This article explains Suricata's packet‑decoding pipeline, detailing how Ethernet frames, IP datagrams, TCP segments and UDP datagrams are parsed from raw traffic, and shows the relevant source‑code structures used in the open‑source IDS.
The article delivers a technical overview of modern botnet threats, detailing the PBot and Xanthe families, their infection vectors, command‑and‑control operations, and provides practical detection, mitigation, and statistical analysis methods for defending against large‑scale DDoS, spam, and other malicious activities.
This guide walks through installing Suricata on a Linux system, covering prerequisite libraries, source compilation, configuration paths, execution command, and an analysis of its packet‑processing modes—including single, work, and autofp—while illustrating thread workflow and recommending optimal setups for multi‑NIC environments.
The paper systematically analyzes the Sliver C2 framework’s HTTP and HTTPS traffic, detailing URL, cookie, and parameter patterns as well as JA3/JA3S TLS fingerprints, and presents validated Snort and Suricata rules that reliably detect Sliver beacons while highlighting evasion challenges and broader applicability to emerging malware tools.
