MD2 Interpret network communications with packets Flashcards
Packets analysis and Networks
networks are noisy. There’s an enormous volume of communications happening between devices at any given time. And because of this, packet captures can contain large amounts of network communications, making analysis challenging and time-consuming.
As a security professional, you’ll be working against the clock to protect networks and computer systems from potential attacks. You may analyze network evidence in the form of packet captures to identify indicators of compromise. Having the ability to filter network traffic using packet sniffers to gather relevant information is an essential skill to have.
Let’s say that you were tasked with analyzing a packet capture to find any indication of data exfiltration. How would you go about this?
Using a network analyzer tool, you can filter the packet capture to sort packets. This can help you quickly identify an event associated with data exfiltration, like large amounts of data leaving a database. There are many other filters you can apply to packet captures to find the information you need to support an investigation efficiently.
Examples of network analyzer tools include tcpdump and Wireshark. tcpdump is accessed through a command line while Wireshark has a graphical user interface, or GUI. Both tools are useful for security analysts, and soon you’ll have the opportunity to explore both.
Before we begin using these tools, let’s explore packet fields in detail, specifically, IP headers. Meet you there.
