Proxy logs

There can be various proxy servers in a network. One that stands out and is used widely is the Squid proxy server. According to the Squid website, it is a caching proxy that greatly reduces bandwidth and response timings in a network set up for services such as HTTP, HTTPS, and FTP. We will again use Sawmill to investigate proxy logs:

  1. We can see that we have a variety of data, demonstrating the User SummaryTraffic, Page views, number of Sessions, and a variety of other useful data, such as Top level domain:
  1. We can also view ...

Get Hands-On Network Forensics now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.