13. Network Monitoring and Attack Detection
This chapter uses the knowledge you’ve gained throughout the book and in the preceding couple of chapters specifically to show how you might use some of the tools for everyday monitoring and also for investigation.
The chapter begins with an overview of network monitoring, or sniffing. The information in the beginning of this chapter builds on what you’ve already seen in the first two chapters of the book. This chapter then continues with a look at TCPDump, a key tool in the network security analyst’s toolkit. Finally, the chapter also looks at two helpful security software packages: Snort and ARPWatch.
Listening to the Ether
Armed with the basic knowledge of some of the core protocols from the first ...