MD2 Capture and view network traffic: Packets and Packet captures Flashcards
Packets
Previously in the program, you learned that when data is sent, it’s divided into packets. Just like an addressed envelope in the mail, packets contain delivery information which is used to route it to its destination.
This information includes a sender and receiver’s IP address, the type of packet that’s being sent, and more. Packets can provide lots of information about the communications happening between devices over a network.
Components of a packet
The header
There’s the header, which includes information like the type of network protocol and port being used. Imagine this as being the name and mailing address located on an envelope.
Network protocols are a set of rules that determine the transmission of data between devices on a network. Ports are non-physical locations on a computer that organize data transmission between devices on a network.
Components of a packet
Payload
Next, there’s the payload, which contains the actual data that’s being delivered. This is like the content of a letter inside of an envelope.
Components of a packet
Footer
Signifies the end of the packet.
How can you observe a Networks Packet
Just like scents are invisible but can be smelled, packets are invisible but can be captured using tools called packet sniffers.
Packet sniffers
You may remember packet sniffers from a previous section. A network protocol analyzer, or packet sniffer, is a tool designed to capture and analyze data traffic within a network. As a security analyst, you’ll use packet sniffers to inspect packets for indicators of compromise.
Through packet sniffing, we can grab a detailed snapshot of packets that travel over a network in the form of a packet capture. A packet capture, or P-cap, is a file containing data packets intercepted from an interface or network. It’s sort of like intercepting an envelope in the mail.
Packet captures are incredibly useful during incident investigation. By having access to the communications happening between devices over a network, you can observe network interactions and start to build a storyline to determine what exactly happened.
