Abstract

Analyzing real-world packet captures is both a science and an art. A high traffic network segment can present the analyzer with thousands of packets containing hundreds of connections, sessions, and protocols. Ethereal's built-in features such as Transmission Control Protocol (TCP) session reconstruction, display filters, and packet colorization help simplify the process of analyzing data. Constantly analyzing network data helps one quickly assess what is normal and what is unusual behavior. If one does not have the ability to analyze one's own network traffic data, that individual should participate in the Honeynet Project Scan of the Month challenges. These challenges cover network traffic analysis, as well as malicious code, exploits, and methodology. This chapter presents several different types of packet captures and the processes used to analyze the data. It helps develop an understanding of the types of activity to look for in a packet capture and how to identify various types of network traffic. Combining this skill with the network troubleshooting methodology helps one to detect, analyze, and respond quickly to the next major worm outbreak.

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.