Network Forensics Flashcards
Allows for the copying of ingress and/or egress communications from one or more switch ports to another
Switched Port Analyzer (SPAN)
A piece of hardware or software that records data from frames as they pass over network media using methods such as a mirrored port or tap device
Packet Sniffer
A data-network packet analyzer computer program that runs under a command line interface and allows the user to display TCP/IP and other packets being transmitted or received over a network to which the computer is attached
tcpdump
A free and open-source GUI-based packet analyzer that is used for network troubleshooting, analysis, software and communications protocol development, and education
Wireshark
Captures the entire packet including the header and the payload for all traffic entering and leaving a network
Full Packet Capture (FPC)
A means of recording metadata and statistics about network traffic rather than recording each frame
Flow Collector
A Cisco-developed means of reporting network flow information to a
structured database
NetFlow
A hybrid tool that passive monitors a network like a sniffer and only
logs data of potential interest
Zeek (Bro)
A tool used to create graphs showing traffic flows through the network
interfaces of routers and switches by polling the appliances using the
Simple Network Management Protocol (SNMP)
Multi Router Traffic Grapher (MRTG)
An IP address or range of addresses that appears on one or more blacklists
Reputation-based risk intelligence is used to create IP/URL blacklists
Known-bad IP Addresses
A method used by malware to evade blacklists by generating domain names for
C&C networks dynamically
Domain Generation Algorithm (DGA)
A method used by malware to hide the presence of C&C networks by continually changing the host IP addresses in domain records using domain generation algorithms
Fast Flux Network
Activity that is performed to identify whether a link is already flagged on an existing reputation list, and if not, to identify what malicious script or activity might be coded within it
URL Analysis
A set of request methods to indicate the desired action to be performed for a given resource
HTTP Method
The principle method used with HTTP and is used to retrieve a resource
GET
