13. Network Monitoring and Attack Detection

This chapter uses the knowledge you’ve gained throughout the book and in the preceding couple of chapters specifically to show how you might use some of the tools for everyday monitoring and also for investigation.

The chapter begins with an overview of network monitoring, or sniffing. The information in the beginning of this chapter builds on what you’ve already seen in the first two chapters of the book. This chapter then continues with a look at TCPDump, a key tool in the network security analyst’s toolkit. Finally, the chapter also looks at two helpful security software packages: Snort and ARPWatch.

Listening to the Ether

Armed with the basic knowledge of some of the core protocols from the first ...

Get Linux® Firewalls: Enhancing Security with nftables and Beyond, Fourth Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.