!

The talk will also discuss how the speaker has implemented Splunk in his home environment as well as free licensing options. This portion of the talk will include other uses of free Splunk in a home lab and on a home network. Additionally, the talk will include anecdotal observations about this network, including visualizations showing the coming and goings of visitors and residents, tracking user web activity, etc.

Attendees Will Learn: 
This presentation will provide an overview and comparison of flow data collectors and review some of the analytics used to monitor and respond to threats. It will also review discuss free Splunk license options. This home network has over 60 devices (primarily IoT and VMware).