Section 25.240 Packet Captures Flashcards
Objective 4.9 Given a scenario, you must be able to use data sources to support an investigation
Packet Capture
Captures data going to or from a network device
■ Can be set up on a span port to capture all data going to and from devices on the network
Packet captures in exam are typically short snippets, not massive data dumps
Packet Capture Columns
Watch video again for packet captures examples - helpful for exam
■ Number: Packet sequence number in the capture
■ Time: Elapsed time since the capture started
■ Source/Destination IP Addresses: Show where the data is coming from and going to
■ Protocol: Typically TCP or UDP
■ Length: The size of the packet
■ Info: Provides information from the packet header, including flags, sequence, window, length, MSS, source port, and destination port
Look for patterns that indicate attack types, such as SYN floods or DDoS attacks
Consider the relationship between source and destination IP addresses to identify the
type of attack